亮点
docker-compose.yml
---------------------- 容器启动 ---------------------
docker compose run --rm hermes-agent setup # 程序设置
docker compose run --rm hermes-agent setup model # 模型设置
docker compose run --rm hermes-agent hermes config # 查看配置
docker compose run --rm hermes-agent hermes config edit # 修改配置
docker compose up -d # 正式运行:agent默认gateway run模式,即连接聊天工具,而不是监听端口api服务
---------------------- 服务命令 ---------------------
docker exec -it hermes-agent /opt/hermes/docker/entrypoint.sh --help # 服务命令帮助
docker exec -it hermes-agent /opt/hermes/docker/entrypoint.sh hermes # 手动cli
docker exec -it hermes-agent /opt/hermes/docker/entrypoint.sh setup
---------------------- 权限检查 ---------------------
docker exec -it hermes-agent id # 容器用户id
docker exec -it hermes-dashboard id # 容器用户id
docker exec -it hermes-webui id # 容器用户id
id # 宿主机用户id
---------------------- 端口检查 ---------------------
docker exec -it hermes-agent cat /proc/net/tcp # 二进制,看不懂
docker exec -u root -it hermes-agent apt install -y iproute2 net-tools # 安装增强工具
docker exec -it hermes-agent ss -tulnp # 查看监听服务
docker exec -it hermes-agent ss -antp # 查看网络连接
docker exec -u root -it hermes-dashboard apt install -y iproute2 net-tools
docker exec -it hermes-dashboard ss -tulnp
docker exec -it hermes-dashboard ss -antp
----------------------- 机器人检查 -------------------
docker exec -it hermes-agent curl -v https://api.telegram.org/bot8643191526:xxxxxxxx/getMe
# wget https://raw.githubusercontent.com/nesquena/hermes-webui/refs/heads/master/docker-compose.three-container.yml
# mkdir -p data/home data/src data/workspace/chat
services:
hermes-agent:
image: nousresearch/hermes-agent:v2026.4.30
container_name: hermes-agent
command: gateway run
volumes:
- ./data/data:/opt/data
# - ./data/src:/opt/hermes # 这个会有问题
- /etc/localtime:/etc/localtime:ro
environment:
- TZ=Asia/Shanghai-
- HTTP_PROXY=http://192.168.1.120:7890
- HTTPS_PROXY=http://192.168.1.120:7890
- HTTPS_PROXY=socks5://192.168.1.120:7890
# - HERMES_HOME=/home/hermes/.hermes # 默认/opt/data
# - API_SERVER_HOST=0.0.0.0
# - API_SERVER_KEY=${API_SERVER_KEY}
- HERMES_UID=${UID:-1000} # 云服务器的ghost用户是1001
- HERMES_GID=${GID:-1000}
- HERMES_HOME_MODE=0750
- GATEWAY_ALLOW_ALL_USERS=false
- TELEGRAM_ALLOWED_USERS=7355686543 # 来自@userinfobot,接收白名单,多个id逗号隔开,但建议用户隔离
- TELEGRAM_BOT_TOKEN=xxxxxxxo # 来自@botfather, 加载主机器人
- TELEGRAM_BOT_TOKEN_H02=0987654321:工作Bot的Token # 加载副机器人
- TELEGRAM_BOT_TOKEN_H03=1122334455:个人Bot的Token # 加载副机器人
restart: unless-stopped
deploy:
resources:
limits:
memory: 4G
cpus: "2.0"
networks:
- ghost_net
hermes-dashboard:
image: nousresearch/hermes-agent:v2026.4.30
container_name: hermes-dashboard
restart: unless-stopped
networks:
- ghost_net
depends_on:
- hermes-agent
volumes:
- ./data/data:/opt/data
- /etc/localtime:/etc/localtime:ro
environment:
- HERMES_UID=${HERMES_UID:-1000}
- HERMES_GID=${HERMES_GID:-1000}
- TZ=Asia/Shanghai
command: ["dashboard", "--host", "0.0.0.0", "--insecure", "--no-open"]
# hermes-webui:
# image: ghcr.io/nesquena/hermes-webui:0.50.3
# container_name: hermes-webui
# depends_on:
# - hermes-agent
# volumes:
# - ./data/data:/home/hermeswebui/.hermes
# - ./data/src:/home/hermeswebui/.hermes/hermes-agent
# - ./data/workspace:/workspace
# - /etc/localtime:/etc/localtime:ro
# environment:
# - TZ=Asia/Shanghai
# - HERMES_WEBUI_HOST=0.0.0.0
# - HERMES_WEBUI_PORT=8787
# - HERMES_WEBUI_STATE_DIR=/home/hermeswebui/.hermes/webui
# - WANTED_UID=${UID:-1000}
# - WANTED_GID=${GID:-1000}
# - HERMES_WEBUI_PASSWORD=your-secret-password
# # - HERMES_SKIP_CHMOD=1
# # - HERMES_HOME_MODE=0640
# restart: unless-stopped
# networks:
# - ghost_net
networks:
ghost_net:
external: true
hermes.conf
# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /www/nginx/data/localssl/hermes.key -out /www/nginx/data/localssl/hermes.crt -subj "/C=CN/CN=hermes.kc.com" -addext "subjectAltName = DNS:hermes.kc.com"
# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /www/nginx/data/localssl/dashboard.key -out /www/nginx/data/localssl/dashboard.crt -subj "/C=CN/CN=dashboard.kc.com" -addext "subjectAltName = DNS:dashboard.kc.com"
# 1. HTTP 自动跳转 HTTPS
server {
listen 80;
server_name hermes.kc.com dashboard.kc.com;
return 301 https://$host$request_uri;
}
# 2. HTTPS 核心配置
server {
listen 443 ssl;
server_name hermes.kc.com;
# 证书文件路径(记得在 docker 中映射这两个文件)
ssl_certificate /etc/localssl/hermes.crt;
ssl_certificate_key /etc/localssl/hermes.key;
# 推荐的 SSL 基础优化
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://hermes-webui:8787;
# 核心:告知后端现在是 https 环境
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 增加上传限制(如果 Agent 需要处理大文件)
client_max_body_size 50M;
}
}
server {
listen 443 ssl;
server_name dashboard.kc.com;
# 证书文件路径(记得在 docker 中映射这两个文件)
ssl_certificate /etc/localssl/dashboard.crt;
ssl_certificate_key /etc/localssl/dashboard.key;
# 推荐的 SSL 基础优化
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://hermes-agent:9119;
# 核心:告知后端现在是 https 环境
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 增加上传限制(如果 Agent 需要处理大文件)
client_max_body_size 50M;
}
}
entrypoint.sh
vm-alpine:/www/hermes$ docker exec -it hermes-agent /opt/hermes/docker/entrypoint.sh --help
Fixing ownership of /opt/data to hermes (1000)
Dropping root privileges
Syncing bundled skills into ~/.hermes/skills/ ...
Done: 0 new, 0 updated, 87 unchanged. 87 total bundled.
usage: hermes [-h] [--version] [-z PROMPT] [-m MODEL] [--provider PROVIDER] [-t TOOLSETS] [--resume SESSION] [--continue [SESSION_NAME]] [--worktree] [--accept-hooks] [--skills SKILLS]
[--yolo] [--pass-session-id] [--ignore-user-config] [--ignore-rules] [--tui] [--dev]
{chat,model,fallback,gateway,setup,whatsapp,slack,login,logout,auth,status,cron,webhook,hooks,doctor,dump,debug,backup,import,config,pairing,skills,plugins,curator,memory,tools,mcp,sessions,insights,claw,version,update,uninstall,acp,profile,completion,dashboard,logs} ...
Hermes Agent - AI assistant with tool-calling capabilities
positional arguments:
{chat,model,fallback,gateway,setup,whatsapp,slack,login,logout,auth,status,cron,webhook,hooks,doctor,dump,debug,backup,import,config,pairing,skills,plugins,curator,memory,tools,mcp,sessions,insights,claw,version,update,uninstall,acp,profile,completion,dashboard,logs}
Command to run
chat Interactive chat with the agent
model Select default model and provider
fallback Manage fallback providers (tried when the primary model fails)
gateway Messaging gateway management
setup Interactive setup wizard
whatsapp Set up WhatsApp integration
slack Slack integration helpers (manifest generation, etc.)
login Authenticate with an inference provider
logout Clear authentication for an inference provider
auth Manage pooled provider credentials
status Show status of all components
cron Cron job management
webhook Manage dynamic webhook subscriptions
hooks Inspect and manage shell-script hooks
doctor Check configuration and dependencies
dump Dump setup summary for support/debugging
debug Debug tools — upload logs and system info for support
backup Back up Hermes home directory to a zip file
import Restore a Hermes backup from a zip file
config View and edit configuration
pairing Manage DM pairing codes for user authorization
skills Search, install, configure, and manage skills
plugins Manage plugins — install, update, remove, list
curator Background skill maintenance (curator) — status, run, pause, pin
memory Configure external memory provider
tools Configure which tools are enabled per platform
mcp Manage MCP servers and run Hermes as an MCP server
sessions Manage session history (list, rename, export, prune, delete)
insights Show usage insights and analytics
claw OpenClaw migration tools
version Show version information
update Update Hermes Agent to the latest version
uninstall Uninstall Hermes Agent
acp Run Hermes Agent as an ACP (Agent Client Protocol) server
profile Manage profiles — multiple isolated Hermes instances
completion Print shell completion script (bash, zsh, or fish)
dashboard Start the web UI dashboard
logs View and filter Hermes log files
options:
-h, --help show this help message and exit
--version, -V Show version and exit
-z, --oneshot PROMPT One-shot mode: send a single prompt and print ONLY the final response text to stdout. No banner, no spinner, no tool previews, no session_id line. Tools, memory,
rules, and AGENTS.md in the CWD are loaded as normal; approvals are auto-bypassed. Intended for scripts / pipes.
-m, --model MODEL Model override for this invocation (e.g. anthropic/claude-sonnet-4.6). Applies to -z/--oneshot and --tui. Also settable via HERMES_INFERENCE_MODEL env var.
--provider PROVIDER Provider override for this invocation (e.g. openrouter, anthropic). Applies to -z/--oneshot and --tui. Also settable via HERMES_INFERENCE_PROVIDER env var.
-t, --toolsets TOOLSETS
Comma-separated toolsets to enable for this invocation. Applies to -z/--oneshot and --tui.
--resume, -r SESSION Resume a previous session by ID or title
--continue, -c [SESSION_NAME]
Resume a session by name, or the most recent if no name given
--worktree, -w Run in an isolated git worktree (for parallel agents)
--accept-hooks Auto-approve any unseen shell hooks declared in config.yaml without a TTY prompt. Equivalent to HERMES_ACCEPT_HOOKS=1 or hooks_auto_accept: true in config.yaml. Use
on CI / headless runs that can't prompt.
--skills, -s SKILLS Preload one or more skills for the session (repeat flag or comma-separate)
--yolo Bypass all dangerous command approval prompts (use at your own risk)
--pass-session-id Include the session ID in the agent's system prompt
--ignore-user-config Ignore ~/.hermes/config.yaml and fall back to built-in defaults (credentials in .env are still loaded)
--ignore-rules Skip auto-injection of AGENTS.md, SOUL.md, .cursorrules, memory, and preloaded skills
--tui Launch the modern TUI instead of the classic REPL
--dev With --tui: run TypeScript sources via tsx (skip dist build)
Examples:
hermes Start interactive chat
hermes chat -q "Hello" Single query mode
hermes -c Resume the most recent session
hermes -c "my project" Resume a session by name (latest in lineage)
hermes --resume <session_id> Resume a specific session by ID
hermes setup Run setup wizard
hermes logout Clear stored authentication
hermes auth add <provider> Add a pooled credential
hermes auth list List pooled credentials
hermes auth remove <p> <t> Remove pooled credential by index, id, or label
hermes auth reset <provider> Clear exhaustion status for a provider
hermes model Select default model
hermes fallback [list] Show fallback provider chain
hermes fallback add Add a fallback provider (same picker as `hermes model`)
hermes fallback remove Remove a fallback provider from the chain
hermes config View configuration
hermes config edit Edit config in $EDITOR
hermes config set model gpt-4 Set a config value
hermes gateway Run messaging gateway
hermes -s hermes-agent-dev,github-auth
hermes -w Start in isolated git worktree
hermes gateway install Install gateway background service
hermes sessions list List past sessions
hermes sessions browse Interactive session picker
hermes sessions rename ID T Rename/title a session
hermes logs View agent.log (last 50 lines)
hermes logs -f Follow agent.log in real time
hermes logs errors View errors.log
hermes logs --since 1h Lines from the last hour
hermes debug share Upload debug report for support
hermes update Update to latest version
For more help on a command:
hermes <command> --help