Securely Deploy OpenClaw with 1Panel: Step‑by‑Step Docker Setup & Feishu Integration

Overview

Running OpenClaw with high privileges exposed to the public Internet creates a large attack surface. Public data from https://openclaw.allegro.earth shows more than 258,000 publicly exposed OpenClaw instances, many leaking control panels, API keys, logs and credentials that can be linked to known CVEs and threat groups.

Security baseline of a 1Panel containerized deployment: Force the high‑risk AI into an isolated Docker sandbox (non‑root, minimal permissions). If the container is compromised, the attacker cannot escape to the host. Risk is reduced from "full‑machine compromise" to "at most one container".

1Panel Installation and Deployment

Step 1: Obtain root privileges

sudo su -

Step 2: Run the online installation script

bash -c "$(curl -sSL https://resource.fit2cloud.com/1panel/package/v2/quick_start.sh)"

Step 3: Choose the installation directory

Press Enter to accept the default /opt unless a custom path is required.

Step 4: Install Docker if missing

Detected Docker not installed, install? [y/n]: y

Step 5: Configure image accelerator and default parameters

The installer prompts for a Docker image accelerator, the 1Panel HTTP port, a secure entry and the panel user password. Ensure the chosen ports are allowed through the firewall.

Step 6: Retrieve 1Panel login information

[1Panel 2026-02-03 18:30:01 install Log]: External address: http://120.26.74.202:25137/3690ea2e

[1Panel 2026-02-03 18:30:01 install Log]: Internal address: http://172.19.160.155:25137/3690ea2e

[1Panel 2026-02-03 18:30:01 install Log]: Panel user: 654c50b7eb

[1Panel 2026-02-03 18:30:01 install Log]: Panel password: 2c5c230deb

Step 7: Verify 1Panel deployment

Open the external address in a browser, log in with the printed credentials, and confirm that the dashboard loads correctly.

Large Language Model API Registration

OpenClaw can use any supported LLM API. The example below shows how to obtain an API key from Alibaba Baileian.

Step 1: Register on Alibaba Baileian

Visit https://bailian.console.aliyun.com, complete real‑name verification and create a free‑tier account.

Step 2: Create an API key

Navigate to the “API Keys” section, click “Create API key”, and securely store the generated key for later use.

OpenClaw Installation via 1Panel

OpenClaw is deployed as a Docker container managed by 1Panel. The deployment process requires the previously obtained LLM API key.

Step 1: Add Model Account

In 1Panel go to AI → Agent → Model Account , click “Add Model Account”, select the model provider (e.g., Alibaba Baileian), and enter the API key.

Step 2: Create an Agent

Switch to the “Agent” tab and click “Create Agent”. Required parameters:

Name: default openclaw (customizable).

Application version: e.g., 2026.3.2.

WebUI port: default 18789 (ensure the port is open).

Bridge port: default 18790.

Model provider: select the previously added Baileian account.

Token: automatically generated for Web UI access.

Other parameters: keep defaults.

Confirm to start the installation. Example log output:

2026/03/08 16:35:28 Installation [OpenClaw] START

2026/03/08 16:35:28 Pulling image [1panel/openclaw:2026.3.2]

2026/03/08 16:36:32 Image pull successful

Step 3: Verify OpenClaw deployment

After installation, open the agent list and click the WebUI button. Ensure the firewall allows port 18789 (or configure a reverse proxy with a domain such as openclaw.tinywan.com). Send a test message in the Web UI; a proper AI response confirms successful deployment.

Feishu Channel Configuration

To connect OpenClaw with Feishu, create a Feishu custom app, add a bot, and grant the required permissions.

Step 1: Create a Feishu custom app

Log in to the Feishu Open Platform at https://open.feishu.cn/app?lang=zh-CN, select “Enterprise custom app”, and create a new app with a name and description.

Step 2: Add a bot

Within the app, add a bot and give it a recognizable name.

Step 3: Configure permissions

Open “Permission Management”, choose “Batch import/export permissions”, and paste the following JSON to grant the required scopes:

{
  "scopes": {
    "tenant": [
      "aily:file:read",
      "aily:file:write",
      "application:application.app_message_stats.overview:readonly",
      "application:application:self_manage",
      "application:bot.menu:write",
      "cardkit:card:write",
      "contact:contact.base:readonly",
      "contact:user.employee_id:readonly",
      "corehr:file:download",
      "docs:document.content:read",
      "event:ip_list",
      "im:chat",
      "im:chat.access_event.bot_p2p_chat:read",
      "im:chat.members:bot_access",
      "im:message",
      "im:message.group_at_msg:readonly",
      "im:message.group_msg",
      "im:message.p2p_msg:readonly",
      "im:message:readonly",
      "im:message:send_as_bot",
      "im:resource",
      "sheets:spreadsheet",
      "wiki:wiki:readonly"
    ],
    "user": [
      "aily:file:read",
      "aily:file:write",
      "contact:contact.base:readonly",
      "im:chat.access_event.bot_p2p_chat:read"
    ]
  }
}

Step 4: Obtain credentials and configure in 1Panel

In Feishu, go to “Credentials & Basic Info” and copy the App ID and App Secret. In 1Panel’s Agent → Configuration page, paste these values to enable the Feishu channel.

Step 5: Set up events and callbacks

Navigate to “Events & Callbacks”, choose the long‑link subscription method, and add the event im.message.receive_v1 with the “Application identity subscription” option.

Step 6: Publish the version

Click “Create Version”, fill in version details and publish. Personal Feishu accounts do not require approval; enterprise accounts need admin review.

Step 7: Verify Feishu integration

Add the newly created bot in the Feishu client and send a message. A successful reply confirms that OpenClaw is correctly connected to Feishu.