OpenClaw Installation Guide (Part 1): npm, Docker, Nix & Local Deployment
OpenClaw offers 6 local installation methods: installer script, npm, Docker, Podman, Nix, and Bun, plus Raspberry Pi deployment and building from source.
#docker
12 postsOpenClaw Sandbox Mechanism: Docker, SSH, and OpenShell
OpenClaw's sandbox has three layers of control: Sandbox determines where code runs (Docker/SSH/OpenShell), Tool Policy determines which tools are available, and Elevated is the host escape hatch for exec.
Docker in Practice: Containerizing from Development to Deployment
Docker lets you bundle your application together with its environment, eliminating the 'works on my machine' problem. Combined with multi-stage builds and Compose, it's an essential tool for modern backend deployment.
False positives in Node.js image vulnerability scans? Separate app packages from npm built-ins first
When reviewing vulnerability scan results for a Node.js Docker image, you can't just look at package names. First distinguish between project dependencies and the packages bundled with npm inside the base image — otherwise you'll fix the wrong thing.
What Is Vulnerability Scanning? A Quick Intro to Docker and Package Scanning with Trivy
Vulnerability scanning isn't just about generating reports — it helps you discover known risks in your system before they become incidents. This post uses Trivy as a hands-on example to explain what scanners actually look for, how to read the results, and how to get started.
docker restart Does Not Re-apply Volumes — Debugging a Bind Mount Failure
docker restart does not recreate the container, so changes to volumes in docker-compose.yml only take effect after running docker-compose down && up.
nginx 502: Debugging Cross-Compose Container DNS Resolution
Service names aren't resolvable across Compose projects — you need to add a network alias so nginx can find the container.
Docker DNS Resolution: container_name vs network alias
Cross-project DNS resolution requires container_name or a network alias — and only aliases support horizontal scaling.
nginx Restarted Fine, but Cloudflare Keeps Returning 502 — Even Though the Origin Is Healthy
A brief error during nginx restart caused Cloudflare to mark the origin as unhealthy and stop forwarding requests, returning 502 on its own. The key clues: localhost hits to the origin return 200, and nginx access logs are completely empty. Just wait for Cloudflare to automatically re-check the origin — it recovers on its own.
Managing Multi-Service Reverse Proxy with nginx conf.d: A Daodao Case Study
A monolithic nginx.conf becomes unwieldy as services grow. Splitting it into per-service files under conf.d/ via include is the standard solution.
nginx First Request Always 502, All Subsequent Requests Fine
When nginx uses the `set $variable` pattern for dynamic upstreams, the DNS cache expires every 30 seconds — the first request after expiry hits a 502 because no IP is available. Upgrading to nginx 1.27.3 and switching to an upstream block with the resolve parameter fixes this: DNS updates happen asynchronously in the background.
Downloading Files from a VPS Using SSH Config Aliases
Once SSH config is set up, scp works directly with aliases — no need to type out the full IP every time