Hass.io Add-on: Webhook Relay - webhook forwarding & remote access

Tags: #<Tag:0x00007f7c618a81f0>

Hass.io Add-on: Webhook Relay

Fast & simple reverse tunnels for your Home Assistant.

About

Webhook Relay addon enables Home Assistant and any other services running inside internal network to receive webhooks from public services such as IFTTT, Zapier, Mailgun or pretty much anything. Add-on also allows you to create bidirectional tunnels for remote access (for example your browser).

It works by opening a connection to the public cloud service and giving you your unique “webhooks inbox” URL which you can supply to 3rd party services or subdomain for remote access.

What this add-on can do?

  • Integrate with Google Assistant, Alexa, IFTTT.
  • Remote access to Home Assistant, Node-RED, Configurator, Tileboard GUI (or anything else that can be accessed via browser).
  • End-to-end TLS encryption for connections from your device.

Webhook Relay is particularly useful when:

  • You cannot access your router to configure port forwarding
  • Router doesn’t support port forwarding
  • Your ISP blocks inbound connections
  • You don’t have a static IP address
  • Server that is hosting your home automation system is changing IP, location
  • You find configuring DuckDNS with Let’s Encrypt too difficult

When Webhook Relay is not useful:

  • You have a static IP and can configure your router (just point a DNS at it)
  • Your Home Assistant is already in the public cloud and accessible from anywhere
  • You can configure DuckDNS with Let’s Encrypt and it works for you, guide here

Quick Start

Before starting the add-on, sign up here.

Installation of this add-on is pretty straightforward and not different in comparison to installing any other Hass.io add-on:

  1. Add our Hass.io add-ons repository URL to your Hass.io instance: https://github.com/webhookrelay/home-assistant
  2. Install the “Webhook Relay” add-on.
  3. Generate token key & secret pair and add it to the add-on’s configuration
  4. Get DuckDNS token and create your domain. Add those details to the “tunnels” config section and “duck_dns” section. Set “accept_terms” to true if you accept Let’s Encrypt ToS.
  5. Set your DuckDNS name and authentication tokens to the configuration and start the “Webhook Relay” add-on.
  6. Check the logs of the “Webhook Relay” add-on to see if everything went well. It should print out your public URL.

Detailed instructions on how to set it up can be found here https://webhookrelay.com/v1/guide/home-automation.html.

Use webhooks forwarding when:

  • Service that is sending requests to your home automation instance doesn’t expect responses (usually webhook producers don’t expect anything)
  • Additional security is required for your server and you don’t want to expose it to the internet. Webhooks producer won’t get any information about the server that is consuming your webhooks

You should use tunnels when:

  • You need remote access to your home automation instance (for example you want to view it through the browser).
  • Service that is calling your home automation instance wants to receive responses from it.

Plans and Pricing

Webhook Relay is a hosted service that requires infrastructure, support and development time. Our business model is providing a service for a fee. We do not share any of your data with 3rd parties (except Stripe for billing purposes).

Our free plan includes:

  • One bidirectional tunnel suitable for remote access, due to the lack of HTTPS we wouldn’t recommend using them from unsafe wifi networks.
  • End-to-end encrypted webhooks forwarding (150 webhooks per month)

For most users basic plan ($4.50/month) will be enough, it includes:

  • Custom subdomains
  • Secure TLS pass-through tunnels with auto certificate fetch from DuckDNS (no need for that add-on though)
  • HTTPS for bidirectional tunnel endpoints
  • 3 tunnels (for example Home Assistant, Node-RED and anything else)
  • 1500 webhooks per month

All plans can be viewed here. Alternative ways to earn HTTPS and custom subdomains:

Support

Submit issues to the add-on’s Github repository or send me an email: [email protected]. I try to answer queries as soon as possible :slight_smile:

Available since version 2.0

  • Custom domains through CNAME DNS entries, such as hass.yourdomain.com
  • TLS pass-through without TLS termination on our side. This will allow Webhook Relay to relay traffic to your Home Assistant without terminating HTTPS. Combined with custom domains this feature will allow you to create fully encrypted tunnels so even if we were forced to, we couldn’t spy on your traffic. It might require a bit more work on your end to setup TLS termination with NGINX/traefik or similar tools though.

Please note: If you do not set up TLS pass-through (which is not available as of now), webhookrelay.com will be able to access all information that flows through their servers, including your access tokens to access your instance.

1 Like

Correct, although traffic is not recorded/analysed according to our privacy and GDPR policy.

You can still safely use webhooks forwarding as they don’t include any access tokens :slight_smile: (I think currently Google Home and Alexa work in the same way?)

Anyone that’s been unable to access HA remotely due to carrier restrictions should try this.
I installed it over the weekend and it’s working great for me with AT&T LTE. I can finally access my HA installation from my phone on LTE network.

Thanks again for making this!

1 Like

Does it work with Home Assistant iOS app?
Is it simple as just pointing the app to the new Webhook domain and go for it?

yes, I use it myself with iOS app.

1 Like

Good point, I have updated the original post with the changed from the last few months :slight_smile:

:tada: Release 2.3.0

Changelog:

  • Cloudflare support (was initially made available in the previous minor release, however needed more testing)
  • Various improvements to both DuckDNS and Cloudflare DNS challenge solvers to configure and retrieve certs faster.
  • Changed how the add-on is built. Removed the HA build step install step, our CI now builds custom images with all the necessary tags and the entrypoint to work with HA out of the box.

Cloudflare integration

You can read full blog post on how to set up the add-on to work with your own custom domains here: https://webhookrelay.com/blog/2019/02/15/cloudflare-support-for-home-assistant/

TL;DR;

Webhook Relay add-on configures your Cloudflare DNS to point to a public tunnel endpoint and configures TLS pass-through tunnel directly to your Home Assistant. Traffic is fully encrypted till it reached your own device where TLS gets terminated. You can also supply your own certs to Home Assistant so even the add-on cannot inspect the traffic.

Next version

Webhook Relay going global! First new regions will be available in Australia and US (currently Webhook Relay tunnels go through EU). Almost nothing really changes from the configuration example, there will be a new field “region”:“au/us/eu” available in the add-on options. Stay tuned :slight_smile:

:tada: Release 2.4.0

Added multi-region support. New regions available in Sydney, Australia and Silicon Valley, US.

If you are using DuckDNS domain with Webhook Relay add-on, then just set the desired region and enjoy fast and low latency access to your Home Assistant. If you are using *.webrelay.io subdomain, a new subdomain will be created for that region. And if you are using Cloudflare with your own domain name - you will have to update CNAME record through your Cloudflare dashboard.

Configuration example when using au region:

{
	"key": "**********",
	"secret": "**********",
	"region": "au",
	"forwarding": [
	],
	"tunnels": [
		{
			"name": "home-assistant", 
			"destination": "http://localhost:8123",
			"protocol": "tls",			
			"domain": "transponder-test.duckdns.org",
			"auto_gen": false
		}
	],
	"duck_dns": {
		"token": "**********",
		"accept_terms": true
	},
	"tunnels_enabled": true,
	"forwarding_enabled": false
}

If you encounter any issues, please let me know :wink:

Hi guys,

I am trying to utilize Webhook Relay in a combination with Owntracks and Hassio. However, I’m struggling to configure the Webhook Relay addon in Hassio. I created a Webhook Relay account and setup a new bucket called “Owntracks”. The default public endpoint, I entered in the Owntracks app on my phone. From the Owntracks integration in Hassio, I got the value for bucket Output. If I force a update in the Owntrack app, I see the request in the Relay logs in the Webhook Relay web interface, and I can see the location data sent. So far so good.

Now I am trying to configure the Webhook Relay Hassio addon. In the config I write

{
  "key": "MyKey",
  "secret": "MySecret",
  "region": "eu",
  "forwarding": [
    {
      "bucket": "Owntracks",
      "destination": "http://127.0.0.1:8123"
    }
  ],
  "tunnels": [
    {
      "name": "home-assistant",
      "destination": "http://127.0.0.1:8123/",
      "protocol": "tls",
      "domain": "example.duckdns.org"
    }
  ],
  "duck_dns": {
    "token": null,
    "accept_terms": false
  },
  "cloudflare": {
    "email": "",
    "api_key": ""
  },
  "tunnels_enabled": false,
  "forwarding_enabled": true
}

but I get the following error

not a valid value for dictionary value @ data['options']. Got {'key': 'MyKey', 'secret': 'MySecret', 'region': 'eu', 'forwarding': [{'bucket': 'Owntracks', 'destination': 'http://127.0.0.1:8123'}], 'tunnels': [{'name': 'home-assistant', 'destination': 'http://127.0.0.1:8123/', 'protocol': 'tls', 'domain': 'example.duckdns.org'}], 'duck_dns': {'token': None, 'accept_terms': False}, 'cloudflare': {'email': '', 'api_key': ''}, 'tunnels_enabled': False, 'forwarding_enabled': True}

I have tried deleting the tunnel and duckdns entries without any luck. I only want simple forwarding of webhooks, remote access is not required. What is wrong with my config?

BR,
Jorgensen

Hi Jorgensen,
Yeah, that error validation is not very helpful. Could you try setting

"duck_dns": {
    "token": null,
    "accept_terms": false
  },

to

"duck_dns": {
    "token": "",
    "accept_terms": false
  },

?

Thanks for the very quick reply. I updated my config with your suggestion, and now the config was saved successfully :slight_smile:

Unfortunately, I got a new error when starting the addon, but after some trial and error I got the following config working

{
  "key": "MyKey",
  "secret": "MySecret",
  "region": "dev",
  "forwarding": [
    {
      "bucket": "Owntracks",
      "destination": "http://127.0.0.1:8123"
    }
  ],
  "tunnels": [
    {
      "name": "home-assistant",
      "destination": "http://127.0.0.1:8123/",
      "protocol": "tls",
      "domain": "example.duckdns.org"
    }
  ],
  "duck_dns": {
    "token": "",
    "accept_terms": false
  },
  "cloudflare": {
    "email": "",
    "api_key": ""
  },
  "tunnels_enabled": true,
  "forwarding_enabled": true
}

I don’t understand why I need

"tunnels_enabled": true,

as

"tunnels_enabled": false,

fails to start.

Finally,

"region": "dev",

I would have expected “eu” to work.

Anyway, it seems to work now, and I’ll test for the next couple of days, and get back if I encounter further problems.

Again, thanks a lot!
Jorgensen

ah, that’s strange :slight_smile: I will check it out and publish a fix when I have a spare minute, sorry for the inconvenience! :slight_smile:

No worries, I have just received the first location update from my phone :slight_smile: That’s awesome, now I can get started with my more reliable presence detection.

Thanks!

1 Like

Has anyone got this working with the node-red-contrib-telegrambot config node in webhook mode? Wanted some encouragement before going down that rabbit hole. Thanks!

Hi rusensk,
I have it installed on my system, the configuration of the add-on is working fine… but how do i “read” the data in home assistant? I mean what do i need to put in the .yaml file?
trigger…event?.. Can you put an example of what service I need to use to reach the data of the bucket? In the log of the addon i get:
webhook request relayed {“destination”: "http://127.0.0.1:8123,“method”:“POST”,“bucket”:“mybucket”,"status: “405 Method Not Allowed”, “retries”:0}
I am using the free account only to send webhooks without tunnel… In destination in webhooks relay i understand i don’t need to put duckdns and all this things for my case. Right?
Thanks very much for your effort.
Luis

Hi @luichi24h, it can forward webhooks to any internal endpoint but there has to be some endpoint that Home Assistant can receive on, currently it seems like it just sends to http://127.0.0.1:8123/ but I imagine it should be something like http://127.0.0.1:8123/.

For example Telegram addon: https://www.home-assistant.io/integrations/telegram_webhooks/

  1. Create a bucket
  2. Create an input

Using Telegrams setWebhook method your bot’s webhook URL should be set to https://<public_url>:<port>/api/telegram_webhooks .

  1. Using Telegram’s setWebhook set it to Webhook Relay input endpoint which is something like https://my.webhookrelay/v1/webhooks/<your input ID>

  2. If I understand correctly, you should create a bucket with destination http://127.0.0.1:8123/api/telegram_webhooks and then in the configuration it should look like:

telegram_bot:
  - platform: webhooks
    api_key: YOUR_API_KEY
    parse_mode: html
    allowed_chat_ids:
      - 12345
      - 67890

I will try this myself maybe later this week :slight_smile: