wiki: OneCLI 400 fix + Hermes gateway proxy integration
This commit is contained in:
hermes
parent
2a30685439
commit
f3baac5f4f
3 changed files with 84 additions and 4 deletions
68
entities/onecli-gateway-setup.md
Normal file
68
entities/onecli-gateway-setup.md
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
---
|
||||
title: OneCLI Gateway Setup — Bitwarden Vault Integration
|
||||
created: 2026-06-16
|
||||
updated: 2026-06-16
|
||||
type: note
|
||||
tags: [project, workflow]
|
||||
---
|
||||
|
||||
# OneCLI Gateway Setup — Bitwarden Vault Integration
|
||||
|
||||
## Problem
|
||||
|
||||
The OneCLI web UI showed "Failed to connect to vault" when trying to pair
|
||||
with Bitwarden. The Rust gateway binary (port 10255) was neither running
|
||||
nor exposed via the reverse proxy.
|
||||
|
||||
## Solution
|
||||
|
||||
Three things were needed:
|
||||
|
||||
### 1. Gateway systemd service
|
||||
|
||||
Created `/etc/systemd/system/onecli-gateway.service` with:
|
||||
- Rust binary at `apps/gateway/target/release/onecli-gateway`
|
||||
- Wrapper script `start-gateway.sh` (DATABASE_URL, SECRET_ENCRYPTION_KEY, AUTH_MODE=*** APP_URL)
|
||||
- After=onecli-postgresql.service, Restart=on-failure
|
||||
|
||||
### 2. Traefik reverse proxy
|
||||
|
||||
Exposed the gateway at a subdomain:
|
||||
- `gateway.onecli.anhydr.fr` -> server:10255
|
||||
- CORS middleware needed: allow origin `https://onecli.anhydr.fr` with credentials
|
||||
|
||||
### 3. Web app rebuild
|
||||
|
||||
- Set `GATEWAY_API_DOMAIN=gateway.onecli.anhydr.fr` in start-web.sh
|
||||
- Added Next.js rewrite: `/v1/*` -> `localhost:10255`
|
||||
- Rebuilt with `GATEWAY_API_DOMAIN=gateway.onecli.anhydr.fr pnpm build`
|
||||
- Result: `window.__GATEWAY_API_URL__ = "https://gateway.onecli.anhydr.fr"`
|
||||
|
||||
## Key commands
|
||||
|
||||
```bash
|
||||
# Build gateway
|
||||
cargo build --release # in apps/gateway/
|
||||
|
||||
# Rebuild web app
|
||||
PATH="/home/hermes/.hermes/node/bin:$PATH"
|
||||
GATEWAY_API_DOMAIN="gateway.onecli.anhydr.fr" pnpm build --filter=@onecli/web
|
||||
|
||||
# Restart services
|
||||
sudo systemctl restart onecli
|
||||
```
|
||||
|
||||
## Architecture
|
||||
|
||||
```
|
||||
User browser -> onecli.anhydr.fr -> Traefik -> :10254 (Next.js)
|
||||
-> gateway.onecli.anhydr.fr -> Traefik -> :10255 (Rust gateway)
|
||||
-> wss://ap.lesspassword.dev
|
||||
```
|
||||
|
||||
## Verification
|
||||
|
||||
```bash
|
||||
curl -s https://gateway.onecli.anhydr.fr/v1/vault/bitwarden/status
|
||||
# -> {"connected":false,"name":null,"status_data":null}
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue