[digiltd]

So I've implemented this and it's working successfully but am concerned over the potential security implications and have a few questions:

1. What are the security considerations for running the Heroku - Kodi integration over HTTP as this will expose your kodi credentials in plain text right?
2. How secure is the Kodi webserver itself? From what I've read it's fairly restricted in terms of what you can actually do with it but it's still a potential backdoor.
3. Does anyone have any links for setting up NGINX or similar so that it's HTTPS between Heroku and NGINX and then HTTP between NGINX and Kodi? I've searched the internet for examples but no dice.

Thanks in advance for any feedback or comment.

Your concerns are very valid and it is something I struggled with, but I got there in the end. I do plan on writing something for the repo about it.

The hardest part was getting my head around the concept of a reverse proxy. This guide was the thing that made it all "click" for me: http://www.htpcguides.com/secure-nginx-r...16-04-lts/

[rlg6767]

Your concerns are very valid and it is something I struggled with, but I got there in the end. I do plan on writing something for the repo about it.

The hardest part was getting my head around the concept of a reverse proxy. This guide was the thing that made it all "click" for me: http://www.htpcguides.com/secure-nginx-r...16-04-lts/

Yes, very familiar with the htpc guides site. Thanks for pointing me to this.

Would you mind explaining if there is any configuration required on the Heroku side to get this to work? I'm guessing possibly not as it's a public certificate right?

Also, I currently run an Ubuntu server for plex, tvheadend, file server etc. Is there much of a security risk running nginx on that or would I be better off putting it on a spare pi I have?

[iamlegend2008]

Hi

The invocation name is "the living room"

Im not seeing ANY activity in the activity section of Heroku but using the testing service some commands are getting to the Kodi box. For example, Play a random movie always works (from the skill tester) as does "Alexa tell the living room to play a good day to die hard"

I have a music library of 70,000 songs and most times using the skill tester to say "alexa play alison moyet" (as an example) mostly returns the remote endpoint could not be called, or the response it returned was invalid. (but sometimes the music plays and sometimes it does not (my kodi box is a raspberry pi 3)

Nothing works from the Echo itself.except "Im sorry i cant find the answer to the question i heard"

I know I'm close but Im so far away

Anu help would be appreciated. Thanks

I know the feeling. I'm not an expert either. It sounds like it is working but I have seen a few other posts where people have struggled with large libraries. Maybe that is causing it to time out. Can you delete your music library and try it with a small set of music? You probably need to amend your Amazon slots as well if you do this (possibly not).

Also, the code is being updated fairly regularly. Might be worth rebuilding the Heroku app and trying again (that fixed a weird bug for me, see a few posts up).

Other than that, not a lot I can suggest. I'm no coder and managed to get it working through trial and error.

Hi

No worries. Do you mind explaining how you enabled logging in heroku ?

Thanks.

[digiltd]

Would you mind explaining if there is any configuration required on the Heroku side to get this to work? I'm guessing possibly not as it's a public certificate right?

Also, I currently run an Ubuntu server for plex, tvheadend, file server etc. Is there much of a security risk running nginx on that or would I be better off putting it on a spare pi I have?

You would need to make a small adjustment to kodi.py to enable https

Change the following (currently at line 94)

Code:

url = "http://%s:%d/jsonrpc" % (KODI, PORT)

to

Code:

url = "https://%s:%d/jsonrpc" % (KODI, PORT)

You could install on the same machine, though to be safer and to have more control then install it on a Pi because your Kodi install is on what sounds an important box on of your network.

You can also deny connections from all IPs other than those you specify. Heroku might publish the ip range they use, AWS do and you can filter by service and region. This lets me only allow requests from AWS Lambda in the EU region

[rlg6767]

Hi

No worries. Do you mind explaining how you enabled logging in heroku ?

Thanks.

Just run the command "Heroku logs" from the Tool Belt Command Line Tool (as per here: http://www.joeipson.com/articles/alexa-kodi/)

[rlg6767]

You would need to make a small adjustment to kodi.py to enable https

Change the following (currently at line 94)

Code:

url = "http://%s:%d/jsonrpc" % (KODI, PORT)

to

Code:

url = "https://%s:%d/jsonrpc" % (KODI, PORT)

You could install on the same machine, though to be safer and to have more control then install it on a Pi because your Kodi install is on what sounds an important box on of your network.

You can also deny connections from all IPs other than those you specify. Heroku might publish the ip range they use, AWS do and you can filter by service and region. This lets me only allow requests from AWS Lambda in the EU region

Great thanks for this. Will test it out over the weekend.

[rafisher79]

Hi,I tried to set it up but the deploy-lambda gives an error that I need to specify region, but the region is in the .env file
and when I tried to create manually the lambda function I get an error can't import module wsgi

Any ideas?

Thanks

UPD: Got it
Thanks

Do you mind sharing what you did to resolve this? I am currently experiencing this issue and am pulling my hair out trying to figure out what the issue is.

Thank you!

lol I'm having the same problem. anyone else have any insight?

[rafisher79]

Well, I got it working by installing the aws cli and setting region via that config.

I was only getting a 5% success rate too until I changed the keyword from kodi to tv. My Alexa history kept showing "Cody" on all the failed attempts.

Thanks for this OP. It is amazing! Will you ever put the PVR functionality in? I'd love to ask it to play "ESPN" sometime!

[freemans13]

I've forked the excellent work done by m0ngr31 to add some PVR functionality.
This version let's you change channel ('alexa, ask kodi to watch ITV 2 plus 1').
It also lets you switch channel by calling out the progam name ('alexa, ask kodi to switch to Strictly Come Dancing'). This will scan the EPG to find the channels that are/will-be broadcasting the program and switches to the channel automatically.

What I want to do next is add the ability to record programs but the Kodi API doesn't give us this functionality yet
It does appear that the up and coming Krypton will address this.
I'm considering adding the recording feature via tvheadend in the mean time. That does have an API that I could use but ideally I integrate with kodi.

https://github.com/freemans13/kodi-alexa-pvr

I'd rather this go back into m0ngr31 repository but not until I've ironed out the bugs and added all the functionality needed.

Hope this helps.

[rlg6767]

I've forked the excellent work done by m0ngr31 to add some PVR functionality.
This version let's you change channel ('alexa, ask kodi to watch ITV 2 plus 1').
It also lets you switch channel by calling out the progam name ('alexa, ask kodi to switch to Strictly Come Dancing'). This will scan the EPG to find the channels that are/will-be broadcasting the program and switches to the channel automatically.

What I want to do next is add the ability to record programs but the Kodi API doesn't give us this functionality yet
It does appear that the up and coming Krypton will address this.
I'm considering adding the recording feature via tvheadend in the mean time. That does have an API that I could use but ideally I integrate with kodi.

https://github.com/freemans13/kodi-alexa-pvr

I'd rather this go back into m0ngr31 repository but not until I've ironed out the bugs and added all the functionality needed.

Hope this helps.

Will test this out as soon as I've got my reverse proxy up and running!!

[rlg6767]

Your concerns are very valid and it is something I struggled with, but I got there in the end. I do plan on writing something for the repo about it.

The hardest part was getting my head around the concept of a reverse proxy. This guide was the thing that made it all "click" for me: http://www.htpcguides.com/secure-nginx-r...16-04-lts/

Will this work with a ddns account? From what I've read I don't think they (or many others) support HTTPS....

[rafisher79]

I've forked the excellent work done by m0ngr31 to add some PVR functionality.
This version let's you change channel ('alexa, ask kodi to watch ITV 2 plus 1').
It also lets you switch channel by calling out the progam name ('alexa, ask kodi to switch to Strictly Come Dancing'). This will scan the EPG to find the channels that are/will-be broadcasting the program and switches to the channel automatically.

What I want to do next is add the ability to record programs but the Kodi API doesn't give us this functionality yet
It does appear that the up and coming Krypton will address this.
I'm considering adding the recording feature via tvheadend in the mean time. That does have an API that I could use but ideally I integrate with kodi.

https://github.com/freemans13/kodi-alexa-pvr

I'd rather this go back into m0ngr31 repository but not until I've ironed out the bugs and added all the functionality needed.

Hope this helps.

Great! I'll try it out tonight. Thanks!

[digiltd]

Your concerns are very valid and it is something I struggled with, but I got there in the end. I do plan on writing something for the repo about it.

The hardest part was getting my head around the concept of a reverse proxy. This guide was the thing that made it all "click" for me: http://www.htpcguides.com/secure-nginx-r...16-04-lts/

Will this work with a ddns account? From what I've read I don't think they (or many others) support HTTPS....

Some claim they do, DuckDNS being one of them (https://www.duckdns.org/faqs.jsp) Afriad being another (https://freedns.afraid.org/dynamic/)

Though I set up my own ddns using this guide:

https://www.flynsarmy.com/2015/12/settin...-route-53/

You need a server online that can host sites which you have root access to (DigitalOcean or similar).

You also need an AWS account where you have the domain you want to use already setup with Route53.

It is not a simple task and you could easily do a lot of damage, these services rely on you to know what you are doing and there is no support you can email to fix it for you. I was already familiar with DigitalOcean and AWS, I use them regularly for my work. But if you have never used AWS, specifically hosting domains and routing traffic with Route53, and have never setup a server using the command line, you would be better off hunting down a ddns services that offers https.

There must be some.

Good luck

[rlg6767]

You would need to make a small adjustment to kodi.py to enable https

Change the following (currently at line 94)

Code:

url = "http://%s:%d/jsonrpc" % (KODI, PORT)

to

Code:

url = "https://%s:%d/jsonrpc" % (KODI, PORT)

You could install on the same machine, though to be safer and to have more control then install it on a Pi because your Kodi install is on what sounds an important box on of your network.

You can also deny connections from all IPs other than those you specify. Heroku might publish the ip range they use, AWS do and you can filter by service and region. This lets me only allow requests from AWS Lambda in the EU region

I've got the NGINX server running but am a bit stuck when it comes to the configuration for the Kodi webserver.

The below is for couchpotato, do you know how I should edit this to reflect a Kodi configuration (not on the same box....)? I know what the IP address and port are for the Kodi box, but a bit stuck with the rest of it.

Also, from a port forwarding perpsective, do I just allow 80 and 443 through to the NGINX server or do I also need to forward the inbound Kodi port to the NGINX server as well? A bit confused as to how that bit works.....

location /couchpotato {
proxy_pass http://127.0.0.1:5050;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

[rlg6767]

Some claim they do, DuckDNS being one of them (https://www.duckdns.org/faqs.jsp) Afriad being another (https://freedns.afraid.org/dynamic/)

Though I set up my own ddns using this guide:

https://www.flynsarmy.com/2015/12/settin...-route-53/

You need a server online that can host sites which you have root access to (DigitalOcean or similar).

You also need an AWS account where you have the domain you want to use already setup with Route53.

It is not a simple task and you could easily do a lot of damage, these services rely on you to know what you are doing and there is no support you can email to fix it for you. I was already familiar with DigitalOcean and AWS, I use them regularly for my work. But if you have never used AWS, specifically hosting domains and routing traffic with Route53, and have never setup a server using the command line, you would be better off hunting down a ddns services that offers https.

There must be some.

Good luck

Yep, it seems to work without any configuration required on my DDNS provider. It's passing the HTTPS request through to NGINX.