# OpenClaw Docker 环境变量配置示例 # 复制此文件为 .env 并修改相应的值 # ============================================================================== # Agent Reach 配置 # ============================================================================== # 是否启用 Agent Reach AGENT_REACH_ENABLED=true # 是否使用中国大陆镜像源(GitHub 代理和 pip 镜像) AGENT_REACH_USE_CN_MIRROR=true # 代理设置(中国大陆服务器可能需要) # AGENT_REACH_PROXY=http://user:pass@ip:port # Twitter/X Cookies (Header String 格式) # AGENT_REACH_TWITTER_COOKIES= # Groq API Key (gsk_...) # AGENT_REACH_GROQ_KEY= # 小红书 Cookies (JSON 或 Header String 格式) # AGENT_REACH_XHS_COOKIES= # Docker 绑定 IP(可选,默认为 0.0.0.0) # 如果你只想让本地访问,可以设置为 127.0.0.1 DOCKER_BIND=0.0.0.0 # Docker 镜像配置 OPENCLAW_IMAGE=justlikemaki/openclaw-docker-cn-im:latest # 配置同步开关 # 是否自动同步环境变量到 openclaw.json (true/false) # 如果你手动维护 openclaw.json,建议先设为 false SYNC_OPENCLAW_CONFIG=true # 是否自动同步模型配置到 openclaw.json (true/false) # 仅在 SYNC_OPENCLAW_CONFIG=true 时生效;如果你手动修改了 openclaw.json 中的模型设置,请将其设为 false SYNC_MODEL_CONFIG=true # 是否在容器启动时同步镜像内置插件到 extensions 卷 (true/false) SYNC_EXTENSIONS_ON_START=true # 插件同步模式: # - seed-version: 仅当镜像内 seed 版本变化时覆盖更新(推荐) # - missing: 仅补充卷中缺失的插件 # - overwrite: 每次启动都用镜像内置插件覆盖卷 SYNC_EXTENSIONS_MODE=seed-version # 提供商 1 (默认) # 主模型 ID (支持多个,用逗号隔开,第一个将作为默认模型) MODEL_ID=model id # 显式指定 agents.defaults.model.primary(可选) # 留空时默认使用 default/${MODEL_ID 的第一个值} # 如需切换到其它 provider 的模型,可填写完整 provider/model,例如 aliyun/qwen3.5-plus # 内置 provider 如 openai-codex 也可直接写 openai-codex/gpt-5-codex,不会补 default/ 前缀 PRIMARY_MODEL= # 图片模型 ID(可选,留空则使用 MODEL_ID,支持 provider/model 格式) # 如需切换到其它 provider 的图片模型,可直接填写完整 provider/model,例如 aliyun/qwen-vl-max # 内置 provider 如 openai-codex 也可直接填写完整引用 IMAGE_MODEL_ID= BASE_URL=http://xxxxx/v1 API_KEY=123456 # API 协议类型: openai-completions, openai-responses, google-generative-ai 或 anthropic-messages API_PROTOCOL=openai-completions # 模型上下文窗口大小 CONTEXT_WINDOW=200000 # 模型最大输出 tokens MAX_TOKENS=8192 # 提供商 2 (可选) # MODEL2_NAME=model2 # MODEL2_MODEL_ID=model id1,model id2 # MODEL2_BASE_URL=http://xxxxx/v1 # MODEL2_API_KEY=123456 # MODEL2_PROTOCOL=openai-completions # MODEL2_CONTEXT_WINDOW=200000 # MODEL2_MAX_TOKENS=8192 # 渠道通用配置 (Channel Common Config) # 默认私聊策略: open/closed/friend-only DM_POLICY=open # 默认群组策略: open/closed GROUP_POLICY=open # 默认允许来源 (多个用逗号隔开,* 代表全部) ALLOW_FROM=* # Telegram 配置(可选,留空则不启用) TELEGRAM_BOT_TOKEN= TELEGRAM_DM_POLICY= TELEGRAM_ALLOW_FROM= TELEGRAM_GROUP_POLICY= # 飞书配置(可选,留空则不启用) # 方式1:单账号快捷配置,会自动同步为 channels.feishu.accounts.${FEISHU_DEFAULT_ACCOUNT} FEISHU_APP_ID= FEISHU_APP_SECRET= FEISHU_DEFAULT_ACCOUNT=default FEISHU_NAME=OpenClaw Bot # 方式2:多账号 JSON(推荐,单行) # 示例:{"default":{"appId":"cli_xxx","appSecret":"xxx","name":"OpenClaw Bot"},"work":{"appId":"cli_work_yyy","appSecret":"work_secret_yyy","name":"工作机器人"},"support":{"appId":"cli_support_zzz","appSecret":"support_secret_zzz","name":"客服机器人"}} FEISHU_ACCOUNTS_JSON= # 飞书群组规则 JSON(可选,单行) # 示例:{"*":{"requireMention":true},"oc_83e1c0d069b94efc09ad22e05bc06365":{"requireMention":false,"groupPolicy":"open"},"oc_dev_123456789":{"requireMention":false,"groupPolicy":"allowlist","allowFrom":["ou_dev_001","ou_dev_002"]}} FEISHU_GROUPS_JSON= FEISHU_DM_POLICY= FEISHU_ALLOW_FROM= FEISHU_GROUP_POLICY= FEISHU_GROUP_ALLOW_FROM= # 是否启用飞书官方插件 (true/false) FEISHU_OFFICIAL_PLUGIN_ENABLED=false # 飞书特定配置 (可选) FEISHU_STREAMING=true FEISHU_REQUIRE_MENTION=true # 钉钉配置(可选,留空则不启用) # 方式1:单机器人快捷配置,会自动同步为 channels.dingtalk.accounts.default DINGTALK_CLIENT_ID= DINGTALK_CLIENT_SECRET= DINGTALK_DM_POLICY= DINGTALK_GROUP_POLICY= DINGTALK_ALLOW_FROM= DINGTALK_MESSAGE_TYPE=markdown DINGTALK_CARD_STREAMING_MODE=answer DINGTALK_ACK_REACTION=emoji DINGTALK_CARD_STREAM_INTERVAL=1000 DINGTALK_MAX_RECONNECT_CYCLES= DINGTALK_DEBUG=false DINGTALK_JOURNAL_TTL_DAYS= # 方式2:多机器人 JSON(推荐,单行) # 示例:{"bot_1":{"clientId":"your-client-id-1","clientSecret":"your-client-secret-1","dmPolicy":"open","groupPolicy":"open","messageType":"card","cardStreamingMode":"all","maxReconnectCycles":10,"allowFrom":["*"]},"bot_2":{"clientId":"your-client-id-2","clientSecret":"your-client-secret-2","dmPolicy":"open","groupPolicy":"open","messageType":"markdown","allowFrom":["*"]}} DINGTALK_ACCOUNTS_JSON= # QQ 机器人配置(可选,留空则不启用) # 方式1:单 Bot(兼容旧格式),会自动同步为 channels.qqbot.accounts.default QQBOT_APP_ID= QQBOT_CLIENT_SECRET= QQBOT_DM_POLICY= QQBOT_ALLOW_FROM= QQBOT_GROUP_POLICY= # 方式2:多 Bot JSON,支持 default/bot2/bot3... 独立配置(会与现有配置深度合并) # 注意:.env 中 JSON 需要写成单行 # 示例:{"default":{"enabled":true,"appId":"111111111","clientSecret":"secret-of-bot-1"},"bot2":{"enabled":true,"appId":"222222222","clientSecret":"secret-of-bot-2"},"bot3":{"enabled":true,"appId":"333333333","clientSecret":"secret-of-bot-3"}} QQBOT_BOTS_JSON= # 企业微信配置(可选,留空则不启用) # 当前推荐格式:多账号结构,顶层共享字段会合并到各账号 WECOM_DEFAULT_ACCOUNT=open WECOM_COMMANDS_ENABLED=true WECOM_COMMANDS_ALLOWLIST=/new,/compact,/help,/status WECOM_BOT_ID= WECOM_SECRET= # 单账号快捷配置:会写入 channels.wecom.${WECOM_DEFAULT_ACCOUNT} WECOM_ADMIN_USERS=admin-userid WECOM_DYNAMIC_AGENTS_ENABLED=true WECOM_DYNAMIC_AGENTS_ADMIN_BYPASS=false WECOM_WELCOME_MESSAGE= WECOM_SEND_THINKING_MESSAGE=false WECOM_DM_POLICY= WECOM_ALLOW_FROM= WECOM_GROUP_POLICY= WECOM_GROUP_ALLOW_FROM= WECOM_WORKSPACE_TEMPLATE= WECOM_AGENT_CORP_ID= WECOM_AGENT_CORP_SECRET= WECOM_AGENT_ID= WECOM_WEBHOOKS_JSON= WECOM_DM_CREATE_AGENT_ON_FIRST_MESSAGE=true WECOM_GROUP_CHAT_ENABLED=true WECOM_GROUP_CHAT_REQUIRE_MENTION=true WECOM_GROUP_CHAT_MENTION_PATTERNS=@ WECOM_NETWORK_EGRESS_PROXY_URL= WECOM_NETWORK_API_BASE_URL= # 多账号 JSON(推荐) # 示例:{"open":{"botId":"aib-open-xxx","secret":"secret-open-xxx","dmPolicy":"open"},"support":{"botId":"aib-support-xxx","secret":"secret-support-xxx","dmPolicy":"pairing","agent":{"corpId":"wwxxxxxxxxxxxxxxxx","corpSecret":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","agentId":1000002},"webhooks":{"ops":"https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx"}}} WECOM_ACCOUNTS_JSON= # NapCat (OneBot v11) 配置(可选,留空则不启用) # NapCat 反向 WS 监听端口(NapCat 主动连接到此端口) NAPCAT_REVERSE_WS_PORT= NAPCAT_DM_POLICY= NAPCAT_ALLOW_FROM= NAPCAT_GROUP_POLICY= # NapCat HTTP API 地址(可选,用于主动发送消息) NAPCAT_HTTP_URL= # 连接鉴权 Token(与 NapCat 侧保持一致) NAPCAT_ACCESS_TOKEN= # 管理员用户 ID,多个用逗号分隔 NAPCAT_ADMINS= # 工作空间根目录配置(实际工作空间会自动拼接为 ${OPENCLAW_WORKSPACE_ROOT}/workspace; # 如果与 /home/node/.openclaw 不一致,启动时会创建指向 /home/node/.openclaw 的软链接) OPENCLAW_WORKSPACE_ROOT=/home/node/.openclaw # 挂载目录配置(按实际更改) # OpenClaw 数据目录(包含配置文件、工作空间等所有数据) OPENCLAW_DATA_DIR=~/.openclaw # 可选:容器启动用户 UID:GID # 默认 0:0(root)用于 init.sh 自动修复挂载目录权限,再降权为 node 启动服务 # 如需与宿主机用户对齐,可设置为 1000:1000 或 Linux 上的 $(id -u):$(id -g) OPENCLAW_RUN_USER=0:0 # Gateway 配置 ## 网关 token,用于认证(按实际更改) OPENCLAW_GATEWAY_TOKEN=123456 OPENCLAW_GATEWAY_BIND=lan OPENCLAW_GATEWAY_PORT=18789 OPENCLAW_GATEWAY_MODE=local # 允许的 Origin 域,多个用逗号隔开 OPENCLAW_GATEWAY_ALLOWED_ORIGINS=http://localhost:$OPENCLAW_GATEWAY_PORT # 允许不安全认证(如 http),可选 true/false OPENCLAW_GATEWAY_ALLOW_INSECURE_AUTH=true # 危险:禁用设备认证(如在 Docker 环境中无法获取设备信息),可选 true/false OPENCLAW_GATEWAY_DANGEROUSLY_DISABLE_DEVICE_AUTH=false # 网关认证模式,可选 token OPENCLAW_GATEWAY_AUTH_MODE=token # 插件全局控制 OPENCLAW_PLUGINS_ENABLED=true # 工具配置 (Tools Config) # ------------------------------------------------------------------------------ # 沙箱模式: off (关闭), non-main (除主 Agent 外), all (全部) OPENCLAW_SANDBOX_MODE=off # 沙箱范围: session (会话级别), agent (Agent 级别), shared (全局共享) OPENCLAW_SANDBOX_SCOPE=agent # 沙箱工作区访问权限: none (默认), ro (只读), rw (读写) OPENCLAW_SANDBOX_WORKSPACE_ACCESS=none # 沙箱使用的 Docker 镜像 OPENCLAW_SANDBOX_DOCKER_IMAGE=openclaw-sandbox:bookworm-slim # 是否让沙箱加入主容器网络(解决沙箱内无法访问外网或主服务的问题,设为 true 会自动配置并授权) OPENCLAW_SANDBOX_JOIN_NETWORK=false # 完整沙箱配置 JSON(可选,会合并覆盖上述单项配置) # 示例:{"mode":"all","docker":{"image":"openclaw-sandbox:bookworm-slim"}} # 提示:若沙箱内需共享宿主机网络(如使用 docker.network: "container:"),需开启 dangerouslyAllowContainerNamespaceJoin # OPENCLAW_SANDBOX_JSON={"docker":{"dangerouslyAllowContainerNamespaceJoin":true}} OPENCLAW_SANDBOX_JSON= # 完整工具配置 JSON(可选) # 示例 1:基础配置 # OPENCLAW_TOOLS_JSON={"profile":"full","sessions":{"visibility":"all"},"fs":{"workspaceOnly":true}} # 示例 2:配置 Codex 原生搜索 # OPENCLAW_TOOLS_JSON={"web":{"search":{"enabled":true,"openaiCodex":{"enabled":true,"mode":"cached","contextSize":"high"}}}} OPENCLAW_TOOLS_JSON=