HAPROXY_FIX.md

# HAProxy WebSocket Configuration Fix

## Issue
WebSocket connections open but messages aren't received by the Android client.

## Root Cause
The HAProxy `defaults` section has `option http-server-close` which closes the connection after the HTTP response. This breaks WebSocket upgrade because HAProxy closes the connection before it can be upgraded to the WebSocket protocol.

## Solution
Add `no option http-server-close` to the `alfred_mobile_app-backend` backend to override the default and keep the connection open for WebSocket upgrade.

## Complete Backend Configuration

```haproxy
backend alfred_mobile_app-backend
    option forwardfor
    no option http-server-close
    timeout tunnel 3600s
    timeout server 3600s
    # Pass the real client IP to backend (from proxy headers or direct connection)
    # This is crucial for container-level logging and security tools
    http-request add-header X-CLIENT-IP %[var(txn.real_ip)]
    http-request set-header X-Real-IP %[var(txn.real_ip)]
    http-request set-header X-Forwarded-For %[var(txn.real_ip)]
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    
    server alfred_app_proxy 192.168.1.169:18790 check
```

## Changes Made

1. **Added:** `no option http-server-close`
   - Overrides the global default
   - Keeps connection open after HTTP upgrade response
   
2. **Already added:** `timeout tunnel 3600s`
   - Keeps WebSocket tunnel open for 1 hour
   
3. **Already added:** `timeout server 3600s`
   - Prevents server timeout on long connections

## Testing

After applying this change:
1. Reload HAProxy configuration
2. Kill Alfred Mobile app
3. Open app fresh
4. WebSocket should connect and receive messages
5. Connection should stay open

## Alternative: TCP Mode (if HTTP mode still has issues)

If the above doesn't work, you can switch the entire backend to TCP mode for pure passthrough:

```haproxy
backend alfred_mobile_app-backend
    mode tcp
    timeout tunnel 3600s
    timeout server 3600s
    
    server alfred_app_proxy 192.168.1.169:18790 check
```

**Note:** TCP mode loses HTTP header manipulation (X-CLIENT-IP, X-Real-IP, etc.) but guarantees WebSocket works.

## HAProxy WebSocket Documentation

From HAProxy docs:
> For WebSocket connections, use `no option http-server-close` or switch to `mode tcp` to prevent HAProxy from closing the connection after the upgrade response.

## Status

- [x] Identified issue
- [ ] Applied fix
- [ ] Tested connection
- [ ] Verified messages flow
Initial commit: Alfred Mobile - AI Assistant Android App - OAuth authentication via Authentik - WebSocket connection to OpenClaw gateway - Configurable gateway URL with first-run setup - User preferences sync across devices - Multi-user support with custom assistant names - ElevenLabs TTS integration (local + remote) - FCM push notifications for alarms - Voice input via Google Speech API - No hardcoded secrets or internal IPs in tracked files 2026-02-09 11:12:51 -08:00			`# HAProxy WebSocket Configuration Fix`

			`## Issue`
			`WebSocket connections open but messages aren't received by the Android client.`

			`## Root Cause`
			The HAProxy `defaults` section has `option http-server-close` which closes the connection after the HTTP response. This breaks WebSocket upgrade because HAProxy closes the connection before it can be upgraded to the WebSocket protocol.

			`## Solution`
			Add `no option http-server-close` to the `alfred_mobile_app-backend` backend to override the default and keep the connection open for WebSocket upgrade.

			`## Complete Backend Configuration`

			```haproxy
			`backend alfred_mobile_app-backend`
			`option forwardfor`
			`no option http-server-close`
			`timeout tunnel 3600s`
			`timeout server 3600s`
			`# Pass the real client IP to backend (from proxy headers or direct connection)`
			`# This is crucial for container-level logging and security tools`
			`http-request add-header X-CLIENT-IP %[var(txn.real_ip)]`
			`http-request set-header X-Real-IP %[var(txn.real_ip)]`
			`http-request set-header X-Forwarded-For %[var(txn.real_ip)]`
			`http-request set-header X-Forwarded-Proto https if { ssl_fc }`

			`server alfred_app_proxy 192.168.1.169:18790 check`
			```

			`## Changes Made`

			1. Added: `no option http-server-close`
			`- Overrides the global default`
			`- Keeps connection open after HTTP upgrade response`

			2. Already added: `timeout tunnel 3600s`
			`- Keeps WebSocket tunnel open for 1 hour`

			3. Already added: `timeout server 3600s`
			`- Prevents server timeout on long connections`

			`## Testing`

			`After applying this change:`
			`1. Reload HAProxy configuration`
			`2. Kill Alfred Mobile app`
			`3. Open app fresh`
			`4. WebSocket should connect and receive messages`
			`5. Connection should stay open`

			`## Alternative: TCP Mode (if HTTP mode still has issues)`

			`If the above doesn't work, you can switch the entire backend to TCP mode for pure passthrough:`

			```haproxy
			`backend alfred_mobile_app-backend`
			`mode tcp`
			`timeout tunnel 3600s`
			`timeout server 3600s`

			`server alfred_app_proxy 192.168.1.169:18790 check`
			```

			`Note: TCP mode loses HTTP header manipulation (X-CLIENT-IP, X-Real-IP, etc.) but guarantees WebSocket works.`

			`## HAProxy WebSocket Documentation`

			`From HAProxy docs:`
			> For WebSocket connections, use `no option http-server-close` or switch to `mode tcp` to prevent HAProxy from closing the connection after the upgrade response.

			`## Status`

			`- [x] Identified issue`
			`- [ ] Applied fix`
			`- [ ] Tested connection`
			`- [ ] Verified messages flow`