惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
T
The Exploit Database - CXSecurity.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Security @ Cisco Blogs
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
腾讯CDC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Blog of Author Tim Ferriss
Microsoft Azure Blog
Microsoft Azure Blog
罗磊的独立博客
F
Full Disclosure
博客园 - 【当耐特】
C
CERT Recently Published Vulnerability Notes
Engineering at Meta
Engineering at Meta
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Threatpost
I
Intezer
V2EX - 技术
V2EX - 技术
H
Hackread – Cybersecurity News, Data Breaches, AI and More
The Hacker News
The Hacker News
小众软件
小众软件
Google DeepMind News
Google DeepMind News
T
Tailwind CSS Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
B
Blog RSS Feed
Microsoft Security Blog
Microsoft Security Blog
N
News | PayPal Newsroom
MyScale Blog
MyScale Blog
AI
AI
Vercel News
Vercel News
Spread Privacy
Spread Privacy
美团技术团队
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
V
Vulnerabilities – Threatpost
Schneier on Security
Schneier on Security
Cyberwarzone
Cyberwarzone
G
GRAHAM CLULEY
Help Net Security
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
U
Unit 42
L
LangChain Blog
Recent Announcements
Recent Announcements

博客园 - Nihaorz

告别闪烁,拥抱流畅:在 Windows Terminal 中完美配置 Cygwin 环境 Nginx 透明代理 + 自动回源存储:访问即缓存,落盘即文件 创建 docker ipvlan,让 docke 容器获取独立ip 电犀牛 R68s iStoreOS 2.5G 网口速率优化 解决 openwrt ssh 命令行终端 home、end 键不可用问题 一键添加视频封面脚本 ffmpeg 转码参数 docker save 远程 ssh 主机直接 load,不产生本地文件 AutoHotKey 脚本 - win10 自动连接无线显示器 SSH 登录/退出实时监控脚本 curl 断点续传下载 debian iso 镜像下载地址 linux 安装 zerotier,加入网络 基于 Fail2ban 的 SSH 入侵自动反制方案 ssh 配置密钥登录,关闭密码登录 memc - 基于 shell 的交互式清理内存脚本 基于 Fail2ban 的 OpenWRT SSH 入侵自动反制方案 Linux Screen 命令速查 使用 ofelia 在 docker 容器中执行计划任务 linux 磁盘挂载示例
OpenClaw 安装部署,配置 deepseek
Nihaorz · 2026-03-05 · via 博客园 - Nihaorz

OpenClaw 安装部署

一、安装 openclaw

一键安装脚本(时间较长,大概二十分钟左右吧)

curl -sSL https://openclaw.ai/install.sh | bash

配置比较多,就不细列了,这里粘贴出 deepseek 的配置方式

root@vm-openclaw:~/openclaw-setup# openclaw onboard
│
◇  Model/auth provider
│  Custom Provider
│
◇  API Base URL
│  https://api.deepseek.com/v1
│
◇  How do you want to provide this API key?
│  Paste API key now
│
◇  API Key (leave blank if not required)
│  sk-xxxxxx
│
◇  Endpoint compatibility
│  OpenAI-compatible
│
◇  Model ID
│  deepseek-chat
│
◇  Verification successful.

或者安装完毕再配置,见文末

openclaw 设置

openclaw config set tools.exec.host gateway
openclaw config set tools.exec.ask off
openclaw config set tools.exec.security full
openclaw config set tools.profile full
openclaw config set gateway.controlUi.allowedOrigins '["*"]'

二、基础工具

基础工具安装

apt update
apt install nginx jq -y

创建 ssl 证书

# 创建证书存放目录
mkdir -p /etc/nginx/ssl

# 生成自签名证书(有效期 10 年)
# 包含两个局域网 IP 和 localhost
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
  -keyout /etc/nginx/ssl/openclaw.key \
  -out /etc/nginx/ssl/openclaw.crt \
  -subj "/CN=OpenClaw Gateway" \
  -addext "subjectAltName=IP:192.168.10.6,IP:192.168.193.55,IP:127.0.0.1,DNS:localhost"

# 设置权限(仅 root 可读写)
chmod 600 /etc/nginx/ssl/openclaw.crt /etc/nginx/ssl/openclaw.key

nginx 配置启动

# 删除多余配置文件
rm /etc/nginx/sites-available/* /etc/nginx/sites-enabled/* -rf
​
# 创建 openclaw.conf
tee /etc/nginx/conf.d/openclaw.conf << 'EOF'
server {
    listen 80;
    # 监听 IPv6 的80端口
    listen [::]:80;

    # 将此处 server_name 替换为你的域名
    server_name _;

    # 将所有HTTP请求重定向到HTTPS地址
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    # 监听 IPv6 的443端口
    listen [::]:443 ssl http2;

    # 将此处 server_name 替换为你的域名
    server_name _;

    # --- SSL 证书配置(请将路径替换为你自己的证书文件)---
    ssl_certificate     /etc/nginx/ssl/openclaw.crt;  # 你的证书文件路径
    ssl_certificate_key /etc/nginx/ssl/openclaw.key;  # 你的私钥文件路径
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # --- 核心的反向代理配置 ---
    location / {
        # 将请求转发到本地的 OpenClaw 服务
        proxy_pass http://127.0.0.1:18789;

        # 设置代理头部,将客户端的真实信息传递给后端
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # --- 关键配置:支持 WebSocket ---
        # OpenClaw 控制面板需要 WebSocket 连接,这两行必不可少
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # 为长连接设置超时
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }
}
​
EOF
​
# 检测并重载 nginx
nginx -t
nginx -s reload

可选配置(设置允许访问 web 界面的地址)

openclaw config set gateway.controlUi.allowedOrigins '[
  "http://localhost:18789",
  "http://127.0.0.1:18789",
  "http://192.168.10.6:18789",
  "http://192.168.193.55:18789",
  "https://192.168.10.6",
  "https://192.168.193.55",
  "https://localhost"
]'

# 重启网关使配置生效
openclaw daemon restart

三、访问配置

访问概览 https://192.168.100.137/overview(openclaw 主机的内网地址),填写 token 重新连接

token 获取方式:

jq -r '.gateway.auth.token' ~/.openclaw/openclaw.json

界面会显示 'pairing required',下一步需要通过CLI批准设备

root@vm-mint:~# openclaw devices list
# 返回的 Pending 列表第一列为 RequestId,接下来执行 openclaw devices approve 命令
​
root@vm-mint:~# openclaw devices approve xxxxxx
# 输出 Approved xxxxxx 即可返回浏览器刷新页面

四、手动配置 deekseep 模型

root@vm-debian:~# openclaw configure

🦞 OpenClaw 2026.3.13 (61d171a) — Say "stop" and I'll stop—say "ship" and we'll both learn a lesson.

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██░▄▄▄░██░▄▄░██░▄▄▄██░▀██░██░▄▄▀██░████░▄▄▀██░███░██
██░███░██░▀▀░██░▄▄▄██░█░█░██░█████░████░▀▀░██░█░█░██
██░▀▀▀░██░█████░▀▀▀██░██▄░██░▀▀▄██░▀▀░█░██░██▄▀▄▀▄██
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                  🦞 OPENCLAW 🦞                    
 
┌  OpenClaw configure
│
◇  Existing config detected ─╮
│                            │
│  gateway.mode: local       │
│  gateway.bind: lan         │
│                            │
├────────────────────────────╯
│
◇  Where will the Gateway run?
│  Local (this machine)
│
◇  Select sections to configure
│  Model
│
◇  Model/auth provider
│  Custom Provider
│
◇  API Base URL
│  https://api.deepseek.com/v1
│
◇  How do you want to provide this API key?
│  Paste API key now
│
◇  API Key (leave blank if not required)
│  sk-xxxxxx
│
◇  Endpoint compatibility
│  OpenAI-compatible
│
◇  Model ID
│  deepseek-chat
│
◇  Verification successful.