Alfred-App/alfred-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
44ac8b6d1c63754f2d98aa2367f3a8e2a9d94989
alfred-proxy/STATUS.md
jknapp 44ac8b6d1c Initial commit: Alfred Proxy with OAuth, TTS, and FCM push notifications 
- Environment-based configuration (no hardcoded secrets)
- OAuth authentication via Authentik
- ElevenLabs TTS integration via SAG CLI
- FCM push notification support
- User preferences sync system
- Multi-user support with per-user context files
- No internal IPs or service accounts in tracked files
2026-02-09 11:13:01 -08:00

5.3 KiB
Raw Blame History

Alfred Proxy Setup Status

Completed Steps

  1. OpenClaw switched to localhost

    • Bind mode: loopback
    • Port: 18789
    • Status: Running

  2. Proxy service installed

    • Location: ~/.openclaw/workspace/alfred-proxy/
    • Configuration: .env created with Client ID
    • Dependencies: Installed

  3. Proxy running

  4. HAProxy configured

    • Subdomain: alfred-app.dnspegasus.net
    • Backend: 192.168.1.169:18790
    • SSL: Configured

⚠️ Pending: Windows Firewall

The proxy needs to be accessible from HAProxy (192.168.1.20)

Open Firewall (Run as Administrator)

Option 1: Using the batch file

  1. Open File Explorer
  2. Navigate to: \\wsl.localhost\Ubuntu-22.04\home\jknapp\.openclaw\workspace\alfred-proxy\
  3. Right-click open-firewall.bat
  4. Select "Run as administrator"

Option 2: Using PowerShell (Admin)

New-NetFirewallRule -DisplayName "Alfred Proxy" -Direction Inbound -LocalPort 18790 -Protocol TCP -Action Allow

Option 3: Using Command Prompt (Admin)

netsh advfirewall firewall add rule name="Alfred Proxy" dir=in action=allow protocol=TCP localport=18790

Verify Firewall is Open

After opening the firewall, test from HAProxy:

ssh root@192.168.1.20 'curl -s http://192.168.1.169:18790/health'

Should return:

{"status":"ok","service":"alfred-proxy"}

Testing Checklist

1. Local Tests (Already Passing )

# Proxy health
curl http://localhost:18790/health
# ✅ {"status":"ok","service":"alfred-proxy"}

# Proxy accessible on network
curl http://192.168.1.169:18790/health
# ✅ {"status":"ok","service":"alfred-proxy"}

2. HAProxy Connection (After firewall)

# From HAProxy server
ssh root@192.168.1.20 'curl -s http://192.168.1.169:18790/health'
# Should return: {"status":"ok","service":"alfred-proxy"}

# From outside (browser redirect test)
curl -I https://alfred-app.dnspegasus.net
# Should return: HTTP/2 200 with HTML redirect

3. WebSocket Test (After OAuth token)

# Get OAuth token from Authentik first
# Then test WebSocket connection:
wscat -c "wss://alfred-app.dnspegasus.net" -H "Authorization: Bearer YOUR_TOKEN"

Current Configuration

Proxy (.env)

PROXY_PORT=18790
OPENCLAW_URL=ws://127.0.0.1:18789
OPENCLAW_TOKEN=9b87d15fee3922ecfbe77b0ea1744851757cda618beceeba
AUTHENTIK_URL=https://auth.dnspegasus.net
AUTHENTIK_CLIENT_ID=QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR
REQUIRE_AUTH=true

OpenClaw Gateway

gateway.bind = "loopback"
gateway.port = 18789
gateway.auth.token = "9b87d15fee3922ecfbe77b0ea1744851757cda618beceeba"

HAProxy Backend

Server: 192.168.1.169:18790
Domain: alfred-app.dnspegasus.net

Install Proxy as Systemd Service (Recommended)

Once firewall is confirmed working, install as a service:

cd ~/.openclaw/workspace/alfred-proxy

# Install service
mkdir -p ~/.config/systemd/user
cp alfred-proxy.service ~/.config/systemd/user/

# Create override with Client ID
mkdir -p ~/.config/systemd/user/alfred-proxy.service.d
cat > ~/.config/systemd/user/alfred-proxy.service.d/override.conf << 'EOF'
[Service]
Environment="AUTHENTIK_CLIENT_ID=QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR"
EOF

# Enable and start
systemctl --user daemon-reload
systemctl --user enable alfred-proxy.service
systemctl --user start alfred-proxy.service

# Check status
systemctl --user status alfred-proxy.service

# View logs
journalctl --user -u alfred-proxy.service -f

Android App Configuration

Once the proxy is fully working, configure your Android app:

// OAuthConfig.kt
object OAuthConfig {
    const val AUTHENTIK_URL = "https://auth.dnspegasus.net"
    const val CLIENT_ID = "QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR"
    const val REDIRECT_URI = "alfredmobile://oauth/callback"
    const val SCOPE = "openid profile email"
    
    const val AUTHORIZATION_ENDPOINT = "$AUTHENTIK_URL/application/o/authorize/"
    const val TOKEN_ENDPOINT = "$AUTHENTIK_URL/application/o/token/"
    const val USERINFO_ENDPOINT = "$AUTHENTIK_URL/application/o/userinfo/"
}

// AlfredConfig.kt
object AlfredConfig {
    const val GATEWAY_URL = "wss://alfred-app.dnspegasus.net"
}

Next Steps

  1. Open Windows Firewall (see instructions above)
  2. Test HAProxy connection (verify backend is reachable)
  3. Test browser redirect (https://alfred-app.dnspegasus.net → should redirect)
  4. Install as systemd service (for auto-start)
  5. Implement OAuth in Android app (see DEPLOYMENT.md for OAuth flow)
  6. Test end-to-end (OAuth → WebSocket → OpenClaw)

Troubleshooting

Proxy won't connect to HAProxy

Check firewall:

# From HAProxy
ssh root@192.168.1.20 'curl -v http://192.168.1.169:18790/health'

If it times out, firewall is blocking.

"503 Service Unavailable" from HAProxy

HAProxy can't reach the backend. Possible causes:

  • Firewall blocking port 18790
  • Proxy not running
  • Wrong IP in HAProxy config

Invalid OAuth token

# Test token with Authentik
curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://auth.dnspegasus.net/application/o/userinfo/

Should return user info if token is valid.

Reference in New Issue View Git Blame Copy Permalink