It would be interesting to see your project, don’t just abandon it if doesn’t look right from the start I have abandoned too many projects but some like https://github.com/keel-hq/keel and webhookrelay brought me a lot of fun. Although from your supported addon repo it seems that you have already plenty of responsibilities.
While I agree that webhookrelay as it is now is not the perfect fit for HA and from the feedback I think I need to:
Add TLS pass-through so you can use HTTPS on your HA and get there directly through the TCP connection so the service even if it wanted couldn’t intercept the traffic. (I only have postgres database so probably it would die if I wanted it to do it)
Whitelist destinations on the client side, as in this use-case destinations are static and wouldn’t change much.
Thank you for this feedback and appreciate the trolls as well.
As for your project, I am really interested in solutions for this remote access that don’t require cloud services or anything installed on the HA side. I think ideal solution that people might want and that would be cheap to host maybe somehow tunnelling HTTP protocol over WebRTC and using public service just for signalling and the initial connection establishment?
Hi, no. That’s for webhook forwarding (https://webhookrelay.com/blog/2017/12/26/receiving-stripe-webhooks-localhost/). Webhook forwarding is a one-way traffic where the producer doesn’t get any response from the destination. It’s a simple and secure way to pass webhooks into your internal network, although cannot be used to expose web servers due to the lack of responses.
Tunnel related features are:
number of tunnels
custom subdomains
HTTPS
Currently I am full-time contracting for another company and helping integrate tunnels in their core product. I am, however, planning to introduce HTTPS pass-through feature so all the traffic would be encrypted from the service as well.
I wouldn’t recommend using it without HTTPS, it’s only meant to demo your websites or do some prototyping as all the traffic over HTTP in theory can be intercepted if you are logging in from internet cafes.
No other important limitations are there (except getting a random subdomain instead of choosing your own).
There are free open source alternatives such as https://github.com/fatedier/frp where you run it on a public service and connect to it from your home
It’s not less secure if done correctly. It’s built for the cases where you need to expose something ad-hoc or receive webhooks/expose services that are in internal network and can’t be easily exposed through a load balancer.
If you have a static IP, domain and a reverse proxy such as nginx then definitely go for it Here’s another great tool: https://github.com/bitly/oauth2_proxy
The tunnelling part is similar, but I guess the main difference is the one-way webhook forwarding where your service doesn’t get exposed to the internet while still being able to receive webhooks.
Probably another difference is the API driven configuration where you could script your node-red to only create a tunnel when you leave the house and tear it down once you are at home
I want to access my hassio from work place which only allow me to browse standard port and
I can’t run my hassio on port 80, because it seems my isp block that port.
Is this webhookrelay my solution?
Hi guys, just wanted to share an update. Current remote access add-on is 2.1.0. Most of the work went into making TLS tunnels as smooth as possible. Fixed issues:
After changing tunnel hostname in the config.json, it wouldn’t delete & recreate the tunnel. This now has been fixed and the add-on does the cleanup automatically.
There was an issue with TLS termination for Configurator and Node-RED add-ons. Connections were hanging after the initial loading of the static files. This has been fixed now.
About add-on
Architecture is quite simple: add-on uses DNS challenge together with DuckDNS to retrieve a certificate for your domain and then performs TLS termination on any incoming traffic from the tunnel. This way traffic is fully encrypted between your browser and the add-on.
I’ve been working on a similar service for Home Assistant the past few weeks
Hey, buddy I know it’s been a while, I just wanted to pop in and ask about this? Did you succeed? I am currently trying to get a bit of external access but I have a little NAT issue.
Hello. I have set this up as per instructions on first post. It looks like it is getting the requests, as the website actually loads, but to a blank page. Also I get these entries in the add-on’s log:
2021-11-27 20:29:53.830 ERROR GET http://127.0.0.1:8123 request failed: Get http://127.0.0.1:8123: EOF
2021-11-27 20:29:54.387 ERROR GET http://127.0.0.1:8123/favicon.ico request failed: Get http://127.0.0.1:8123/favicon.ico: EOF
And from the terminal add-on within home assistant I get:
~ curl http://127.0.0.1:8123
curl: (52) Empty reply from server