wzp-web connects to relay via QUIC and does crypto handshake directly,
but relay with --auth-url expects AuthToken first → handshake fails.
Auth at relay level will be re-added when wzp-web learns to forward tokens.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The 'full' variant sends a key exchange as first WS message, not auth.
The 'pure' variant sends raw PCM immediately, no auth.
Only ws/ws-fec/ws-full variants send auth JSON.
With auth removed, wzp-web accepts all WS connections. Auth is
still enforced on the relay (--auth-url) for direct connections.
Caddy provides access control at the TLS layer.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- wzp-web runs plain HTTP behind Caddy (no --tls)
- deploy-chat.sh clones feature/wzp-web-variants for warzone-phone
- Three audio variants: ?variant=pure|hybrid|full
- Auth kept on both wzp-relay and wzp-web
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Removed dns-updater Docker sidecar (curl not available in alpine)
- scripts/start-voip.sh: updates DNS then docker compose up
- update-dns.sh: supports --once flag, runs locally with curl
- All CF API calls forced to IPv4 (-4 flag)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- update-dns.sh: detects public IPv4/IPv6, upserts CF records
- Runs on container start + every 5 minutes
- Only updates if IP actually changed (skips if unchanged)
- python:3-alpine container with curl
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Caddy now uses network_mode: host (sees real IPv4/IPv6)
- All backend services on fixed IPs (172.28.0.10/20/30)
- Caddyfile uses IPs instead of Docker DNS names
- /myip now returns actual client IP, not Docker gateway
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
wzp-web --relay only accepts IP:port, not Docker hostnames.
Fixed IP 172.28.0.10 on backend network with explicit subnet.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
