--- title: Docker Runtime description: This is the default Runtime that's used when you start OpenHands. --- This is the default Runtime that's used when you start OpenHands. ## Image The `SANDBOX_RUNTIME_CONTAINER_IMAGE` from nikolaik is a pre-built runtime image that contains our Runtime server, as well as some basic utilities for Python and NodeJS. You can also [build your own runtime image](../how-to/custom-sandbox-guide). ## Connecting to Your filesystem A useful feature is the ability to connect to your local filesystem. To mount your filesystem into the runtime: ### Using SANDBOX_VOLUMES The simplest way to mount your local filesystem is to use the `SANDBOX_VOLUMES` environment variable: ```bash export SANDBOX_VOLUMES=/path/to/your/code:/workspace:rw docker run # ... -e SANDBOX_USER_ID=$(id -u) \ -e SANDBOX_VOLUMES=$SANDBOX_VOLUMES \ # ... ``` The `SANDBOX_VOLUMES` format is `host_path:container_path[:mode]` where: - `host_path`: The path on your host machine that you want to mount. - `container_path`: The path inside the container where the host path will be mounted. - Use `/workspace` for files you want the agent to modify. The agent works in `/workspace` by default. - Use a different path (e.g., `/data`) for read-only reference materials or large datasets. - `mode`: Optional mount mode, either `rw` (read-write, default) or `ro` (read-only). You can also specify multiple mounts by separating them with commas (`,`): ```bash export SANDBOX_VOLUMES=/path1:/workspace/path1,/path2:/workspace/path2:ro ``` Examples: ```bash # Linux and Mac Example - Writable workspace export SANDBOX_VOLUMES=$HOME/OpenHands:/workspace:rw # WSL on Windows Example - Writable workspace export SANDBOX_VOLUMES=/mnt/c/dev/OpenHands:/workspace:rw # Read-only reference code example export SANDBOX_VOLUMES=/path/to/reference/code:/data:ro # Multiple mounts example - Writable workspace with read-only reference data export SANDBOX_VOLUMES=$HOME/projects:/workspace:rw,/path/to/large/dataset:/data:ro ``` ### Using WORKSPACE_* variables (Deprecated) > **Note:** This method is deprecated and will be removed in a future version. Please use `SANDBOX_VOLUMES` instead. 1. Set `WORKSPACE_BASE`: ```bash export WORKSPACE_BASE=/path/to/your/code ``` 2. Add the following options to the `docker run` command: ```bash docker run # ... -e SANDBOX_USER_ID=$(id -u) \ -e WORKSPACE_MOUNT_PATH=$WORKSPACE_BASE \ -v $WORKSPACE_BASE:/opt/workspace_base \ # ... ``` Be careful! There's nothing stopping the OpenHands agent from deleting or modifying any files that are mounted into its workspace. The `-e SANDBOX_USER_ID=$(id -u)` is passed to the Docker command to ensure the sandbox user matches the host user’s permissions. This prevents the agent from creating root-owned files in the mounted workspace. ## Hardened Docker Installation When deploying OpenHands in environments where security is a priority, you should consider implementing a hardened Docker configuration. This section provides recommendations for securing your OpenHands Docker deployment beyond the default configuration. ### Security Considerations The default Docker configuration in the README is designed for ease of use on a local development machine. If you're running on a public network (e.g. airport WiFi), you should implement additional security measures. ### Network Binding Security By default, OpenHands binds to all network interfaces (`0.0.0.0`), which can expose your instance to all networks the host is connected to. For a more secure setup: 1. **Restrict Network Binding**: Use the `runtime_binding_address` configuration to restrict which network interfaces OpenHands listens on: ```bash docker run # ... -e SANDBOX_RUNTIME_BINDING_ADDRESS=127.0.0.1 \ # ... ``` This configuration ensures OpenHands only listens on the loopback interface (`127.0.0.1`), making it accessible only from the local machine. 2. **Secure Port Binding**: Modify the `-p` flag to bind only to localhost instead of all interfaces: ```bash docker run # ... \ -p 127.0.0.1:3000:3000 \ ``` This ensures that the OpenHands web interface is only accessible from the local machine, not from other machines on the network. ### Network Isolation Use Docker's network features to isolate OpenHands: ```bash # Create an isolated network docker network create openhands-network # Run OpenHands in the isolated network docker run # ... \ --network openhands-network \ ```