Spaces:

aip9105
/

openclaw

Running

App Files Files Community

aip9105 commited on 30 days ago

Commit

a09f6f4

verified ·

1 Parent(s): a8a86d0

Update start-openclaw.sh

Browse files

Files changed (1) hide show

start-openclaw.sh +57 -14

start-openclaw.sh CHANGED Viewed

@@ -1,18 +1,27 @@
 #!/bin/bash
 set -e
-# 1. 补全目录
 mkdir -p /root/.openclaw/agents/main/sessions
 mkdir -p /root/.openclaw/credentials
 mkdir -p /root/.openclaw/sessions
-# 2. 执行恢复
 python3 /app/sync.py restore
-# 3. 处理 API 地址
 CLEAN_BASE=$(echo "$OPENAI_API_BASE" | sed "s|/chat/completions||g" | sed "s|/v1/|/v1|g" | sed "s|/v1$|/v1|g")
-# 4. 生成配置文件
 cat > /root/.openclaw/openclaw.json <<EOF
 {
   "models": {
@@ -32,17 +41,17 @@ cat > /root/.openclaw/openclaw.json <<EOF
     "restart": true
   },
   "gateway": {
-    "mode": "local", "bind": "lan", "port": $PORT,
-    "trustedProxies": ["0.0.0.0/0"],
     "auth": { "mode": "token", "token": "$OPENCLAW_GATEWAY_PASSWORD" },
     "controlUi": {
-	  "allowedOrigins": [
         "https://aip9105-openclaw.hf.space/"
       ],
       "dangerouslyAllowHostHeaderOriginFallback": true,
       "allowInsecureAuth": true,
       "dangerouslyDisableDeviceAuth": true
-	}
   },
   "skills": {
     "entries": {
@@ -52,14 +61,48 @@ cat > /root/.openclaw/openclaw.json <<EOF
       }
     }
   }
 }
 EOF
-# 5. 启动定时备份 (每 1 小时)
-(while true; do sleep 3600; python3 /app/sync.py backup; done) &
-# 6. 运行
-openclaw doctor --fix
-exec openclaw gateway run --port $PORT

 #!/bin/bash
 set -e
+# 1. 创建必要的目录
 mkdir -p /root/.openclaw/agents/main/sessions
 mkdir -p /root/.openclaw/credentials
 mkdir -p /root/.openclaw/sessions
+# 2. 从持久化存储恢复数据
 python3 /app/sync.py restore
+# 3. 清理和格式化 API 地址
+# 移除可能存在的 /chat/completions 和调整 /v1 路径
 CLEAN_BASE=$(echo "$OPENAI_API_BASE" | sed "s|/chat/completions||g" | sed "s|/v1/|/v1|g" | sed "s|/v1$|/v1|g")
+# 4. 设置更安全的绑定地址
+# 在容器环境中，通常绑定到 0.0.0.0 是安全的，但可以限制为 127.0.0.1
+# 如果需要在容器外访问，则保持 0.0.0.0
+BIND_ADDRESS="0.0.0.0"
+if [ -n "$RESTRICT_TO_LOCALHOST" ] && [ "$RESTRICT_TO_LOCALHOST" = "true" ]; then
+    BIND_ADDRESS="127.0.0.1"
+fi
+# 5. 生成主配置文件
 cat > /root/.openclaw/openclaw.json <<EOF
 {
   "models": {
     "restart": true
   },
   "gateway": {
+    "mode": "local", "bind": "$BIND_ADDRESS", "port": $PORT,
+    "trustedProxies": ["127.0.0.1/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"],
     "auth": { "mode": "token", "token": "$OPENCLAW_GATEWAY_PASSWORD" },
     "controlUi": {
+      "allowedOrigins": [
         "https://aip9105-openclaw.hf.space/"
       ],
       "dangerouslyAllowHostHeaderOriginFallback": true,
       "allowInsecureAuth": true,
       "dangerouslyDisableDeviceAuth": true
+    }
   },
   "skills": {
     "entries": {
       }
     }
   }
 }
 EOF
+# 6. 修复权限问题（根据 doctor 建议）
+chmod 700 /root/.openclaw
+chmod 600 /root/.openclaw/openclaw.json
+chmod 700 /root/.openclaw/agents
+chmod 700 /root/.openclaw/credentials
+chmod 700 /root/.openclaw/sessions
+# 7. 安装常见技能依赖
+# 注意：这些包应该在 Dockerfile 中安装，这里作为后备方案
+if ! command -v curl &> /dev/null; then
+    apt-get update && apt-get install -y --no-install-recommends curl
+fi
+if ! command -v wget &> /dev/null; then
+    apt-get update && apt-get install -y --no-install-recommends wget
+fi
+# 8. 启动定时备份任务（每小时一次）
+(
+  while true; do
+    sleep 3600
+    python3 /app/sync.py backup
+  done
+) &
+# 9. 运行健康检查和修复
+echo "运行 OpenClaw 健康检查..."
+if openclaw doctor --fix; then
+    echo "健康检查完成，修复了发现的问题。"
+else
+    echo "健康检查发现问题，但将继续启动..."
+fi
+# 10. 安全审计（可选）
+if [ -n "$RUN_SECURITY_AUDIT" ] && [ "$RUN_SECURITY_AUDIT" = "true" ]; then
+    echo "运行安全审计..."
+    openclaw security audit --deep || true
+fi
+# 11. 启动 OpenClaw 网关
+echo "启动 OpenClaw 网关，端口: $PORT，绑定地址: $BIND_ADDRESS"
+exec openclaw gateway run --port $PORT