aliyun mcp-proxy is a proxy tool from Alibaba Cloud CLI that simplifies application interaction with the OpenAPI MCP Server. It automatically handles OAuth authentication and token refreshing, and supports secure configurations for various scenarios.-OpenAPI Explorer(OpenAPI)-阿里云帮助中心

aliyun mcp-proxy

aliyun mcp-proxy is an MCP server proxy tool provided by Alibaba Cloud CLI to simplify interactions between third-party AI applications, such as Dify and LangChain, and an OpenAPI MCP server. You must complete a one-time OAuth authorization when you first start the tool. After that, the proxy service automatically handles token refreshes.

How it works: An application sends an API request toaliyun mcp-proxy. The proxy service adds the necessary credentials and forwards the request to the OpenAPI MCP server.

Warning

After starting aliyun mcp-proxy, any user on the host machine can use the proxy port to access any MCP server within the permission scope of the CLI user that started the proxy. To prevent permission abuse, run the proxy only in a trusted, single-user environment and never expose the proxy port externally. Use the --allowed-servers or --blocked-servers parameters to restrict the scope of accessible servers and configure the MCP server with the principle of least privilege. For more information, see Security risks and mitigations.

Configure and run the proxy

Step 1: Configure Alibaba Cloud CLI

Install or upgrade the Alibaba Cloud CLI to version 3.2.0 or later. For installation instructions, see Install or update Alibaba Cloud CLI.
Configure the CLI with the credentials of an Alibaba Cloud account or a RAM user that has permissions to create OAuth applications. Alternatively, you can use the --oauth-app-name parameter in a later step to specify an existing OAuth application.
```
aliyun configure
# Enter your AccessKey ID, AccessKey Secret, and default region as prompted.
```

Step 2: First run and OAuth authorization

The first time you run mcp-proxy, you must complete a one-time OAuth authorization so it can obtain a refresh token.

Start the proxy in the foreground.
- In an environment with a graphical user interface (GUI), if you do not specify the--no-browser parameter, the CLI automatically opens a browser to perform the OAuth authorization. After authorization is complete, you do not need to manually enter a code. You can then skip to step 5.
```
aliyun mcp-proxy --host 127.0.0.1 --port 8088
```
- In a server environment without a GUI, add the--no-browser parameter. The tool will then guide you to obtain the code.
```
aliyun mcp-proxy --host 127.0.0.1 --port 8088 --no-browser
```
Note
You can use the --oauth-app-name parameter to specify a custom OAuth application. The application must meet the following requirements:
- OAuth Scope: Must be /acs/mcp-server.
- Redirect URI: Must match the Redirect URI used during the aliyun mcp-proxy authentication.
- Application Type: Must be a Native application.

The terminal displays the authorization URL.

Setting up MCPOAuth profile 'default-mcp'...
Opening browser for OAuth login...
URL: https://signin.aliyun.com/oauth2/v1/auth?client_id=XXX8&response_type=code&scope=%2Facs%2Fmcp-server&redirect_uri=http://0.0.0.0:8088/callback&code_challenge=XXX&code_challenge_method=S256
Please open the authorization URL on a machine with a browser and complete the sign-in.
After authorization, the browser will redirect to a callback URL.
Even if the page fails to load (connection error), the authorization code is in the URL.
Please copy the value of the `code` parameter from the browser's address bar.
Example: If the URL is:
  http://127.0.0.1:8088/callback?code=abc123xyz&state=...
  Then copy only: abc123xyz
Enter authorization code: <YOUR CODE>

Open the URL in a browser, sign in, and complete the authorization.
After successful authorization, the page redirects to an address that contains a code parameter or displays the authorization code directly. Copy the code value, paste it into the terminal, and press Enter.

When the terminal displays OAuth login successful!, the authorization is successful.

2025/12/04 19:11:49 Oauth authorization successfully, code received: XXXX
2025/12/04 19:11:49 Start to exchange code for token with PKCE
2025/12/04 19:11:49 Exchange code for token with PKCE successfully
OAuth login successful!

When the terminal displays MCP Proxy Server Started, the proxy has started successfully.

MCP Profile 'default-mcp' configured for oauth app 'aliyun-cli-mcp-proxy' successfully!
MCP Proxy Server Started
Listen: 127.0.0.1:8088

Step 3: Configure systemd service (CentOS)

For stable operation, configure the proxy as a systemd service that starts on boot.

Create a systemd service file named aliyun-mcp-proxy.service.

Note:
- Replace your-user with the actual non-root username that runs this service. This user must have configured credentials by using aliyun configure.
- In the ExecStart line, $(which aliyun) automatically finds the path to the aliyun command. If this fails, manually replace it with the output of the which aliyun command (for example, /usr/local/bin/aliyun).
```
sudo tee /etc/systemd/system/aliyun-mcp-proxy.service << 'EOF'
[Unit]
Description=Aliyun CLI MCP Proxy
After=network.target
[Service]
Type=simple
User=your-user
ExecStart=$(which aliyun) mcp-proxy --host 127.0.0.1 --port 8088 --no-browser
Restart=always
RestartSec=10
Environment=HOME=/home/your-user
[Install]
WantedBy=multi-user.target
EOF
```

Reload the systemd configuration and start the service.

# Reload the configuration
sudo systemctl daemon-reload
# Start the service
sudo systemctl start aliyun-mcp-proxy
# Enable the service to start on boot
sudo systemctl enable aliyun-mcp-proxy

Step 4: Verify the proxy service

Verify that the service is running correctly using either of the following methods.

View the service status

Run the following command to check the service status.
```
sudo systemctl status aliyun-mcp-proxy
```
If the output contains active (running), the service has started successfully.

Request the proxy port

Run the following command to send a request directly to the proxy port.

curl http://127.0.0.1:8088/

If the proxy is working correctly, you will receive an XML-formatted error response from the MCP server. This confirms that the proxy can communicate with the service.

<?xml version='1.0' encoding='UTF-8'?><Error><RequestId>B3311876-XXXXX</RequestId><HostId>openapi-mcp.cn-hangzhou.aliyuncs.com</HostId><Code>InvalidAction.NotFound</Code><Message>Specified api is not found, please check your url and method.</Message><Recommend><![CDATA[https://api.aliyun.com/troubleshoot?q=InvalidAction.NotFound&product=OpenAPIExplorer&requestId=B3311876-XXX]]></Recommend></Error>

Integrate with Dify

This example shows how to configure and use the mcp-proxy with Dify, assuming Dify is deployed with Docker Compose on the same ECS instance.

Step 1: Get host IP and start proxy

The Dify container must access the mcp-proxy service through the host machine's Docker bridge IP address.

Run the following command to get and record the IP address.
```
ip addr show docker0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1
```
This command returns an IP address similar to 172.17.0.1.
Start the aliyun mcp-proxy service in the foreground. Alternatively, you can modify the startup command insystemd and start it as a service.
```
aliyun mcp-proxy --host 172.17.0.1 --port 8088 --no-browser
```

Step 2: Configure the MCP server in Dify

In Dify, go to the Tools > MCP configuration page.
ClickAdd MCP Server (HTTP).
In theserver endpoint URL field, enter your MCP proxy address.

You can find the originalStreamable HTTP Endpoint address in the Alibaba Cloud OpenAPI MCP Service console. Replace the domain name part (host) of this address with your local or internal network proxy address.

Example conversion:
- Original Endpoint:
  https://openapi-mcp.cn-hangzhou.aliyuncs.com/accounts/1234/custom/cli-proxy-test/id/1234/mcp
- Proxied Endpoint: (assuming the proxy runs on172.17.0.1:8088):
  http://172.17.0.1:8088/accounts/1234/custom/cli-proxy-test/id/1234/mcp
Enter other information as needed and clickAdd & Authorize. Dify will then communicate with your MCP service through this proxy address.

Security risks and mitigations

After starting mcp-proxy, any user on the host machine can use the proxy port to access any MCP server within the permission scope of the CLI user that started the proxy. The main risks include:

Internal privilege abuse: Other users on the same machine can use the proxy port to perform unauthorized actions, leading to privilege abuse or data leakage.
External exposure risk: If the proxy port listens on 0.0.0.0 and no firewall is configured, anyone on the network can access the MCP server through this port.

Note

The MCP Proxy uses the Alibaba Cloud identity of the logged-in CLI user to proxy requests. Configure access permissions for the MCP Proxy carefully.

Mitigations

Environment isolation: Run the proxy only in a trusted, single-user environment. Avoid using it on shared multi-user servers.
Network access control: Bind the proxy's listening address (--host) to 127.0.0.1 (default) or a specific internal network IP. Use a firewall or security group rules to restrict access to the proxy port (for example, allowing access only from specific application server IPs). Never expose the port to the public internet.
Server access control: Use the --allowed-servers (allowlist) or --blocked-servers (blocklist) parameters to restrict which MCP servers can be accessed. This prevents the proxy from being used to access unintended services. For configuration details, see Configure server access control.
Principle of least privilege: Grant only the minimum necessary permissions to the CLI user that the proxy uses and its associated MCP server. Grant read-only permissions whenever possible.
Auditing and monitoring: Regularly review the proxy service's access logs and monitor for abnormal requests. Requests blocked by access control are recorded in the proxy logs.

Configure server access control

aliyun mcp-proxy supports allowlist and blocklist mechanisms to restrict which MCP servers are accessible through the proxy.

Priority rules

Access control is evaluated in the following order:

Blocklist first: A request that matches the blocklist is rejected immediately, even if it is also on the allowlist.
Allowlist filtering: If an allowlist is configured, only servers on the allowlist are permitted.
Default allow: If no lists are configured, access to all servers is allowed.

Get server name and ID

After starting aliyun mcp-proxy, the terminal lists all available MCP server names. Example output:

Available Servers:
  - cloudphone
    MCP: http://127.0.0.1:8088/accounts/0000000000000000/system/eds-aic/cloudphone/id/XSkb9v4dXx000000/mcp
    SSE: http://127.0.0.1:8088/accounts/0000000000000000/system/eds-aic/cloudphone/id/XSkb9v4dXx000000/sse
  - multi_account
    MCP: http://127.0.0.1:8088/accounts/0000000000000000/custom/multi_account/id/OV0Qkpxh0Uodx000/mcp
    SSE: http://127.0.0.1:8088/accounts/0000000000000000/custom/multi_account/id/OV0Qkpxh0Uodx000/sse

In the output, cloudphone and multi_account are the server name values (usually located before the id keyword).
In the output, XSkb9v4dXx000000 and OV0Qkpxh0Uodx000 are the server id values (usually located before the mcp keyword).

The URL path typically follows these patterns:

......./system/eds-aic/$server_name/id/$server_id/mcp
......./custom/$server_name/id/$server_id/mcp

Matching patterns

The --allowed-servers and --blocked-servers parameters support three matching patterns, which are automatically identified by the value format:

Matching pattern	Format	Example	Description
Server Name Match	A string that does not start with `/`	`cloudcontrol`	Exactly matches the server's `name` field.
Server ID Match	A string that does not start with `/`	`OV0Qkpxh0Uodx000`	Exactly matches the server's `id` field.
Path Prefix Match	A string that starts with `/`	`/acs/mcp-server/ecs`	Matches the path prefix of the request URL.

Note

Server name and ID matching is an exact match.
Path prefix matching uses prefix comparison. For example, /acs/mcp-server/ecs matches both /acs/mcp-server/ecs/mcp and /acs/mcp-server/ecs/sse.
You can mix all three patterns in the same parameter.

Configuration examples

Allowlist mode: Allow access only to specified servers
```
aliyun mcp-proxy --allowed-servers "ecs,oss"
```
After startup, only ecs and oss are accessible. Requests to other servers return a 403 Forbidden error.
Blocklist mode: Deny access to specified servers
```
aliyun mcp-proxy --blocked-servers "ram"
```
After startup, all servers except ram are accessible.
Use path prefix matching
```
aliyun mcp-proxy --allowed-servers "/acs/mcp-server/ecs,/acs/mcp-server/oss"
```
This has the same effect as specifying by name and is useful for scenarios that require precise path control.

Verify access control

After starting the proxy, the terminal output shows the current access control configuration and the status of each server:

MCP Proxy Server Started
Listen: 127.0.0.1:8088
Region: CN
Access Control:
  Blacklist (blocked servers):
    - ram
  Whitelist (allowed servers):
    - ecs
    - oss
Available Servers:
  - ecs
    MCP: http://127.0.0.1:8088/acs/mcp-server/ecs/mcp
  - oss
    MCP: http://127.0.0.1:8088/acs/mcp-server/oss/mcp
  - ram (blocked)

Blocked requests are recorded in the proxy log, which helps with troubleshooting.

Security incident response

If you suspect that the proxy's authentication token has been leaked or abused, take the following actions immediately:

Stop the MCP Proxy service.
Delete the local configuration file: rm ~/.aliyun/.mcpproxy_config.
Revoke the OAuth authorization in the Alibaba Cloud console.
Check the API call logs to identify any abnormal operations.
Reconfigure the MCP Proxy and generate a new token.

Parameters

The aliyun mcp-proxy command supports various parameters for specific scenarios.

Parameter	Description	Default
`--host`	The host address that the proxy listens on.	`127.0.0.1`
`--port`	The port that the proxy listens on.	`8088`
`--no-browser`	Prevents the CLI from automatically opening a browser for OAuth authorization. Use this option in environments without a GUI, where the CLI prints the authentication URL to the terminal.	Not enabled
`--oauth-app-name`	Specifies the name of a pre-existing OAuth application. If this parameter is used, the CLI does not attempt to create an application automatically.	`aliyun-cli-mcp-proxy`
`--region-type`	Selects the service site for the OpenAPI MCP server. Valid values are `CN` for the China site and `INTL` for the international site.	`CN`
`--upstream-url`	Manually specifies the upstream OpenAPI MCP server address, overriding the default address.	China site: `https://openapi-mcp.cn-hangzhou.aliyuncs.com` International site: `https://openapi-mcp.ap-southeast-1.aliyuncs.com`
`--allowed-servers`	Specifies an allowlist of accessible MCP servers. Separate multiple values with commas. Supports server name, ID, or path prefix. If unspecified, all servers are allowed. For details, see Configure server access control.	Not enabled
`--blocked-servers`	Specifies a blocklist of inaccessible MCP servers. Separate multiple values with commas. Supports server name, ID, or path prefix. The blocklist takes precedence over the allowlist. For details, see Configure server access control.	Not enabled

FAQ

After running `aliyun mcp-proxy` for OAuth authentication, I get the "`ERROR: OAuth flow returned empty RefreshToken`" error and the proxy fails to start. Why does this happen?

This issue is usually caused by an incorrect OAuth application type or authentication identity. Ensure that:

The OAuth application type used is Native.
You are authenticating with an Alibaba Cloud account or a RAM user. Assuming a RAM role does not support obtaining a refresh token.

Connection Refused or Timeout error in Dify

Check the following configurations:

When starting the mcp-proxy service, ensure the --host parameter is set to the Docker bridge IP or the host machine's internal network IP so that the Docker container can access it.
The ECS instance's security group or the host machine's firewall must allow TCP traffic from the Docker container to the proxy port (for example,8088).

How to view mcp-proxy logs?

If you have configured it as a systemd service, you can use the following command to view the logs in real time:

sudo journalctl -u aliyun-mcp-proxy -f