什么是 浏览器 VPS 搭建技巧？

此技巧提供了一套完整的工作流，用于在任何 Linux VPS 上搭建专业级的浏览器自动化环境。它使 Openclaw Skills 能够在专用服务器环境中执行复杂的网页交互，如点击、填写表单和截图。通过利用 Xvfb 实现虚拟显示和 noVNC 实现基于网页的视觉访问，用户可以通过安全的 SSH 隧道实时监控 Agent 的活动，而无需向公网开放敏感端口。

该技巧专门设计用于克服常见的自动化障碍，如 snap 相关的浏览器错误和代理身份验证限制。它包含一个自定义的 Python 桥接程序来处理经过身份验证的 HTTP 代理，使其成为需要高可靠性网页爬虫、测试套件或使用 Openclaw Skills 的自主浏览 Agent 的开发者的必备工具。

下载入口:https://github.com/openclaw/skills/tree/main/skills/osipov-anton/browser-vps-setup-skill

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

浏览器 VPS 搭建技巧 应用场景

• 在远程服务器上运行持久的网页自动化任务，以节省本地资源。
• 通过本地浏览器使用 noVNC 可视化地调试 AI Agent 的交互。
• 通过经过身份验证的移动或住宅代理路由流量，以绕过地理限制或验证码。
• 部署多 Agent 浏览栈，其中 Openclaw Skills 通过 Chrome DevTools Protocol (CDP) 控制浏览器。

1. 系统安装核心 Linux 依赖项，包括用于虚拟化图形的 Xvfb、用于远程显示访问的 x11vnc 以及官方 Google Chrome 稳定版二进制文件。
2. 初始化虚拟显示缓冲区 (Xvfb)，在无头服务器上提供图形环境。
3. 在本地回环接口上启动 x11vnc 服务器和 noVNC 网页界面，以确保访问安全。
4. 启动启用远程调试的 Google Chrome，允许 Openclaw Skills 连接到浏览器会话。
5. 用户建立安全的 SSH 隧道来转发 noVNC 端口，实现加密的视觉监控。
6. (可选) 执行基于 Python 的代理桥接程序，将凭据注入传出的浏览器流量中。

浏览器 VPS 搭建技巧 配置指南

首先，安装必要的系统软件包和 Google Chrome 稳定版：

apt-get update && apt-get install -y xvfb x11vnc novnc
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -O /tmp/chrome.deb
apt-get install -y /tmp/chrome.deb || apt --fix-broken install -y

在 VPS 上初始化浏览器栈：

# 启动虚拟显示
Xvfb :99 -screen 0 1280x800x24 &
# 启动 VNC 和 noVNC
x11vnc -display :99 -forever -nopw -localhost -quiet &
websockify --web /usr/share/novnc 6080 localhost:5900 &
# 启动带远程调试的 Chrome
DISPLAY=:99 google-chrome-stable --no-sandbox --remote-debugging-port=18800 --user-data-dir=~/.openclaw/browser/openclaw/user-data --window-size=1280,800 &

通过将浏览器配置添加到 ~/.openclaw/openclaw.json 并设置 attachOnly: true 来配置本地 Openclaw Skills 环境，以连接到远程实例。

浏览器 VPS 搭建技巧 数据架构与分类体系

该技巧管理几个关键组件和文件路径，以确保在 Openclaw Skills 生态系统内的持久和可靠运行：

name: browser-vps-setup-skill
description: Set up a remote-controlled Chrome browser on a Linux VPS with noVNC visual access (via SSH tunnel) and optional authenticated HTTP proxy. Use when the user wants to run a browser on a VPS, control it remotely, view it via noVNC, or route browser traffic through a proxy.
license: MIT
compatibility: Requires apt package manager (Ubuntu/Debian), sudo/root access, internet access. Designed for OpenClaw agents.
metadata:
  author: osipov-anton
  version: "1.0"

Browser on VPS — Setup

Set up Chrome on a Linux VPS so:

• The agent can control it (open pages, click, fill forms, take screenshots) via OpenClaw browser tool
• The user can watch and interact via noVNC in their local browser (over SSH tunnel)
• Optionally: all traffic routes through an authenticated HTTP proxy (for anti-captcha)

Step 1: Install dependencies

apt-get install -y xvfb x11vnc novnc

# Install real Google Chrome (NOT snap — snap breaks automation)
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -O /tmp/chrome.deb
apt-get install -y /tmp/chrome.deb || apt --fix-broken install -y

Step 2: Start the browser stack

# Clean stale locks
rm -f /tmp/.X99-lock ~/.openclaw/browser/openclaw/user-data/SingletonLock 2>/dev/null

# Virtual display
Xvfb :99 -screen 0 1280x800x24 &
sleep 2

# VNC server (localhost only, no password)
x11vnc -display :99 -forever -nopw -localhost -quiet &
sleep 1

# noVNC web UI on port 6080 (localhost only)
websockify --web /usr/share/novnc 6080 localhost:5900 &
sleep 1

# Chrome with CDP on port 18800
DISPLAY=:99 google-chrome-stable --no-sandbox --disable-gpu r
  --remote-debugging-port=18800 r
  --user-data-dir=~/.openclaw/browser/openclaw/user-data r
  --window-size=1280,800 &

Step 3: Connect visually from your laptop

ssh -L 6080:localhost:6080 root@YOUR_VPS_IP

Then open http://localhost:6080/vnc.html → click Connect.

You'll see the Chrome window live. You and the agent control it simultaneously.

Step 4: Configure OpenClaw

In ~/.openclaw/openclaw.json add:

{
  "browser": {
    "enabled": true,
    "executablePath": "/usr/bin/google-chrome-stable",
    "attachOnly": true,
    "headless": false,
    "noSandbox": true
  }
}

Then restart: openclaw gateway restart

The agent can now use the browser tool to navigate, click, type, screenshot, etc.

Step 5 (Optional): Authenticated HTTP proxy

If you need a proxy (e.g. mobile proxy for anti-captcha), Chrome can't pass username/password in --proxy-server. Solution: run a local Python bridge that forwards with auth injected automatically.

python3 -c "
import socket, threading, base64, select

UPSTREAM_HOST = 'PROXY_IP'      # e.g. 87.236.22.82
UPSTREAM_PORT = PROXY_PORT       # e.g. 19423
USERNAME = 'PROXY_USER'
PASSWORD = 'PROXY_PASS'
LOCAL_PORT = 18801

auth = base64.b64encode(f'{USERNAME}:{PASSWORD}'.encode()).decode()

def handle(client):
    try:
        data = b''
        while b'

' not in data:
            data += client.recv(4096)
        upstream = socket.create_connection((UPSTREAM_HOST, UPSTREAM_PORT))
        if b'Proxy-Authorization' not in data:
            data = data.replace(b'

', f'
Proxy-Authorization: Basic {auth}

'.encode(), 1)
        upstream.sendall(data)
        while True:
            r, _, _ = select.select([client, upstream], [], [], 30)
            if not r: break
            for s in r:
                d = s.recv(65536)
                if not d: return
                (upstream if s is client else client).sendall(d)
    except: pass
    finally:
        try: client.close()
        except: pass
        try: upstream.close()
        except: pass

srv = socket.socket()
srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
srv.bind(('127.0.0.1', LOCAL_PORT))
srv.listen(50)
print('Local proxy on 127.0.0.1:18801')
while True:
    c, _ = srv.accept()
    threading.Thread(target=handle, args=(c,), daemon=True).start()
" &

Then restart Chrome with proxy:

pkill -9 chrome
rm -f ~/.openclaw/browser/openclaw/user-data/SingletonLock
DISPLAY=:99 google-chrome-stable --no-sandbox --disable-gpu r
  --remote-debugging-port=18800 r
  --user-data-dir=~/.openclaw/browser/openclaw/user-data r
  --window-size=1280,800 r
  --proxy-server="http://127.0.0.1:18801" &

Verify: ask the agent to open https://api.ipify.org — it should show the proxy IP, not the VPS IP.

Firewall (recommended)

ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable

noVNC (6080), VNC (5900), and CDP (18800) are all localhost-only — never exposed publicly.

After reboot

All processes (Xvfb, x11vnc, websockify, Chrome) must be restarted. Ask the agent:

"Start the browser stack on the VPS"

The agent should run Step 2 commands from this skill.