Alfred-App/alfred-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
44ac8b6d1c63754f2d98aa2367f3a8e2a9d94989
alfred-proxy/STATUS.md
jknapp 44ac8b6d1c Initial commit: Alfred Proxy with OAuth, TTS, and FCM push notifications 
- Environment-based configuration (no hardcoded secrets)
- OAuth authentication via Authentik
- ElevenLabs TTS integration via SAG CLI
- FCM push notification support
- User preferences sync system
- Multi-user support with per-user context files
- No internal IPs or service accounts in tracked files
2026-02-09 11:13:01 -08:00

221 lines
5.3 KiB
Markdown
Raw Blame History

# Alfred Proxy Setup Status
## ✅ Completed Steps
1. **OpenClaw switched to localhost**
- Bind mode: `loopback`
- Port: `18789`
- Status: Running
2. **Proxy service installed**
- Location: `~/.openclaw/workspace/alfred-proxy/`
- Configuration: `.env` created with Client ID
- Dependencies: Installed
3. **Proxy running**
- Port: `18790`
- Health check: http://localhost:18790/health → OK
- OpenClaw connection: Configured
4. **HAProxy configured**
- Subdomain: `alfred-app.dnspegasus.net`
- Backend: `192.168.1.169:18790`
- SSL: Configured
## ⚠️ Pending: Windows Firewall
**The proxy needs to be accessible from HAProxy (192.168.1.20)**
### Open Firewall (Run as Administrator)
**Option 1: Using the batch file**
1. Open File Explorer
2. Navigate to: `\\wsl.localhost\Ubuntu-22.04\home\jknapp\.openclaw\workspace\alfred-proxy\`
3. Right-click `open-firewall.bat`
4. Select **"Run as administrator"**
**Option 2: Using PowerShell (Admin)**
```powershell
New-NetFirewallRule -DisplayName "Alfred Proxy" -Direction Inbound -LocalPort 18790 -Protocol TCP -Action Allow
```
**Option 3: Using Command Prompt (Admin)**
```cmd
netsh advfirewall firewall add rule name="Alfred Proxy" dir=in action=allow protocol=TCP localport=18790
```
### Verify Firewall is Open
After opening the firewall, test from HAProxy:
```bash
ssh root@192.168.1.20 'curl -s http://192.168.1.169:18790/health'
```
Should return:
```json
{"status":"ok","service":"alfred-proxy"}
```
---
## Testing Checklist
### 1. Local Tests (Already Passing ✅)
```bash
# Proxy health
curl http://localhost:18790/health
# ✅ {"status":"ok","service":"alfred-proxy"}
# Proxy accessible on network
curl http://192.168.1.169:18790/health
# ✅ {"status":"ok","service":"alfred-proxy"}
```
### 2. HAProxy Connection (After firewall)
```bash
# From HAProxy server
ssh root@192.168.1.20 'curl -s http://192.168.1.169:18790/health'
# Should return: {"status":"ok","service":"alfred-proxy"}
# From outside (browser redirect test)
curl -I https://alfred-app.dnspegasus.net
# Should return: HTTP/2 200 with HTML redirect
```
### 3. WebSocket Test (After OAuth token)
```bash
# Get OAuth token from Authentik first
# Then test WebSocket connection:
wscat -c "wss://alfred-app.dnspegasus.net" -H "Authorization: Bearer YOUR_TOKEN"
```
---
## Current Configuration
### Proxy (.env)
```
PROXY_PORT=18790
OPENCLAW_URL=ws://127.0.0.1:18789
OPENCLAW_TOKEN=9b87d15fee3922ecfbe77b0ea1744851757cda618beceeba
AUTHENTIK_URL=https://auth.dnspegasus.net
AUTHENTIK_CLIENT_ID=QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR
REQUIRE_AUTH=true
```
### OpenClaw Gateway
```
gateway.bind = "loopback"
gateway.port = 18789
gateway.auth.token = "9b87d15fee3922ecfbe77b0ea1744851757cda618beceeba"
```
### HAProxy Backend
```
Server: 192.168.1.169:18790
Domain: alfred-app.dnspegasus.net
```
---
## Install Proxy as Systemd Service (Recommended)
Once firewall is confirmed working, install as a service:
```bash
cd ~/.openclaw/workspace/alfred-proxy
# Install service
mkdir -p ~/.config/systemd/user
cp alfred-proxy.service ~/.config/systemd/user/
# Create override with Client ID
mkdir -p ~/.config/systemd/user/alfred-proxy.service.d
cat > ~/.config/systemd/user/alfred-proxy.service.d/override.conf << 'EOF'
[Service]
Environment="AUTHENTIK_CLIENT_ID=QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR"
EOF
# Enable and start
systemctl --user daemon-reload
systemctl --user enable alfred-proxy.service
systemctl --user start alfred-proxy.service
# Check status
systemctl --user status alfred-proxy.service
# View logs
journalctl --user -u alfred-proxy.service -f
```
---
## Android App Configuration
Once the proxy is fully working, configure your Android app:
```kotlin
// OAuthConfig.kt
object OAuthConfig {
const val AUTHENTIK_URL = "https://auth.dnspegasus.net"
const val CLIENT_ID = "QeSNaZPqZUz5pPClZMA2bakSsddkStiEhqbE4QZR"
const val REDIRECT_URI = "alfredmobile://oauth/callback"
const val SCOPE = "openid profile email"
const val AUTHORIZATION_ENDPOINT = "$AUTHENTIK_URL/application/o/authorize/"
const val TOKEN_ENDPOINT = "$AUTHENTIK_URL/application/o/token/"
const val USERINFO_ENDPOINT = "$AUTHENTIK_URL/application/o/userinfo/"
}
// AlfredConfig.kt
object AlfredConfig {
const val GATEWAY_URL = "wss://alfred-app.dnspegasus.net"
}
```
---
## Next Steps
1. **Open Windows Firewall** (see instructions above)
2. **Test HAProxy connection** (verify backend is reachable)
3. **Test browser redirect** (https://alfred-app.dnspegasus.net → should redirect)
4. **Install as systemd service** (for auto-start)
5. **Implement OAuth in Android app** (see DEPLOYMENT.md for OAuth flow)
6. **Test end-to-end** (OAuth → WebSocket → OpenClaw)
---
## Troubleshooting
### Proxy won't connect to HAProxy
**Check firewall:**
```bash
# From HAProxy
ssh root@192.168.1.20 'curl -v http://192.168.1.169:18790/health'
```
If it times out, firewall is blocking.
### "503 Service Unavailable" from HAProxy
HAProxy can't reach the backend. Possible causes:
- Firewall blocking port 18790
- Proxy not running
- Wrong IP in HAProxy config
### Invalid OAuth token
```bash
# Test token with Authentik
curl -H "Authorization: Bearer YOUR_TOKEN" \
https://auth.dnspegasus.net/application/o/userinfo/
```
Should return user info if token is valid.
Reference in New Issue View Git Blame Copy Permalink