Run the OpenBotAuth Proxy using npm or npx.
Package: @openbotauth/proxy
# Run without installing (recommended)
npx @openbotauth/proxy
# Or install globally
npm install -g @openbotauth/proxy
openbotauth-proxyRequirements: Node.js >= 18.0.0
Run directly without installing:
npx @openbotauth/proxy# npm
npm install -g @openbotauth/proxy
# pnpm
pnpm add -g @openbotauth/proxy
# yarn
yarn global add @openbotauth/proxyAfter global install, run with:
openbotauth-proxy
# or
oba-proxyAdd to your project:
npm install @openbotauth/proxyThen run via npm scripts in package.json:
{
"scripts": {
"proxy": "openbotauth-proxy"
}
}All configuration is via environment variables:
| Variable | Default | Description |
|---|---|---|
PORT |
8088 |
Proxy listen port |
UPSTREAM_URL |
http://localhost:8080 |
Backend server URL |
OBA_VERIFIER_URL |
https://verifier.openbotauth.org/verify |
Verifier service endpoint |
OBA_MODE |
observe |
observe or require-verified |
OBA_TIMEOUT_MS |
5000 |
Verifier request timeout (ms) |
OBA_PROTECTED_PATHS |
/protected |
Comma-separated paths requiring verification |
Proxy requests from port 8088 to localhost:8080:
npx @openbotauth/proxyProxy to a different backend:
UPSTREAM_URL=http://localhost:3000 npx @openbotauth/proxyRun on a different port:
PORT=9000 npx @openbotauth/proxyEnforce verification on all paths:
OBA_MODE=require-verified npx @openbotauth/proxyRequire verification only on specific paths:
OBA_MODE=require-verified \
OBA_PROTECTED_PATHS=/api,/content,/premium \
npx @openbotauth/proxyPORT=8088 \
UPSTREAM_URL=http://localhost:3000 \
OBA_VERIFIER_URL=https://verifier.openbotauth.org/verify \
OBA_MODE=require-verified \
OBA_TIMEOUT_MS=3000 \
OBA_PROTECTED_PATHS=/api/v1,/protected \
npx @openbotauth/proxy// ecosystem.config.js
module.exports = {
apps: [{
name: 'oba-proxy',
script: 'npx',
args: '@openbotauth/proxy',
env: {
PORT: 8088,
UPSTREAM_URL: 'http://localhost:3000',
OBA_MODE: 'observe'
}
}]
};pm2 start ecosystem.config.js# /etc/systemd/system/oba-proxy.service
[Unit]
Description=OpenBotAuth Proxy
After=network.target
[Service]
Type=simple
User=www-data
WorkingDirectory=/opt/oba-proxy
Environment=PORT=8088
Environment=UPSTREAM_URL=http://localhost:3000
Environment=OBA_MODE=observe
ExecStart=/usr/bin/npx @openbotauth/proxy
Restart=on-failure
[Install]
WantedBy=multi-user.targetsudo systemctl enable oba-proxy
sudo systemctl start oba-proxyYou can also use the proxy programmatically in your Node.js application:
import { createProxyServer } from '@openbotauth/proxy';
const server = createProxyServer({
port: 8088,
upstream: 'http://localhost:3000',
verifierUrl: 'https://verifier.openbotauth.org/verify',
mode: 'observe',
timeoutMs: 5000,
protectedPaths: ['/api', '/protected']
});
server.listen();Verify the proxy is running:
curl http://localhost:8088/.well-known/healthResponse:
{
"status": "ok",
"service": "openbotauth-proxy",
"upstream": "http://localhost:8080",
"verifier": "https://verifier.openbotauth.org/verify",
"mode": "observe"
}The proxy logs to stdout:
[OBA] Proxy started on port 8088
[OBA] Upstream: http://localhost:3000
[OBA] Mode: observe
[OBA] GET /api/content -> verified (agent: MyBot)
[OBA] GET /public -> unsigned
Check that the port is available:
lsof -i :8088- Check the verifier URL is accessible
- Verify the bot is sending correct RFC 9421 headers
- Check clock synchronization (signatures expire)
Increase the timeout:
OBA_TIMEOUT_MS=10000 npx @openbotauth/proxy- Verify
UPSTREAM_URLis correct - Check backend is running and accessible
- Test direct connection to backend