ESPhome: any way to OTA over internet?

janbenes · July 1, 2021, 3:40pm

Hello, I use ESPhome on different network than HA. I cannot use HA api, so I use mqtt. But that does not allow OTA, or? I can send mqtt message to ESPhome over internet to pull OTA, and it could be possible to set it in the way that it fetches update from certain IP address, right? Any experience with that?

Protoncek · July 1, 2021, 4:22pm

One way (not very safe though) would be to open needed port outside. Default ota port for esp8266 is 8266. So, if you open this port to internal Ip of your device you should connect to device. Of course you must also have some kind of DNS address (your public IP address).

nickrout · July 1, 2021, 7:46pm

Set up a vpn. or an ssh tunnel.

janbenes · July 1, 2021, 8:32pm

Much easier solution - I log externally to router of remote network, find IP of the device, open DMZ to that IP and then issue this command:

esphome <device-config>.yaml run --upload-port <router-external-ip-address>

After that I close DMZ and open logs through mqtt. Simple, done, no VPN and SSH messing

mmakaay · July 2, 2021, 12:03am

Note that the big benefit of VPN or SSH would be the extra layer of encryption.
The firmware likely contains credentials of some sort and possibly other important bits, so not something that one ought to distribute lightly over the internet.

Also, using this method would expose other ports that the device is listening on. Worst case scenario (likely the default) to the whole of the internet. It might be wise to setup the router firewall to block incoming traffic for the related port(s).

Keep these things in mind when using the DMZ-host mehod.

Protoncek · July 2, 2021, 9:30am

First big no-no thing i see in your way is accessing to your router. Never, and i do mean NEVER expose router to outside world (i mean, only enable internal login, not external)! If someone break into your router then you’re pretty much “dead”… Don’t rely on strong password, there are bugs and side doors in router FW for pretty much all routers. Some are patched, some not, some partially…
As i said, just open ports is already unsecure… I didn’t think of VPN, though (i do have and use it, though… (thanks, @nickrout).

javellin · July 5, 2021, 8:23pm

If you have access to the esp and can plug it into your computer you can update it via the browser now with esphome v19. However I don’t think this is what you want.

oarcher · June 8, 2023, 7:24pm

Still old post like Possible to get ESPhome checking firmware URL and doing OTA? - #2 by oarcher, but I’ve wrote an ota_http external component that is able to do that. You do not connect to the esp, it’s the esp that connect to a web server handling the firmware.bin file:

You can trigger the OTA with an mqtt button:

external_components:
  - source: github://oarcher/piotech/


ota_http:


button:
  - platform: template
    name: "Firmware update"
    on_press:
      then:
        - ota_http.flash:
            url: http://example.com/firmware.bin
            verify_ssl: false
        - logger.log: "This message should be not displayed(reboot)"

gustavocmorais · August 15, 2023, 5:36pm

hi! any chance we get suport for ESP32 esp-idf??

esp32:
board: esp32dev
framework:
type: esp-idf

paddy0174 · August 15, 2023, 5:54pm

You mean this?

gustavocmorais · August 15, 2023, 6:38pm

yes!

i am using it to connect to hivemq (ssl).
as it supports the needed encryption setup.

esp32:
  board: esp32dev
  framework:
    type: esp-idf