holyclaude-ai-workstation
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseHolyClaude AI Workstation
HolyClaude AI 工作站
Skill by ara.so — Daily 2026 Skills collection.
HolyClaude is a containerized AI development workstation that bundles Claude Code CLI, a CloudCLI web UI, Chromium headless browser with Playwright, 5 AI CLIs (Claude, Gemini, OpenAI Codex, Cursor, TaskMaster AI), and 50+ dev tools into a single Docker image. One replaces hours of manual setup.
docker compose up由ara.so提供的技能 — 2026每日技能合集。
HolyClaude是一个容器化的AI开发工作站,它将Claude Code CLI、CloudCLI Web UI、搭配Playwright的Chromium无头浏览器、5款AI CLI(Claude、Gemini、OpenAI Codex、Cursor、TaskMaster AI)以及50多款开发工具打包进单个Docker镜像中。只需执行一次,即可替代数小时的手动配置工作。
docker compose upInstallation
安装
Prerequisites
前置条件
- Docker + Docker Compose installed
- Existing Anthropic account (Max/Pro subscription or API key)
- 已安装Docker + Docker Compose
- 已拥有Anthropic账号(Max/Pro订阅或API密钥)
Quick Start
快速开始
bash
mkdir holyclaude && cd holyclaudeCreate :
docker-compose.yamlyaml
services:
holyclaude:
image: CoderLuii/HolyClaude:latest
container_name: holyclaude
hostname: holyclaude
restart: unless-stopped
shm_size: 2g
ports:
- "3001:3001"
volumes:
- ./data/claude:/root/.claude
- ./data/config:/root/.config
- ./projects:/workspace
environment:
- PUID=1000
- PGID=1000bash
docker compose up -dbash
mkdir holyclaude && cd holyclaude创建:
docker-compose.yamlyaml
services:
holyclaude:
image: CoderLuii/HolyClaude:latest
container_name: holyclaude
hostname: holyclaude
restart: unless-stopped
shm_size: 2g
ports:
- "3001:3001"
volumes:
- ./data/claude:/root/.claude
- ./data/config:/root/.config
- ./projects:/workspace
environment:
- PUID=1000
- PGID=1000bash
docker compose up -dundefinedundefinedImage Variants
镜像变体
bash
undefinedbash
undefinedFull image — all tools pre-installed (recommended)
完整镜像 — 预装所有工具(推荐)
docker pull CoderLuii/HolyClaude:latest
docker pull CoderLuii/HolyClaude:latest
Slim image — smaller download, tools installed on demand
精简镜像 — 下载体积更小,工具按需安装
docker pull CoderLuii/HolyClaude:slim
docker pull CoderLuii/HolyClaude:slim
Pinned version for production stability
固定版本用于生产环境稳定性
docker pull CoderLuii/HolyClaude:1.2.3
docker pull CoderLuii/HolyClaude:1.2.3-slim
---docker pull CoderLuii/HolyClaude:1.2.3
docker pull CoderLuii/HolyClaude:1.2.3-slim
---Full Docker Compose Configuration
完整Docker Compose配置
yaml
services:
holyclaude:
image: CoderLuii/HolyClaude:latest
container_name: holyclaude
hostname: holyclaude
restart: unless-stopped
shm_size: 2g # Required for Chromium
ports:
- "3001:3001" # CloudCLI web UI
volumes:
- ./data/claude:/root/.claude # Claude credentials & config (persisted)
- ./data/config:/root/.config # App config (persisted)
- ./projects:/workspace # Your project files
environment:
# User/group IDs (match host user to avoid permission issues)
- PUID=1000
- PGID=1000
# AI provider API keys (optional — can also set via web UI)
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- GEMINI_API_KEY=${GEMINI_API_KEY}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- CURSOR_API_KEY=${CURSOR_API_KEY}
# NAS/SMB mount polling (enable if using Synology/QNAP)
- CHOKIDAR_USEPOLLING=true
# Notification webhooks (optional)
- DISCORD_WEBHOOK_URL=${DISCORD_WEBHOOK_URL}
- SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL}
security_opt:
- seccomp:unconfined # Required for Chromium sandboxyaml
services:
holyclaude:
image: CoderLuii/HolyClaude:latest
container_name: holyclaude
hostname: holyclaude
restart: unless-stopped
shm_size: 2g # Chromium必需配置
ports:
- "3001:3001" # CloudCLI Web UI端口
volumes:
- ./data/claude:/root/.claude # Claude凭据与配置(持久化存储)
- ./data/config:/root/.config # 应用配置(持久化存储)
- ./projects:/workspace # 你的项目文件目录
environment:
# 用户/组ID(与主机用户匹配以避免权限问题)
- PUID=1000
- PGID=1000
# AI服务商API密钥(可选 — 也可通过Web UI设置)
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
- GEMINI_API_KEY=${GEMINI_API_KEY}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- CURSOR_API_KEY=${CURSOR_API_KEY}
# NAS/SMB挂载轮询(使用群晖/QNAP时启用)
- CHOKIDAR_USEPOLLING=true
# 通知Webhook(可选)
- DISCORD_WEBHOOK_URL=${DISCORD_WEBHOOK_URL}
- SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL}
security_opt:
- seccomp:unconfined # Chromium沙箱必需配置Environment Variable Reference
环境变量参考
| Variable | Required | Description |
|---|---|---|
| Recommended | Host user ID (run |
| Recommended | Host group ID (run |
| Optional | Anthropic API key (alternative to OAuth login) |
| Optional | Google AI API key for Gemini CLI |
| Optional | OpenAI API key for Codex CLI |
| Optional | Cursor API key |
| NAS only | Set |
| Optional | Discord notifications |
| Optional | Slack notifications |
| 变量名 | 是否必需 | 描述 |
|---|---|---|
| 推荐 | 主机用户ID(执行 |
| 推荐 | 主机组ID(执行 |
| 可选 | Anthropic API密钥(替代OAuth登录) |
| 可选 | 用于Gemini CLI的谷歌AI API密钥 |
| 可选 | 用于Codex CLI的OpenAI API密钥 |
| 可选 | Cursor API密钥 |
| 仅NAS需要 | SMB/NFS挂载时设置为 |
| 可选 | Discord通知地址 |
| 可选 | Slack通知地址 |
Authentication
认证方式
Method 1: OAuth (Claude Max/Pro Subscription)
方式1:OAuth(Claude Max/Pro订阅用户)
- Open
http://localhost:3001 - Create a CloudCLI account (10 seconds)
- Sign in with your Anthropic account via OAuth
- No API key needed — uses your existing subscription
- 打开
http://localhost:3001 - 创建CloudCLI账号(约10秒)
- 通过OAuth登录你的Anthropic账号
- 无需API密钥 — 使用现有订阅权限
Method 2: API Key
方式2:API密钥
yaml
environment:
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}Or paste the key directly in the CloudCLI web UI settings.
yaml
environment:
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}或直接在CloudCLI Web UI设置页面粘贴密钥。
Credential Persistence
凭据持久化
Credentials are stored in the bind-mounted volume:
./data/claude/ → /root/.claude/
./data/config/ → /root/.config/Credentials survive container restarts, updates, and recreation.
凭据存储在绑定挂载的卷中:
./data/claude/ → /root/.claude/
./data/config/ → /root/.config/凭据可在容器重启、更新、重建后保留。
Platform-Specific Configuration
平台特定配置
Linux (amd64/arm64) — Default
Linux(amd64/arm64)— 默认配置
yaml
undefinedyaml
undefinedNo extra config needed
无需额外配置
shm_size: 2g
undefinedshm_size: 2g
undefinedmacOS (Docker Desktop)
macOS(Docker Desktop)
yaml
undefinedyaml
undefinedWorks out of the box with Docker Desktop
配合Docker Desktop可直接使用
shm_size: 2g
undefinedshm_size: 2g
undefinedWindows (WSL2 + Docker Desktop)
Windows(WSL2 + Docker Desktop)
yaml
undefinedyaml
undefinedRequires WSL2 backend enabled in Docker Desktop
需在Docker Desktop中启用WSL2后端
shm_size: 2g
undefinedshm_size: 2g
undefinedSynology / QNAP NAS
群晖 / QNAP NAS
yaml
environment:
- CHOKIDAR_USEPOLLING=true # Fixes file watching on SMB mounts
volumes:
- /volume1/docker/holyclaude/data/claude:/root/.claude
- /volume1/docker/holyclaude/projects:/workspaceyaml
environment:
- CHOKIDAR_USEPOLLING=true # 修复SMB挂载下的文件监听问题
volumes:
- /volume1/docker/holyclaude/data/claude:/root/.claude
- /volume1/docker/holyclaude/projects:/workspaceKubernetes (ARM64 / Oracle Cloud Graviton)
Kubernetes(ARM64 / Oracle Cloud Graviton)
yaml
undefinedyaml
undefinedarm64 image is published alongside amd64
arm64镜像与amd64镜像同步发布
image: CoderLuii/HolyClaude:latest # multi-arch manifest auto-selects correct arch
---image: CoderLuii/HolyClaude:latest # 多架构清单会自动选择对应架构
---What's Inside the Container
容器内置内容
AI CLIs
AI CLI工具
| CLI | Invocation | Key Provider |
|---|---|---|
| Claude Code | | Anthropic ( |
| Gemini CLI | | Google ( |
| OpenAI Codex | | OpenAI ( |
| Cursor | | Cursor ( |
| TaskMaster AI | | Uses configured AI provider keys |
| CLI工具 | 调用命令 | 密钥提供商 |
|---|---|---|
| Claude Code | | Anthropic( |
| Gemini CLI | | Google( |
| OpenAI Codex | | OpenAI( |
| Cursor | | Cursor( |
| TaskMaster AI | | 使用已配置的AI服务商密钥 |
Headless Browser Stack
无头浏览器栈
- Chromium — pre-installed and configured
- Xvfb — virtual display on
:99 - Playwright — configured and ready
- Shared memory — pre-configured (fixes the 64MB Docker default)
shm_size: 2g
- Chromium — 预装并配置完成
- Xvfb — 虚拟显示器运行在
:99 - Playwright — 已配置就绪
- 共享内存 — 预配置(修复Docker默认64MB限制)
shm_size: 2g
Dev Tools (50+)
开发工具(50+款)
- Languages: Node.js, Python 3, TypeScript, Bun, Deno
- Package managers: npm, yarn, pnpm, pip, cargo
- Database clients: PostgreSQL, MySQL, SQLite, Redis CLI
- Cloud CLIs: AWS CLI, Google Cloud SDK, Azure CLI
- Dev tools: GitHub CLI (), Git, curl, jq, ripgrep, fd
gh - Process manager: s6-overlay (auto-restart, graceful shutdown)
- 编程语言:Node.js、Python 3、TypeScript、Bun、Deno
- 包管理器:npm、yarn、pnpm、pip、cargo
- 数据库客户端:PostgreSQL、MySQL、SQLite、Redis CLI
- 云服务CLI:AWS CLI、Google Cloud SDK、Azure CLI
- 开发工具:GitHub CLI ()、Git、curl、jq、ripgrep、fd
gh - 进程管理器:s6-overlay(自动重启、优雅关闭)
Working with Projects
项目操作
Mount your project directory
挂载你的项目目录
yaml
volumes:
- ./projects:/workspace
# Or mount a specific project:
- /path/to/my-app:/workspace/my-appyaml
volumes:
- ./projects:/workspace
# 或挂载单个项目:
- /path/to/my-app:/workspace/my-appInside the container
容器内操作
bash
undefinedbash
undefinedAccess the container shell
进入容器shell
docker exec -it holyclaude bash
docker exec -it holyclaude bash
Navigate to workspace
切换到工作区
cd /workspace
cd /workspace
Run Claude Code directly
直接运行Claude Code
claude
claude
Run other AI CLIs
运行其他AI CLI
gemini
codex
---gemini
codex
---Playwright / Headless Browser Usage
Playwright / 无头浏览器使用
Playwright is pre-configured. Use it from Claude Code tasks or directly:
typescript
// playwright.config.ts — already works inside the container
import { defineConfig } from '@playwright/test';
export default defineConfig({
use: {
// Chromium is pre-installed, no download needed
browserName: 'chromium',
launchOptions: {
args: [
'--no-sandbox',
'--disable-setuid-sandbox',
'--disable-dev-shm-usage', // Use /tmp instead of /dev/shm
],
},
},
});typescript
// Direct Playwright usage inside container
import { chromium } from 'playwright';
const browser = await chromium.launch({
args: [
'--no-sandbox',
'--disable-setuid-sandbox',
'--disable-dev-shm-usage',
],
});
const page = await browser.newPage();
await page.goto('https://example.com');
const screenshot = await page.screenshot({ path: '/workspace/screenshot.png' });
await browser.close();bash
undefinedPlaywright已预配置完成,可通过Claude Code任务或直接调用:
typescript
// playwright.config.ts — 容器内可直接使用
import { defineConfig } from '@playwright/test';
export default defineConfig({
use: {
// Chromium已预装,无需下载
browserName: 'chromium',
launchOptions: {
args: [
'--no-sandbox',
'--disable-setuid-sandbox',
'--disable-dev-shm-usage', // 使用/tmp替代/dev/shm
],
},
},
});typescript
// 容器内直接调用Playwright
import { chromium } from 'playwright';
const browser = await chromium.launch({
args: [
'--no-sandbox',
'--disable-setuid-sandbox',
'--disable-dev-shm-usage',
],
});
const page = await browser.newPage();
await page.goto('https://example.com');
const screenshot = await page.screenshot({ path: '/workspace/screenshot.png' });
await browser.close();bash
undefinedRun Playwright tests inside container
在容器内运行Playwright测试
docker exec -it holyclaude bash -c "cd /workspace && npx playwright test"
docker exec -it holyclaude bash -c "cd /workspace && npx playwright test"
Run with headed mode via Xvfb
通过Xvfb运行有界面模式
docker exec -it holyclaude bash -c "DISPLAY=:99 npx playwright test --headed"
---docker exec -it holyclaude bash -c "DISPLAY=:99 npx playwright test --headed"
---Updating HolyClaude
更新HolyClaude
bash
undefinedbash
undefinedPull latest image
拉取最新镜像
docker compose pull
docker compose pull
Recreate container with new image (zero data loss — data is in bind mounts)
使用新镜像重建容器(无数据丢失 — 数据存储在绑定卷中)
docker compose up -d
docker compose up -d
Or explicit recreation
或显式重建
docker compose down && docker compose up -d
undefineddocker compose down && docker compose up -d
undefinedPinned Version Strategy
固定版本策略
yaml
undefinedyaml
undefinedFor production: pin to a specific version
生产环境:固定到特定版本
image: CoderLuii/HolyClaude:1.2.3
image: CoderLuii/HolyClaude:1.2.3
Update by changing the tag and running:
更新时修改标签并执行:
docker compose up -d
---docker compose up -d
---Data & Persistence
数据与持久化
holyclaude/
├── docker-compose.yaml
├── data/
│ ├── claude/ # Claude credentials, .claude.json, history
│ └── config/ # CloudCLI and app configuration
└── projects/ # Your workspace (mount your code here)All credentials and config survive:
- Container restarts
docker compose down && up- Image updates via
docker compose pull - Container recreation
holyclaude/
├── docker-compose.yaml
├── data/
│ ├── claude/ # Claude凭据、.claude.json、历史记录
│ └── config/ # CloudCLI与应用配置
└── projects/ # 你的工作区(挂载代码到这里)所有凭据与配置可在以下场景保留:
- 容器重启
docker compose down && up- 通过更新镜像
docker compose pull - 容器重建
Common Patterns
常见配置模式
Pattern: Multiple Projects
模式:多项目挂载
yaml
volumes:
- ./data/claude:/root/.claude
- ./data/config:/root/.config
- ~/code/project-a:/workspace/project-a
- ~/code/project-b:/workspace/project-b
- ~/code/project-c:/workspace/project-cyaml
volumes:
- ./data/claude:/root/.claude
- ./data/config:/root/.config
- ~/code/project-a:/workspace/project-a
- ~/code/project-b:/workspace/project-b
- ~/code/project-c:/workspace/project-cPattern: Read-only API Keys via .env file
模式:通过.env文件只读存储API密钥
bash
undefinedbash
undefined.env (never commit this)
.env文件(切勿提交到版本库)
ANTHROPIC_API_KEY=sk-ant-...
GEMINI_API_KEY=AIza...
OPENAI_API_KEY=sk-...
```yamlANTHROPIC_API_KEY=sk-ant-...
GEMINI_API_KEY=AIza...
OPENAI_API_KEY=sk-...
```yamldocker-compose.yaml
docker-compose.yaml
services:
holyclaude:
env_file: .env
undefinedservices:
holyclaude:
env_file: .env
undefinedPattern: Custom Port
模式:自定义端口
yaml
ports:
- "8080:3001" # Access via http://localhost:8080yaml
ports:
- "8080:3001" # 通过http://localhost:8080访问Pattern: Remote Server Access
模式:远程服务器访问
yaml
ports:
- "0.0.0.0:3001:3001" # Accessible from networkyaml
ports:
- "0.0.0.0:3001:3001" # 允许网络内访问Then access via http://your-server-ip:3001
Recommend putting behind nginx/Caddy with HTTPS for production
生产环境建议搭配nginx/Caddy启用HTTPS
undefinedundefinedPattern: Nginx Reverse Proxy
模式:Nginx反向代理
yaml
services:
holyclaude:
image: CoderLuii/HolyClaude:latest
# Don't expose ports directly — nginx handles it
expose:
- "3001"
networks:
- web
nginx:
image: nginx:alpine
ports:
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./certs:/etc/nginx/certs
networks:
- web
networks:
web:yaml
services:
holyclaude:
image: CoderLuii/HolyClaude:latest
# 不直接暴露端口 — 由nginx处理
expose:
- "3001"
networks:
- web
nginx:
image: nginx:alpine
ports:
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./certs:/etc/nginx/certs
networks:
- web
networks:
web:Troubleshooting
故障排查
Container won't start
容器无法启动
bash
undefinedbash
undefinedCheck logs
查看日志
docker compose logs holyclaude
docker compose logs holyclaude
Check if port 3001 is already in use
检查3001端口是否被占用
lsof -i :3001
undefinedlsof -i :3001
undefinedChromium crashes / headless browser fails
Chromium崩溃 / 无头浏览器运行失败
yaml
undefinedyaml
undefinedEnsure shm_size is set (CRITICAL)
确保已设置shm_size(至关重要)
shm_size: 2g
shm_size: 2g
Ensure seccomp is unconfined
确保seccomp配置为非限制模式
security_opt:
- seccomp:unconfined
```bashsecurity_opt:
- seccomp:unconfined
```bashVerify display is available inside container
验证容器内显示器是否可用
docker exec holyclaude bash -c "echo $DISPLAY"
docker exec holyclaude bash -c "echo $DISPLAY"
Should output: :99
应输出::99
undefinedundefinedPermission denied errors on bind mounts
绑定卷权限拒绝错误
yaml
environment:
- PUID=1000 # Must match your host user: `id -u`
- PGID=1000 # Must match your host group: `id -g`bash
undefinedyaml
environment:
- PUID=1000 # 必须与你的主机用户匹配:`id -u`
- PGID=1000 # 必须与你的主机组匹配:`id -g`bash
undefinedFix existing permissions on host
修复主机上现有目录的权限
sudo chown -R 1000:1000 ./data ./projects
undefinedsudo chown -R 1000:1000 ./data ./projects
undefinedFile watching broken on NAS / SMB mounts
NAS / SMB挂载下文件监听失效
yaml
environment:
- CHOKIDAR_USEPOLLING=trueyaml
environment:
- CHOKIDAR_USEPOLLING=trueClaude Code installer hangs
Claude Code安装程序挂起
This is pre-solved in HolyClaude — the container sets the correct WORKDIR ownership. If you're building a custom image on top:
dockerfile
undefined此问题已在HolyClaude中解决 — 容器已设置正确的WORKDIR权限。如果你在其基础上构建自定义镜像:
dockerfile
undefinedEnsure WORKDIR is not root-owned before running Claude Code installer
在运行Claude Code安装程序前,确保WORKDIR非root所有
RUN chown -R node:node /app
WORKDIR /app
undefinedRUN chown -R node:node /app
WORKDIR /app
undefinedSQLite locks on NAS mount
NAS挂载下SQLite锁问题
yaml
volumes:
# Move SQLite databases to a local volume, not NAS mount
- holyclaude-db:/root/.local/share/holyclaude
- /nas/mount:/workspace # NAS mount only for project files
volumes:
holyclaude-db:yaml
volumes:
# 将SQLite数据库移动到本地卷,而非NAS挂载
- holyclaude-db:/root/.local/share/holyclaude
- /nas/mount:/workspace # NAS仅挂载项目文件
volumes:
holyclaude-db:Claude Code authentication lost after restart
重启后Claude Code认证信息丢失
yaml
undefinedyaml
undefinedEnsure this volume is mounted (credentials live here)
确保已挂载此卷(凭据存储在这里)
volumes:
- ./data/claude:/root/.claude
undefinedvolumes:
- ./data/claude:/root/.claude
undefinedProcess keeps dying / not restarting
进程持续终止 / 无法重启
HolyClaude uses s6-overlay for process supervision. Check service status:
bash
docker exec holyclaude s6-svstat /run/service/cloudcli
docker exec holyclaude s6-svstat /run/service/xvfbHolyClaude使用s6-overlay进行进程管理。检查服务状态:
bash
docker exec holyclaude s6-svstat /run/service/cloudcli
docker exec holyclaude s6-svstat /run/service/xvfbBuilding Locally
本地构建
bash
git clone https://github.com/CoderLuii/HolyClaude.git
cd HolyClaudebash
git clone https://github.com/CoderLuii/HolyClaude.git
cd HolyClaudeBuild full image
构建完整镜像
docker build -t holyclaude:local .
docker build -t holyclaude:local .
Build slim image
构建精简镜像
docker build -t holyclaude:local-slim --target slim .
docker build -t holyclaude:local-slim --target slim .
Build for specific platform
为特定平台构建
docker buildx build --platform linux/arm64 -t holyclaude:arm64 .
docker buildx build --platform linux/arm64 -t holyclaude:arm64 .
Run your local build
运行本地构建的镜像
docker run -d
--name holyclaude
--shm-size=2g
-p 3001:3001
-v $(pwd)/data/claude:/root/.claude
holyclaude:local
--name holyclaude
--shm-size=2g
-p 3001:3001
-v $(pwd)/data/claude:/root/.claude
holyclaude:local
---docker run -d
--name holyclaude
--shm-size=2g
-p 3001:3001
-v $(pwd)/data/claude:/root/.claude
holyclaude:local
--name holyclaude
--shm-size=2g
-p 3001:3001
-v $(pwd)/data/claude:/root/.claude
holyclaude:local
---Quick Reference
快速参考
bash
undefinedbash
undefinedStart
启动
docker compose up -d
docker compose up -d
Stop
停止
docker compose down
docker compose down
View logs (live)
查看实时日志
docker compose logs -f holyclaude
docker compose logs -f holyclaude
Shell access
进入容器shell
docker exec -it holyclaude bash
docker exec -it holyclaude bash
Update to latest
更新到最新版本
docker compose pull && docker compose up -d
docker compose pull && docker compose up -d
Restart only the container
仅重启容器
docker compose restart holyclaude
docker compose restart holyclaude
Check resource usage
检查资源使用情况
docker stats holyclaude
undefineddocker stats holyclaude
undefined