Hello everyone, this isn't any problem or issue with my Octoprint setup. I'm rather seeking advice. I recently got my hands on IFTTT and Webhooks. I currently have Octoprint running on RPi 3B+ and connected to Ender 3. Also I have different RPi on that same network, which is serving as VPN server. Now here's where I need your help: I want to use Google Assistant as a trigger in IFTTT and send request through Webhooks as an action. Example: "Ok Google, stop print." Rest API for this thing is just perfect, but I don't know how to restrict access to Octoprint. Yes I can do port forwarding or NAT but it seems little unsecure to me. If webhooks service had a static IP I would use that as a NAT restriction, but unfortunately it doesn't. As I mentioned I have a VPN server already set up, so remote access would be only for webhook service and nothing else. Thank you in advance for replies and advices.
You should search the forum here for "safe remote access" and read the many conversations about the good, the bad and the ugly attempts.
For my own Alexa-based J.A.R.V.I.S. interface to my printer (cloud-based), I had to write a reverse proxy that would accept the inbound Lambda service responses and route them over to the OctoPrint instance (safely). My own port forward then came through this proxy and managed the security.
I also wrote an ESP8266-based "big red button" as an IFTTT which would make a call to a local service running on the Raspberry which has OctoPrint. So it never hit the cloud in this case.
Are you sure that IFTTT/Webhooks needs to talk to the cloud? It's possible that this will work locally. In theory, if the GET goes to some
whatever.local hostname then it will try to send that locally.
Thank you for your ideas. I'm not familiar with "big red button". I ran across some interesting services, for example "Webhook tunnel", which could make use in my situation. Or maybe is there some way of configuring iptables to accept every request from local network, but only specific requests from public network? That would also work..
Maybe I found the solution for my problem - https://github.com/localtunnel/localtunnel. It lets me to expose Octoprint without port forwarding. I can access it from anywhere and it defaultly creates a random subdomain, but I can configure it too. And that's suitable for webhooks - wouldn't we very nice if I had to change source domain in Webhook after every Octoprint startup :D.
By BRB, I mean your basic IFTTT (Amazon Dash button) sort of push-this-button-and-it-makes-a-GET-call. This particular part what written in the Arduino IDE (C-based). Search for the term if you're interested to see some of these in action.
Couldn't tell you about
localtunnel. I've not worked with that before and couldn't tell you whether or not it's safe.