环境信息
操作系统:主流Linux版本
当前用户 UID/GID:1000 / 1000
当前未安装 Docker
第一步:安装 Docker
# 更新系统
sudo apt update
安装依赖
sudo apt install -y ca-certificates curl gnupg
添加 Docker 官方 GPG 密钥
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo tee /etc/apt/keyrings/docker.asc > /dev/null
sudo chmod a+r /etc/apt/keyrings/docker.asc
添加 Docker 仓库
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo \"$VERSION_CODENAME\") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
安装 Docker
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
将当前用户加入 docker 组(避免每次 sudo)
sudo usermod -aG docker $USER
生效(需要重新登录),或直接执行:
newgrp docker
验证安装
docker --version
docker compose version第二步:准备 .env 环境变量文件
在与 compose 文件相同的目录下创建 .env 文件:
bashCopy
cat > ~/hermes-docker/.env << 'EOF'
UID=1000
GID=1000
HERMES_UID=1000
HERMES_GID=1000
WANTED_UID=1000
WANTED_GID=1000
EOF参数说明:
HERMES_UID/HERMES_GID:hermes-agent 和 dashboard 容器内的用户 IDUID/GID:hermes-webui 容器的用户 ID(用于文件权限匹配)
第三步:创建 docker-compose.yml
在项目目录下创建 docker-compose.yml:
bashCopy
mkdir -p ~/hermes-docker
cd ~/hermes-dockerDocker-compose写入以下内容:
services:
hermes-agent:
image: nousresearch/hermes-agent:latest
container_name: hermes-agent
command: gateway run
ports:
- "8642:8642"
volumes:
# Persist config, state, sessions, skills, memory across restarts
- hermes-home:/home/hermes/.hermes
# - ./hermes-config:/home/hermes/.hermes
# Expose agent source so the WebUI can install dependencies from it
- hermes-agent-src:/opt/hermes
environment:
- HERMES_HOME=/home/hermes/.hermes
- HERMES_UID=${HERMES_UID:-10000}
- HERMES_GID=${HERMES_GID:-10000}
- OPENAI_API_KEY=sk-f2d1bf25f8bc4969af0c78c63a16f9f0
- OPENAI_BASE_URL=https://api.deepseek.com/v1
- OPENAI_MODEL=deepseek-chat
restart: unless-stopped
deploy:
resources:
limits:
memory: 4G
cpus: "2.0"
networks:
- hermes-net
hermes-dashboard:
image: nousresearch/hermes-agent:latest
container_name: hermes-dashboard
command: dashboard --host 0.0.0.0 --insecure
ports:
- "9119:9119"
volumes:
- hermes-home:/home/hermes/.hermes
environment:
- HERMES_HOME=/home/hermes/.hermes
- HERMES_UID=${HERMES_UID:-10000}
- HERMES_GID=${HERMES_GID:-10000}
# Dashboard connects to the gateway for health/session data
- GATEWAY_HEALTH_URL=http://hermes-agent:8642
depends_on:
- hermes-agent
restart: unless-stopped
deploy:
resources:
limits:
memory: 512M
cpus: "0.5"
networks:
- hermes-net
hermes-webui:
image: ghcr.io/nesquena/hermes-webui:latest
container_name: hermes-webui
depends_on:
- hermes-agent
ports:
# Expose on localhost only. Remove 127.0.0.1: to expose on all interfaces
# (set HERMES_WEBUI_PASSWORD if doing so).
- "8787:8787"
volumes:
# Same hermes home as the agent — shares config, sessions, state
- hermes-home:/home/hermeswebui/.hermes
# Agent source mounted where docker_init.bash expects it.
# At startup the init script runs:
# uv pip install /home/hermeswebui/.hermes/hermes-agent
# which installs the agent and all its Python dependencies.
- hermes-agent-src:/home/hermeswebui/.hermes/hermes-agent
# Workspace directory — browse and edit files from the WebUI.
# Adapt the host path to your project directory.
- ${HERMES_WORKSPACE:-~/workspace}:/workspace
environment:
- HERMES_WEBUI_HOST=0.0.0.0
- HERMES_WEBUI_PORT=8787
- HERMES_WEBUI_STATE_DIR=/home/hermeswebui/.hermes/webui
# Match your host user's UID/GID for correct file permissions.
# Run `id -u` and `id -g` to find your values.
# On macOS, UIDs start at 501 (not 1000) — set these in a .env file:
# echo "UID=$(id -u)" >> .env && echo "GID=$(id -g)" >> .env
- WANTED_UID=${UID:-1000}
- WANTED_GID=${GID:-1000}
- HERMES_WEBUI_PASSWORD=12345678
# 关键:使用国内镜像,解决下载超时!
- PIP_INDEX_URL=https://pypi.tuna.tsinghua.edu.cn/simple
- UV_INDEX_URL=https://pypi.tuna.tsinghua.edu.cn/simple
restart: unless-stopped
networks:
- hermes-net
networks:
hermes-net:
driver: bridge
volumes:
hermes-home:
hermes-agent-src:三容器架构
网络拓扑
hermes-webui ──┐
├── hermes-agent ◄── hermes-dashboard
hermes-dashboard
│
共享卷 hermes-home(配置/会话/记忆/技能保持一致)
共享卷 hermes-agent-src(agent 源码依赖)Copy第四步:启动服务
bashCopy
cd ~/hermes-docker
docker compose up -d首次启动会拉取三个镜像:
nousresearch/hermes-agent:latest(约 2-3GB)ghcr.io/nesquena/hermes-webui:latest(约 1GB)
查看启动状态:
docker compose ps
docker compose logs -f第五步:访问 UI 界面
启动后通过浏览器访问:
第六步:日常管理
# 查看运行状态
docker compose ps
查看日志
docker compose logs -f
查看特定服务日志
docker compose logs -f hermes-webui
重启某个服务
docker compose restart hermes-webui
停止所有服务
docker compose down
停止并删除数据卷(谨慎!会清除所有配置/会话/记忆)
docker compose down -v注意事项
数据持久化:使用命名卷
hermes-home和hermes-agent-src,docker compose down 不会丢失数据,只有docker compose down -v才会删除。文件权限:所有容器通过
.env中的 UID/GID 保持一致(统一为 1000),避免容器间文件读写权限问题。资源配置:hermes-agent 限制 4G 内存 + 2 核 CPU,hermes-dashboard 512M + 0.5 核,hermes-webui 无限制。可根据实际情况在
deploy.resources.limits中调整。workspace 挂载:将宿主机的
~/workspace映射到 WebUI 容器的/workspace,可以在浏览器中浏览和编辑文件。