Loading...
Loading...
Compare original and translation side by side
| Requirement | Check | Install |
|---|---|---|
| Linux (Ubuntu 22.04+) | | — |
| Docker | | |
| Node.js 20+ (22 recommended) | | |
| NVIDIA GPU (optional but recommended) | | — |
| NVIDIA API key | — | https://build.nvidia.com/settings/api-keys |
| 要求 | 检查方式 | 安装方法 |
|---|---|---|
| Linux(Ubuntu 22.04及以上) | | — |
| Docker | | |
| Node.js 20+(推荐22版本) | | |
| NVIDIA GPU(可选但推荐) | | — |
| NVIDIA API密钥 | — | https://build.nvidia.com/settings/api-keys |
undefinedundefined
If `nemoclaw` is already installed, skip to Step 4.
如果`nemoclaw`已安装,直接跳至步骤4。curl -fsSL https://nvidia.com/nemoclaw.sh | bash~/.npm-global/bin/curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt install -y nodejscurl -fsSL https://nvidia.com/nemoclaw.sh | bash~/.npm-global/bin/curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt install -y nodejscurl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh~/.local/bin/openshellcurl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh~/.local/bin/openshelldockersudo usermod -aG docker $USER
newgrp dockerdockersudo usermod -aG docker $USER
newgrp docker
**cgroup v2 fix** — required for k3s inside Docker:
```bash
**cgroup v2修复**——Docker内部运行k3s的必要配置:
```bash
This adds `"default-cgroupns-mode": "host"` to `/etc/docker/daemon.json` and restarts Docker.
**IMPORTANT**: The `nemoclaw setup-spark` command also asks for an NVIDIA API key. Have it ready (starts with `nvapi-`). Get one at https://build.nvidia.com/settings/api-keys.
该命令会在`/etc/docker/daemon.json`中添加`"default-cgroupns-mode": "host"`并重启Docker。
**重要提示**:`nemoclaw setup-spark`命令还会要求输入NVIDIA API密钥,请提前准备(密钥以`nvapi-`开头)。可在https://build.nvidia.com/settings/api-keys获取。PATH=$HOME/.npm-global/bin:$HOME/.local/bin:$PATH nemoclaw onboardclawfuser -k 8080/tcpPATH=$HOME/.npm-global/bin:$HOME/.local/bin:$PATH nemoclaw onboardclawfuser -k 8080/tcpundefinedundefinedundefinedundefinedPATH=$HOME/.npm-global/bin:$HOME/.local/bin:$PATH openshell forward start 18789 clawhttp://127.0.0.1:18789/undefinedPATH=$HOME/.npm-global/bin:$HOME/.local/bin:$PATH openshell forward start 18789 clawhttp://127.0.0.1:18789/undefined
Then visit: `http://127.0.0.1:18789/#token=<gateway-token>`
**Fix**: Update to OpenClaw v2026.3.12+ (see Updating section below).
然后访问:`http://127.0.0.1:18789/#token=<gateway-token>`
**彻底修复**:升级至OpenClaw v2026.3.12及以上版本(见下方升级章节)。cat > ~/.local/bin/nemoclaw-keepalive.sh << 'KEEPALIVE'
#!/bin/bash
export PATH="$HOME/.npm-global/bin:$HOME/.local/bin:/usr/local/bin:/usr/bin:/bin"
cleanup() { kill %1 2>/dev/null; exit 0; }
trap cleanup SIGTERM SIGINT
while true; do
fuser -k 18789/tcp 2>/dev/null; sleep 1
openshell forward start 18789 claw &
FORWARD_PID=$!; sleep 3
while kill -0 $FORWARD_PID 2>/dev/null; do
if ! curl -sf -o /dev/null --connect-timeout 3 http://127.0.0.1:18789/ 2>/dev/null; then
echo "$(date): Health check failed, restarting..."
kill $FORWARD_PID 2>/dev/null; wait $FORWARD_PID 2>/dev/null; break
fi
sleep 10
done
echo "$(date): Forward died, restarting in 3s..."; sleep 3
done
KEEPALIVE
chmod +x ~/.local/bin/nemoclaw-keepalive.shsudo tee /etc/systemd/system/nemoclaw-forward.service << 'SERVICE'
[Unit]
Description=NemoClaw Port Forward with Health Check
After=docker.service
Requires=docker.service
[Service]
Type=simple
User=$USER
Group=docker
Environment=PATH=/home/$USER/.npm-global/bin:/home/$USER/.local/bin:/usr/local/bin:/usr/bin:/bin
ExecStart=/home/$USER/.local/bin/nemoclaw-keepalive.sh
Restart=always
RestartSec=5
KillMode=control-group
[Install]
WantedBy=multi-user.target
SERVICE
sudo systemctl daemon-reload
sudo systemctl enable nemoclaw-forward
sudo systemctl start nemoclaw-forwardcat > ~/.local/bin/nemoclaw-keepalive.sh << 'KEEPALIVE'
#!/bin/bash
export PATH="$HOME/.npm-global/bin:$HOME/.local/bin:/usr/local/bin:/usr/bin:/bin"
cleanup() { kill %1 2>/dev/null; exit 0; }
trap cleanup SIGTERM SIGINT
while true; do
fuser -k 18789/tcp 2>/dev/null; sleep 1
openshell forward start 18789 claw &
FORWARD_PID=$!; sleep 3
while kill -0 $FORWARD_PID 2>/dev/null; do
if ! curl -sf -o /dev/null --connect-timeout 3 http://127.0.0.1:18789/ 2>/dev/null; then
echo "$(date): 健康检查失败,正在重启..."
kill $FORWARD_PID 2>/dev/null; wait $FORWARD_PID 2>/dev/null; break
fi
sleep 10
done
echo "$(date): 转发进程已终止,3秒后重启..."; sleep 3
done
KEEPALIVE
chmod +x ~/.local/bin/nemoclaw-keepalive.shsudo tee /etc/systemd/system/nemoclaw-forward.service << 'SERVICE'
[Unit]
Description=NemoClaw 带健康检查的端口转发服务
After=docker.service
Requires=docker.service
[Service]
Type=simple
User=$USER
Group=docker
Environment=PATH=/home/$USER/.npm-global/bin:/home/$USER/.local/bin:/usr/local/bin:/usr/bin:/bin
ExecStart=/home/$USER/.local/bin/nemoclaw-keepalive.sh
Restart=always
RestartSec=5
KillMode=control-group
[Install]
WantedBy=multi-user.target
SERVICE
sudo systemctl daemon-reload
sudo systemctl enable nemoclaw-forward
sudo systemctl start nemoclaw-forwardcloudflared tunnel route dns <tunnel-name> nemoclaw.<domain>/etc/cloudflared/config.yml - hostname: nemoclaw.<domain>
service: http://localhost:18789
originRequest:
httpHostHeader: "127.0.0.1:18789"sudo systemctl restart cloudflaredopenshell sandbox ssh-config claw > /tmp/nemoclaw-ssh-config
ssh -F /tmp/nemoclaw-ssh-config openshell-claw 'python3 -c "
import json
with open(\"/sandbox/.openclaw/openclaw.json\") as f:
config = json.load(f)
config[\"gateway\"][\"controlUi\"][\"allowedOrigins\"].append(\"https://nemoclaw.<domain>\")
config[\"gateway\"][\"trustedProxies\"] = [\"127.0.0.1\", \"::1\", \"172.0.0.0/8\", \"10.0.0.0/8\"]
config[\"gateway\"][\"allowRealIpFallback\"] = True
with open(\"/sandbox/.openclaw/openclaw.json\", \"w\") as f:
json.dump(config, f, indent=2)
print(\"Done. Token:\", config[\"gateway\"][\"auth\"][\"token\"])
"'https://nemoclaw.<domain>/#token=<gateway-token>cloudflared tunnel route dns <tunnel-name> nemoclaw.<domain>/etc/cloudflared/config.yml - hostname: nemoclaw.<domain>
service: http://localhost:18789
originRequest:
httpHostHeader: "127.0.0.1:18789"sudo systemctl restart cloudflaredopenshell sandbox ssh-config claw > /tmp/nemoclaw-ssh-config
ssh -F /tmp/nemoclaw-ssh-config openshell-claw 'python3 -c "
import json
with open(\"/sandbox/.openclaw/openclaw.json\") as f:
config = json.load(f)
config[\"gateway\"][\"controlUi\"][\"allowedOrigins\"].append(\"https://nemoclaw.<domain>\")
config[\"gateway\"][\"trustedProxies\"] = [\"127.0.0.1\", \"::1\", \"172.0.0.0/8\", \"10.0.0.0/8\"]
config[\"gateway\"][\"allowRealIpFallback\"] = True
with open(\"/sandbox/.openclaw/openclaw.json\", \"w\") as f:
json.dump(config, f, indent=2)
print(\"配置完成。令牌:\", config[\"gateway\"][\"auth\"][\"token\"])
"'https://nemoclaw.<domain>/#token=<gateway-token>/sandbox/.openclaw/skills/<name>/SKILL.mdssh -F /tmp/nemoclaw-ssh-config openshell-claw
mkdir -p /sandbox/.openclaw/skills/my-skill
cat > /sandbox/.openclaw/skills/my-skill/SKILL.md << 'EOF'
---
name: my-skill
description: What this skill does.
tools: [exec, read, write]
---/sandbox/.openclaw/skills/<name>/SKILL.mdssh -F /tmp/nemoclaw-ssh-config openshell-claw
mkdir -p /sandbox/.openclaw/skills/my-skill
cat > /sandbox/.openclaw/skills/my-skill/SKILL.md << 'EOF'
---
name: my-skill
description: 该Skill的功能说明。
tools: [exec, read, write]
---
Verify with: `openclaw skills list`
通过以下命令验证:`openclaw skills list`/sandbox/.openclaw/workspace/USER.md/sandbox/.openclaw/workspace/TOOLS.md/sandbox/.openclaw/workspace/SOUL.md/sandbox/.openclaw/workspace/USER.md/sandbox/.openclaw/workspace/TOOLS.md/sandbox/.openclaw/workspace/SOUL.mdundefinedundefined
**Note**: Sandbox network policies block npm/PyPI inside the sandbox. Updates must be done by rebuilding.
**注意**:沙箱的网络策略会阻止内部访问npm/PyPI,因此必须通过重建沙箱来完成升级。| Issue | Cause | Fix |
|---|---|---|
| Docker service stopped or user not in docker group | |
| Docker not configured for cgroupns=host | |
| Port 8080 in use | Another service on that port | |
| Not in PATH | |
| Bug in OpenClaw ≤ v2026.3.11 | Append |
| Token changed after sandbox rebuild | Get new token from sandbox config |
| Rate limited from old token attempts | Restart gateway: |
| Domain not in allowedOrigins | Add to |
| Port 18789 not responding | SSH tunnel died | |
| npm 403 Forbidden inside sandbox | Network policy blocking TLS | Cannot install packages inside sandbox — rebuild instead |
| Wrong Cloudflare account/cert | Check |
| Error 502 on Cloudflare | Tunnel connections dropped | |
| Assets 404 via Cloudflare | Browser not authenticated for sub-requests | Hard refresh (Ctrl+Shift+R) after Cloudflare Access login |
| 问题 | 原因 | 解决方法 |
|---|---|---|
| Docker服务未启动或用户不在docker用户组 | |
| Docker未配置cgroupns=host | |
| 8080端口被占用 | 其他服务占用了该端口 | |
| 命令不在PATH中 | 执行 |
| OpenClaw ≤ v2026.3.11版本的已知Bug | 在URL后追加 |
| 重建沙箱后令牌已变更 | 从沙箱配置中获取新令牌 |
| 旧令牌尝试导致的速率限制 | 重启网关: |
| 域名未在allowedOrigins列表中 | 将域名添加到沙箱配置的 |
| 18789端口无响应 | SSH隧道已断开 | |
| 沙箱内npm 403 Forbidden错误 | 网络策略阻止了TLS访问 | 无法在沙箱内安装包——需重建沙箱 |
DNS路由提示 | Cloudflare账户/证书不匹配 | 检查 |
| Cloudflare返回502错误 | 隧道连接中断 | |
| 通过Cloudflare访问时资源404 | 浏览器未对子请求进行身份验证 | 登录Cloudflare Access后强制刷新页面(Ctrl+Shift+R) |
Docker (openshell-cluster-<name>)
└─ k3s cluster
├─ NVIDIA device plugin
└─ OpenShell sandbox
├─ OpenClaw agent
├─ NemoClaw plugin
├─ Gateway (WebSocket + REST)
└─ Workspace (SOUL.md, USER.md, TOOLS.md, skills/)
Port forward (systemd): localhost:18789 ←SSH tunnel→ sandbox:18789
Cloudflare Tunnel (optional): nemoclaw.domain → localhost:18789Docker (openshell-cluster-<name>)
└─ k3s集群
├─ NVIDIA设备插件
└─ OpenShell沙箱
├─ OpenClaw代理
├─ NemoClaw插件
├─ 网关(WebSocket + REST)
└─ 工作区(SOUL.md, USER.md, TOOLS.md, skills/)
端口转发(systemd):localhost:18789 ←SSH隧道→ sandbox:18789
Cloudflare Tunnel(可选):nemoclaw.domain → localhost:18789