Closed bwosborne2 closed 2 years ago
Edit - lol oops, wrong link. Here's the right one:
https://github.com/mdhiggins/ESP8266-HTTP-IR-Blaster#security
That should be listed earlier, in the primary instructions. Many users looking for a solution will not drill down that deep.
I just corrected somebody on a forum looking to expose 50 televisions to the Internet using this .
An alternative would be to document using it with Google Assistant (via Home Assistant) which does not require exposing the IRBlasters to the internet.
Mine is secured by Raspberry Pi proxy. But this is a project add-on. Mine also works with Google assistant.
On Tue, Jan 18, 2022, 07:19 bwosborne2 @.***> wrote:
This needs to be secured, at a minimum, with https SSL encryption before exposing directly to the Internet
It might be better to route this through a secure, Internet hardened reversy proxy such as an nginx server
— Reply to this email directly, view it on GitHub https://github.com/mdhiggins/ESP8266-HTTP-IR-Blaster/issues/328, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANE5Z7HGQVBNRQ55E3BW77TUWWAJFANCNFSM5MHOM6UQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you are subscribed to this thread.Message ID: @.***>
Google Assistant (via Home Assistant)
You have HA parsing the http string? The user I corrected was on the HA forum.
Apparently the developer wants to support Alexa though.
You have HA parsing the http string? The user I corrected was on the HA forum.
My use case, arguably, is a simple one. I have a few IRBlasters attached to lights (just on/off), so the sequences are pretty simple.
The TL;DR is to configure Home Assistant to have a switch with an automation attached to toggle it back and forth, then call that from a fullfillment URL in the Google Assistant Add-On. There will need to be something like this for the automation to call:
rest_command:
master_led_off:
url: "http://10.120.128.1:8080/msg?code=F7C03F:NEC:32&address=0xef00"
method: put
master_led_on:
url: "http://10.120.128.1:8080/msg?code=F740BF:NEC:32&address=0xef00"
method: put
Security limitations are discussed at length in the readme and there are security options in place within the limits of the hardware. The MQTT beach also offers an additional solution without opening the port for those that wish to provide their own MQTT server. Reverse proxies or using an intermediate such as HA are also options.
This needs to be secured, at a minimum, with https SSL encryption before exposing directly to the Internet
It might be better to route this through a secure, Internet hardened reverse proxy such as an nginx server