ESPhome: any way to OTA over internet?

Hello, I use ESPhome on different network than HA. I cannot use HA api, so I use mqtt. But that does not allow OTA, or? I can send mqtt message to ESPhome over internet to pull OTA, and it could be possible to set it in the way that it fetches update from certain IP address, right? Any experience with that?

One way (not very safe though) would be to open needed port outside. Default ota port for esp8266 is 8266. So, if you open this port to internal Ip of your device you should connect to device. Of course you must also have some kind of DNS address (your public IP address).

Set up a vpn. or an ssh tunnel.

Much easier solution - I log externally to router of remote network, find IP of the device, open DMZ to that IP and then issue this command:

esphome <device-config>.yaml run --upload-port <router-external-ip-address>

After that I close DMZ and open logs through mqtt. Simple, done, no VPN and SSH messing :slight_smile:

1 Like

Note that the big benefit of VPN or SSH would be the extra layer of encryption.
The firmware likely contains credentials of some sort and possibly other important bits, so not something that one ought to distribute lightly over the internet.

Also, using this method would expose other ports that the device is listening on. Worst case scenario (likely the default) to the whole of the internet. It might be wise to setup the router firewall to block incoming traffic for the related port(s).

Keep these things in mind when using the DMZ-host mehod.

First big no-no thing i see in your way is accessing to your router. Never, and i do mean NEVER expose router to outside world (i mean, only enable internal login, not external)! If someone break into your router then you’re pretty much “dead”… Don’t rely on strong password, there are bugs and side doors in router FW for pretty much all routers. Some are patched, some not, some partially…
As i said, just open ports is already unsecure… I didn’t think of VPN, though :roll_eyes:(i do have and use it, though… (thanks, @nickrout).

If you have access to the esp and can plug it into your computer you can update it via the browser now with esphome v19. However I don’t think this is what you want.

Still old post like Possible to get ESPhome checking firmware URL and doing OTA? - #2 by oarcher, but I’ve wrote an ota_http external component that is able to do that. You do not connect to the esp, it’s the esp that connect to a web server handling the firmware.bin file:

You can trigger the OTA with an mqtt button:

  - source: github://oarcher/piotech/


  - platform: template
    name: "Firmware update"
        - ota_http.flash:
            verify_ssl: false
        - logger.log: "This message should be not displayed(reboot)"
1 Like

hi! any chance we get suport for ESP32 esp-idf??

board: esp32dev
type: esp-idf

You mean this?


i am using it to connect to hivemq (ssl).
as it supports the needed encryption setup.

  board: esp32dev
    type: esp-idf