feat: update openclaw Dockerfile

zhengkunwang223 · zhengkunwang223 · commit 5c3b66a0ba71 · 2026-03-25T11:08:43.000+08:00
diff --git a/.github/workflows/openclaw-release.yml b/.github/workflows/openclaw-release.yml
@@ -49,7 +49,7 @@ jobs:
           curl -fsSL "https://github.com/openclaw/openclaw/archive/refs/tags/v${{ github.event.inputs.openclawTag }}.tar.gz" \
             | tar -xz -C _src/openclaw --strip-components=1
           mkdir -p _src/openclaw/openclaw
-          cp openclaw/Dockerfile openclaw/Caddyfile openclaw/docker-entrypoint.sh _src/openclaw/openclaw/
+          cp openclaw/Dockerfile _src/openclaw/openclaw/
 
       - name: Build OpenClaw Image and Push
         uses: docker/build-push-action@v6
diff --git a/README.md b/README.md
@@ -17,15 +17,15 @@ Current images in this repository:
 Key points:
 
 1. It follows official OpenClaw releases and builds from upstream tags
-2. It integrates `Caddy` by default to provide HTTPS reverse proxy for OpenClaw
-3. It adds an `openclaw` command for easier startup and in-container usage
+2. It stays close to the upstream OpenClaw Docker build flow while adding a small set of 1Panel-specific runtime dependencies
+3. It includes `clawhub` and a curated default `OPENCLAW_DOCKER_APT_PACKAGES` set for common media and scripting workflows
 
 ## Security
 
 Security is one of the main considerations for `1panel/openclaw`.
 
-- HTTPS is provided through bundled `Caddy` instead of exposing the web UI directly over plain HTTP
 - The image stays as close as practical to the upstream OpenClaw Docker behavior while keeping only the customizations needed by 1Panel
+- It avoids bundling an extra reverse-proxy process inside the image, which keeps the runtime surface smaller and simpler
 
 ## Other Images
 
diff --git a/README_zh.md b/README_zh.md
@@ -17,14 +17,13 @@
 主要特点：
 
 1. 跟随 OpenClaw 官方版本发布节奏，按 tag 拉取上游源码进行构建
-2. 默认集成 `Caddy`，用于为 OpenClaw 提供 HTTPS 反向代理能力
-3. 增加 `openclaw` 命令，便于在容器中直接使用 OpenClaw 启动入口
+2. 尽量保持与 OpenClaw 上游 Docker 构建流程一致，只保留少量 1Panel 所需的运行时定制
+3. 内置 `clawhub`，并提供一组适合常见媒体处理和脚本场景的默认 `OPENCLAW_DOCKER_APT_PACKAGES`
 
 ## 安全性
 
 `1panel/openclaw` 的一个重点是安全性。
 
-- 默认通过集成的 `Caddy` 提供 HTTPS 访问入口，避免直接以明文 HTTP 暴露 Web 界面
 - 在满足 1Panel 需求的前提下，尽量保持与 OpenClaw 上游 Docker 行为接近
 
 ## 其他镜像
diff --git a/openclaw/Caddyfile b/openclaw/Caddyfile
diff --git a/openclaw/Dockerfile b/openclaw/Dockerfile
@@ -15,7 +15,6 @@
 ARG OPENCLAW_EXTENSIONS=""
 ARG OPENCLAW_VARIANT=default
 ARG OPENCLAW_DOCKER_APT_UPGRADE=1
-ARG OPENCLAW_CADDY_IMAGE="caddy:2"
 ARG OPENCLAW_NODE_BOOKWORM_IMAGE="node:24-bookworm@sha256:3a09aa6354567619221ef6c45a5051b671f953f0a1924d1f819ffb236e520e6b"
 ARG OPENCLAW_NODE_BOOKWORM_DIGEST="sha256:3a09aa6354567619221ef6c45a5051b671f953f0a1924d1f819ffb236e520e6b"
 ARG OPENCLAW_NODE_BOOKWORM_SLIM_IMAGE="node:24-bookworm-slim@sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb"
@@ -38,8 +37,6 @@ RUN mkdir -p /out && \
       fi; \
     done
 
-FROM ${OPENCLAW_CADDY_IMAGE} AS caddy-binary
-
 FROM ${OPENCLAW_NODE_BOOKWORM_IMAGE} AS build
 
 # Install Bun (required for build scripts). Retry the whole bootstrap flow to
@@ -152,9 +149,6 @@ COPY --from=runtime-assets --chown=node:node /app/openclaw.mjs .
 COPY --from=runtime-assets --chown=node:node /app/extensions ./extensions
 COPY --from=runtime-assets --chown=node:node /app/skills ./skills
 COPY --from=runtime-assets --chown=node:node /app/docs ./docs
-COPY --from=caddy-binary /usr/bin/caddy /usr/bin/caddy
-COPY openclaw/Caddyfile /etc/caddy/Caddyfile
-COPY openclaw/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 # In npm-installed Docker images, prefer the copied source extension tree for
 # bundled discovery so package metadata that points at source entries stays valid.
@@ -241,12 +235,8 @@ RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,shar
     fi
 
 RUN ln -sf /app/openclaw.mjs /usr/local/bin/openclaw && \
-  install -d -o node -g node /data /config /etc/caddy /tmp/caddy && \
-  chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/bin/caddy /app/openclaw.mjs && \
-  chown -R node:node /data /config /etc/caddy /tmp/caddy
+  chmod 755 /app/openclaw.mjs
 
-ENV CADDY_HTTPS_PORT=8443
-ENV CADDY_SITE_ADDRESS=127.0.0.1
 ENV NODE_ENV=production
 
 # Security hardening: Run as non-root user
@@ -269,6 +259,4 @@ USER node
 HEALTHCHECK --interval=3m --timeout=10s --start-period=15s --retries=3 \
   CMD node -e "fetch('http://127.0.0.1:18789/healthz').then((r)=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
 
-EXPOSE 8443
-ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD ["node", "openclaw.mjs", "gateway", "--allow-unconfigured"]
diff --git a/openclaw/docker-entrypoint.sh b/openclaw/docker-entrypoint.sh
