feat: update openclaw Dockerfile

Author: zhengkunwang223

.github/workflows/node-release.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -31,7 +31,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Build Node Image and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: node
           file: node/Dockerfile

.github/workflows/openclaw-release.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -50,7 +50,7 @@ jobs:
             | tar -xz -C _src/openclaw --strip-components=1
 
       - name: Build OpenClaw Image and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: _src/openclaw
           file: openclaw/Dockerfile
@@ -66,7 +66,7 @@ jobs:
 
       - name: Push Latest Tag
         if: ${{ github.event_name == 'push' || github.event.inputs.pushLatest == 'true' }}
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: _src/openclaw
           file: openclaw/Dockerfile

.github/workflows/php5-release.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -28,7 +28,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Build PHP-5.6 and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: php/5.6.40
           file: php/5.6.40/Dockerfile
@@ -41,4 +41,4 @@ jobs:
 
 
 
- 
+ 

.github/workflows/php7-release.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -32,7 +32,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Build PHP-7.4 and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: php/7
           file: php/7/Dockerfile
@@ -46,7 +46,7 @@ jobs:
           cache-to: type=gha,mode=max
 
       - name: Build PHP-7.3 and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: php/7
           file: php/7/Dockerfile

.github/workflows/php7.x-release.yml

@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -35,7 +35,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Build PHP-7.x and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: php/${{ github.event.inputs.php_dir }}
           file: php/${{ github.event.inputs.php_dir }}/Dockerfile
@@ -46,4 +46,4 @@ jobs:
           tags: |
             1panel/php:${{ github.event.inputs.php_version }}-fpm
           cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-to: type=gha,mode=max

.github/workflows/php8-release.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -26,7 +26,7 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
       - name: Build PHP-FPM Image and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: php/8
           file: php/8/Dockerfile
@@ -38,4 +38,3 @@ jobs:
             1panel/php:${{ github.event.inputs.phpVersion }}-fpm
           cache-from: type=gha
           cache-to: type=gha,mode=max
-

.github/workflows/sync-to-cnb.yml

@@ -7,7 +7,7 @@ jobs:
   sync:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -21,4 +21,4 @@ jobs:
             -e PLUGIN_USERNAME="cnb" \
             -e PLUGIN_PASSWORD=${{ secrets.CNB_PASSWORD }} \
             -e PLUGIN_FORCE=true \
-            tencentcom/git-sync
+            tencentcom/git-sync

openclaw/Caddyfile

@@ -0,0 +1,12 @@
+{
+	admin off
+	auto_https disable_redirects
+	storage file_system {
+		root /data/caddy
+	}
+}
+
+https://{$CADDY_SITE_ADDRESS}:{$CADDY_HTTPS_PORT} {
+	tls internal
+	reverse_proxy 127.0.0.1:18789
+}

openclaw/Dockerfile

@@ -14,6 +14,7 @@
 #   Slim (bookworm-slim):    docker build --build-arg OPENCLAW_VARIANT=slim .
 ARG OPENCLAW_EXTENSIONS=""
 ARG OPENCLAW_VARIANT=default
+ARG OPENCLAW_CADDY_IMAGE="caddy:2"
 ARG OPENCLAW_NODE_BOOKWORM_IMAGE="node:24-bookworm@sha256:3a09aa6354567619221ef6c45a5051b671f953f0a1924d1f819ffb236e520e6b"
 ARG OPENCLAW_NODE_BOOKWORM_DIGEST="sha256:3a09aa6354567619221ef6c45a5051b671f953f0a1924d1f819ffb236e520e6b"
 ARG OPENCLAW_NODE_BOOKWORM_SLIM_IMAGE="node:24-bookworm-slim@sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb"
@@ -36,6 +37,8 @@ RUN mkdir -p /out && \
       fi; \
     done
 
+FROM ${OPENCLAW_CADDY_IMAGE} AS caddy-binary
+
 FROM ${OPENCLAW_NODE_BOOKWORM_IMAGE} AS build
 
 # Install Bun (required for build scripts). Retry the whole bootstrap flow to
@@ -142,6 +145,9 @@ COPY --from=runtime-assets --chown=node:node /app/openclaw.mjs .
 COPY --from=runtime-assets --chown=node:node /app/extensions ./extensions
 COPY --from=runtime-assets --chown=node:node /app/skills ./skills
 COPY --from=runtime-assets --chown=node:node /app/docs ./docs
+COPY --from=caddy-binary /usr/bin/caddy /usr/bin/caddy
+COPY openclaw/Caddyfile /etc/caddy/Caddyfile
+COPY openclaw/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 # Keep pnpm available in the runtime image for container-local workflows.
 # Use a shared Corepack home so the non-root `node` user does not need a
@@ -225,9 +231,13 @@ RUN printf '%s\n' \
   'set -e' \
   'exec node /app/openclaw.mjs "$@"' \
   > /usr/local/bin/openclaw && \
-  chmod 755 /usr/local/bin/openclaw /app/openclaw.mjs
+  install -d -o node -g node /data /config /etc/caddy /tmp/caddy && \
+  chmod 755 /usr/local/bin/openclaw /usr/local/bin/docker-entrypoint.sh /usr/bin/caddy /app/openclaw.mjs && \
+  chown -R node:node /data /config /etc/caddy /tmp/caddy
 # -----------------------------
 
+ENV CADDY_HTTPS_PORT=8443
+ENV CADDY_SITE_ADDRESS=127.0.0.1
 ENV NODE_ENV=production
 
 # Security hardening: Run as non-root user
@@ -250,4 +260,6 @@ USER node
 HEALTHCHECK --interval=3m --timeout=10s --start-period=15s --retries=3 \
   CMD node -e "fetch('http://127.0.0.1:18789/healthz').then((r)=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
 
+EXPOSE 8443
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD ["openclaw", "gateway", "--allow-unconfigured"]

openclaw/docker-entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -eu
+
+mkdir -p /tmp/caddy /data/caddy /config/caddy
+
+"$@" &
+openclaw_pid=$!
+
+/usr/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile &
+caddy_pid=$!
+
+term_handler() {
+  kill "$openclaw_pid" "$caddy_pid" 2>/dev/null || true
+}
+
+trap term_handler INT TERM HUP
+
+while kill -0 "$openclaw_pid" 2>/dev/null && kill -0 "$caddy_pid" 2>/dev/null; do
+  sleep 1
+done
+
+term_handler
+wait "$openclaw_pid" || true
+wait "$caddy_pid" || true
+exit 1