feat(openclaw): deploy OpenClaw AI chatbot gateway on VM 120

- Add Docker Compose configs with security hardening (cap_drop ALL, non-root, read-only FS) - Add Prometheus node_exporter scrape target for 192.168.2.120:9100 - Update services/README.md, INDEX.md, and CLAUDE_STATUS.md with VM 120 - Image pinned to v2026.2.1 (patches CVE-2026-25253) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 18:07:09 -07:00
parent e481c95da4
commit e08951de21
9 changed files with 1031 additions and 20 deletions
--- a/services/openclaw/docker-compose.yml
+++ b/services/openclaw/docker-compose.yml
@@ -0,0 +1,42 @@
+services:
+  openclaw:
+    container_name: openclaw
+    image: ghcr.io/openclaw/openclaw:${OPENCLAW_VERSION:-2026.2.1}
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:18789:18789"  # Gateway WS+UI (localhost only, use reverse proxy)
+      - "127.0.0.1:18790:18790"  # Bridge
+      - "127.0.0.1:1455:1455"    # OAuth
+    volumes:
+      - /opt/openclaw/data:/app/data
+      - /opt/openclaw/sessions:/app/sessions
+      - /opt/openclaw/logs:/app/logs
+    command: ["node", "openclaw.mjs", "gateway", "--allow-unconfigured"]
+    env_file:
+      - .env
+    environment:
+      - NODE_ENV=production
+      - GATEWAY_PORT=18789
+      - BRIDGE_PORT=18790
+      - OAUTH_PORT=1455
+      - LOG_LEVEL=${LOG_LEVEL:-info}
+      - DM_POLICY=${DM_POLICY:-pairing}
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
+      - OPENAI_API_KEY=${OPENAI_API_KEY:-}
+      - OLLAMA_BASE_URL=${OLLAMA_BASE_URL:-}
+      - DISCORD_TOKEN=${DISCORD_TOKEN:-}
+      - TELEGRAM_TOKEN=${TELEGRAM_TOKEN:-}
+      - SLACK_TOKEN=${SLACK_TOKEN:-}
+      - WHATSAPP_TOKEN=${WHATSAPP_TOKEN:-}
+      - OPENCLAW_GATEWAY_TOKEN=${GATEWAY_TOKEN}
+    healthcheck:
+      test: ["CMD", "node", "-e", "require('http').get('http://localhost:18789/health', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+    logging:
+      driver: json-file
+      options:
+        max-size: "50m"
+        max-file: "5"