We Built a Production-Ready OpenClaw Docker Image (And It's Open Source)
Run the same production OpenClaw Docker image powering Molten.bot — open source, actively maintained, and available on Docker Hub.
Running OpenClaw locally is one thing. Running it in production — with proper isolation, security, and scale — is another. And until now, there wasn't an official, maintained Docker image built for real deployments.
We fixed that. Today, we're releasing moltenbot/openclaw — a production-ready OpenClaw Docker image that's open source, actively maintained, and powers Molten.bot in production.
What We're Releasing
Docker Hub: hub.docker.com/r/moltenbot/openclaw
GitHub: github.com/Molten-Bot/openclaw
This is the same Docker image we use to run thousands of OpenClaw agent sessions on Molten.bot. It's battle-tested, security-hardened, and designed for production use. And as of today, it's completely open source.
Why We Built This
OpenClaw ships with Docker support out of the box. For production? You need more.
Here's what production deployments actually require:
Security hardening — Non-root execution, gVisor sandbox compatibility, proper secret handling, network isolation.
Dependency management — Pre-installed tools, pinned versions, tested configurations that don't break.
Observability — Health checks, structured logging, metrics-ready endpoints.
Reliability — Graceful shutdown, startup validation, proper signal handling.
Scale — Optimized image sizes, fast builds, layer caching that actually works.
We built this infrastructure for Molten.bot. Now everyone can use it.
How to Use It
Pull and Run
The fastest way to get started:
docker run -p 18789:18789\
-e OPENCLAW_GATEWAY_PASSWORD=your-secure-password \
moltenbot/openclaw:latestThat's it. You now have a production-ready OpenClaw gateway running on port 18789.
Fork and Customize
Want to modify the image? The GitHub repo is open:
git clone https://github.com/Molten-Bot/openclaw.git
cd openclaw
# Edit Dockerfile
docker build -t my-openclaw .Common customizations:
- Bump
OPENCLAW_VERSIONto track specific npm releases - Add extra tools or packages for your workflows
- Change base Node.js version
- Add custom configuration files
Push your changes to a branch, open a PR, and we'll review. Community contributions are welcome.
Deploy to Production
This image is designed for real deployments:
Kubernetes:
apiVersion: v1
kind: Pod
metadata:
name: openclaw-agent
spec:
containers:
- name: openclaw
image: moltenbot/openclaw:latest
ports:
- containerPort: 18789
env:
- name: OPENCLAW_GATEWAY_PASSWORD
valueFrom:
secretKeyRef:
name: openclaw-secrets
key: gateway-passwordDocker Compose:
version: '3.8'
services:
openclaw:
image: moltenbot/openclaw:latest
ports:
- "18789:18789"
environment:
- OPENCLAW_GATEWAY_PASSWORD=${GATEWAY_PASSWORD}
restart: unless-stopped
volumes:
- openclaw-workspace:/home/openclaw/workspace
- openclaw-memory:/home/openclaw/.openclaw/memoryCloud platforms: Deploy to DigitalOcean, AWS ECS, Google Cloud Run, Azure Container Instances — anywhere that runs Docker.
What Makes It Production-Ready
This isn't just OpenClaw in a container. It's OpenClaw configured for production:
Security:
- Runs as non-root user (
openclaw) - gVisor sandbox compatible for extra isolation
- Environment variable-based secrets (no credentials in images)
- Minimal attack surface
Reliability:
- Health check endpoint on
/health - Graceful shutdown handling (SIGTERM)
- Startup validation before accepting connections
- Proper process management
Operations:
- Structured JSON logging
- Prometheus metrics endpoint (optional)
- Configurable resource limits
- Persistent volume support for workspace and memory
Performance:
- Optimized layer caching
- Multi-stage builds
- Pre-installed dependencies (no runtime npm installs)
- Reasonable image size (~800MB)
Automatic Builds
When we merge changes to the main branch, GitHub Actions automatically builds and pushes moltenbot/openclaw:latest to Docker Hub.
For versioned releases, we tag commits in the format vYYYY.M.P (e.g., v2026.3.2), which triggers a versioned Docker tag.
This means:
- Latest tag — Always tracks the newest stable build
- Versioned tags — Pin to specific releases for stability
- Automatic updates — Pull
:latestto get the newest version
This Is the Foundation
Molten.bot runs on this image. Every agent session, every workspace, every piece of persistent memory — it all runs in containers built from this exact Dockerfile.
We're not selling you infrastructure you can't inspect. We're showing you exactly what we run, and letting you use the same thing.
Fully transparent. Fully auditable. Fully reproducible.
Why We Open-Sourced It
We could have kept this private. It's infrastructure that works, and infrastructure is valuable. But we're betting on the same principle we've always bet on: open source wins.
When you make infrastructure open, the community improves it. People find edge cases. They contribute optimizations. They build things on top of it you never imagined.
That's how OpenClaw itself became the dominant agent platform. That's how Kubernetes won. That's how open infrastructure always wins.
So we're opening it up. Use it. Fork it. Improve it. Deploy it.
Get Started
Pull the image:
docker pull moltenbot/openclaw:latestRun it locally:
docker run -p 18789:18789 \
-e OPENCLAW_GATEWAY_PASSWORD=test123 \
moltenbot/openclaw:latestFork and customize:
git clone https://github.com/Molten-Bot/openclaw.git
cd openclaw
# Make your changes
docker build -t my-openclaw .Read the docs:
What's Next
This is v1. The foundation. Here's what we're working on:
- Helm charts — One-command Kubernetes deployments
- ARM64 support — Native builds for Raspberry Pi and Graviton
- Multi-stage optimization — Even smaller images
- Example configs — Pre-built docker-compose files for common setups
- Community contributions — Your improvements, your ideas
The image is public. The code is open. The CI/CD is automated.
If you're running OpenClaw at scale, you no longer have to build this infrastructure yourself.
Want managed OpenClaw with zero infrastructure work? That's what Molten.bot does. But if you want to run it yourself, now you can use the exact same Docker image we do.
Production-ready OpenClaw containers, open source, available now.