OneCLI Gateway Setup — Bitwarden Vault Integration

Problem

The OneCLI web UI showed "Failed to connect to vault" when trying to pair with Bitwarden. The Rust gateway binary (port 10255) was neither running nor exposed via the reverse proxy.

Solution

Three things were needed:

1. Gateway systemd service

Created /etc/systemd/system/onecli-gateway.service with:

Rust binary at apps/gateway/target/release/onecli-gateway
Wrapper script start-gateway.sh (DATABASE_URL, SECRET_ENCRYPTION_KEY, AUTH_MODE=*** APP_URL)
After=onecli-postgresql.service, Restart=on-failure

2. Traefik reverse proxy

Exposed the gateway at a subdomain:

gateway.onecli.anhydr.fr -> server:10255
CORS middleware needed: allow origin https://onecli.anhydr.fr with credentials

3. Web app rebuild

Set GATEWAY_API_DOMAIN=gateway.onecli.anhydr.fr in start-web.sh
Added Next.js rewrite: /v1/* -> localhost:10255
Rebuilt with GATEWAY_API_DOMAIN=gateway.onecli.anhydr.fr pnpm build
Result: window.__GATEWAY_API_URL__ = "https://gateway.onecli.anhydr.fr"

Key commands

# Build gateway
cargo build --release  # in apps/gateway/

# Rebuild web app
PATH="/home/hermes/.hermes/node/bin:$PATH"
GATEWAY_API_DOMAIN="gateway.onecli.anhydr.fr" pnpm build --filter=@onecli/web

# Restart services
sudo systemctl restart onecli

Architecture

User browser -> onecli.anhydr.fr -> Traefik -> :10254 (Next.js)
             -> gateway.onecli.anhydr.fr -> Traefik -> :10255 (Rust gateway)
                                                         -> wss://ap.lesspassword.dev

Verification

curl -s https://gateway.onecli.anhydr.fr/v1/vault/bitwarden/status
# -> {"connected":false,"name":null,"status_data":null}

1.9 KiB Raw Blame History