Controlicz - Easy Domoticz to Alexa Integration Topic is solved
Moderator: leecollings
-
- Posts: 331
- Joined: Sunday 22 February 2015 12:19
- Target OS: Linux
- Domoticz version: 2020.x
- Location: Netherlands
- Contact:
Re: Easy Domoticz to Alexa Integration
@Madgeni:
I really appreciate your hard work and the service, but I'm a little worried about security and privacy.
Your service now hosts the credentials, IP/Port-numbers, and probably logs of all the the devices and all the interactions of over 300 Domoticz users as I understand. That makes it an interesting attack-vector for the bad guys. And of course we also need to "trust" you with all this information, even if I believe this is all with the best intentions.
Could you eleborate a bit on the privacy and security measures you have in place and why we can trust that this setup is not too risky? (I can't find any privacy/security statements on Controlicz.com)
It would be a little bit better if Controlicz would not have to have access to the local Domoticz-installation (thus needing to opening firewalls and providing credentials) but if Domoticz would initiate the connection to the service, and the service itself could be secured with 2FA, just like it is done by MyDomoticz.com.
What do you think of this, is that something on your roadmap?
I really appreciate your hard work and the service, but I'm a little worried about security and privacy.
Your service now hosts the credentials, IP/Port-numbers, and probably logs of all the the devices and all the interactions of over 300 Domoticz users as I understand. That makes it an interesting attack-vector for the bad guys. And of course we also need to "trust" you with all this information, even if I believe this is all with the best intentions.
Could you eleborate a bit on the privacy and security measures you have in place and why we can trust that this setup is not too risky? (I can't find any privacy/security statements on Controlicz.com)
It would be a little bit better if Controlicz would not have to have access to the local Domoticz-installation (thus needing to opening firewalls and providing credentials) but if Domoticz would initiate the connection to the service, and the service itself could be secured with 2FA, just like it is done by MyDomoticz.com.
What do you think of this, is that something on your roadmap?
-
- Posts: 65
- Joined: Tuesday 24 February 2015 15:54
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
Hi Madgeni,
Great work!
Just wondering, is there any way to filter which devices in domoticz are visible to controlicz?
I only want to add certain devices to controlicz you see and already have rooms setup...
Ideally controlicz would look for devices in a specifically named room, say a room called "controlicz"
I could always remove the unwanted ones after discovery one by one in the alex app but that isn't practical as any small change requiring rediscovery would add them all back again...
Thanks!
Great work!
Just wondering, is there any way to filter which devices in domoticz are visible to controlicz?
I only want to add certain devices to controlicz you see and already have rooms setup...
Ideally controlicz would look for devices in a specifically named room, say a room called "controlicz"
I could always remove the unwanted ones after discovery one by one in the alex app but that isn't practical as any small change requiring rediscovery would add them all back again...
Thanks!
-
- Posts: 111
- Joined: Wednesday 12 October 2016 14:33
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
You should setup a new user and only assign the devices you would like Alexa to see to that user.cherowley wrote: ↑Tuesday 24 October 2017 17:21 Hi Madgeni,
Great work!
Just wondering, is there any way to filter which devices in domoticz are visible to controlicz?
I only want to add certain devices to controlicz you see and already have rooms setup...
Ideally controlicz would look for devices in a specifically named room, say a room called "controlicz"
I could always remove the unwanted ones after discovery one by one in the alex app but that isn't practical as any small change requiring rediscovery would add them all back again...
Thanks!
Don't forget to change the credentials in controlicz.
-
- Posts: 3
- Joined: Thursday 26 October 2017 14:20
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
Hi Madgeni
I am running Domoticz on RaspberryPi , setup my account on Controlicz , create roomplan , added devices , created user , allowed devices per user , enabled skill - but still no luck , tried multiple times .. read FAQ `s .. appreciate any help
I am running Domoticz on RaspberryPi , setup my account on Controlicz , create roomplan , added devices , created user , allowed devices per user , enabled skill - but still no luck , tried multiple times .. read FAQ `s .. appreciate any help
-
- Posts: 331
- Joined: Sunday 22 February 2015 12:19
- Target OS: Linux
- Domoticz version: 2020.x
- Location: Netherlands
- Contact:
Re: Easy Domoticz to Alexa Integration
Any thoughts on this?Bikey wrote: ↑Monday 23 October 2017 17:07 @Madgeni:
I really appreciate your hard work and the service, but I'm a little worried about security and privacy.
Your service now hosts the credentials, IP/Port-numbers, and probably logs of all the the devices and all the interactions of over 300 Domoticz users as I understand. That makes it an interesting attack-vector for the bad guys. And of course we also need to "trust" you with all this information, even if I believe this is all with the best intentions.
Could you eleborate a bit on the privacy and security measures you have in place and why we can trust that this setup is not too risky? (I can't find any privacy/security statements on Controlicz.com)
It would be a little bit better if Controlicz would not have to have access to the local Domoticz-installation (thus needing to opening firewalls and providing credentials) but if Domoticz would initiate the connection to the service, and the service itself could be secured with 2FA, just like it is done by MyDomoticz.com.
What do you think of this, is that something on your roadmap?
-
- Posts: 84
- Joined: Wednesday 16 August 2017 8:08
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 2023.1
- Location: UK
- Contact:
Re: Easy Domoticz to Alexa Integration
Have you opened port 443 in your router? You should be able to access Domoticz through https://YOUR_IP_ADDRESS when not on your own network. Check this works as this is how Controlicz connects (for this test I just use my smartphone browser and ensure connected by 3G or 4G, ie not the your home wi-fi).
-
- Posts: 3
- Joined: Thursday 26 October 2017 14:20
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
Hi , yes can access via https:// from my phone , this gets me to the web login page .. where i need to enter my web username and password .. is these the credentials that have to be in controlicz ? as this web login is different to the users i have created in domoticz settings-users
-
- Posts: 84
- Joined: Wednesday 16 August 2017 8:08
- Target OS: Raspberry Pi / ODroid
- Domoticz version: 2023.1
- Location: UK
- Contact:
Re: Easy Domoticz to Alexa Integration
Yes, use the "uid" and "pwd" you provided Controlicz and you should also have setup a user in Domoticz with the same credentials.
-
- Posts: 3
- Joined: Thursday 26 October 2017 14:20
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
happy days working .. needed to ensure my website protection user was a user that was in the user list and make sure that was user on controlicz .. all working
-
- Posts: 1571
- Joined: Friday 25 March 2016 17:43
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
Hi - sorry, half term so been away
@bikey - I saw your post, and was dying to respond, but didn't have a chance - this is a complex subject - so let's start at the beginning
In order to interact with Alexa, you need to use Oauth2, and your HA system needs to be connected to the internet. I guess those are the two main requirements.
I wrote a skill originally, which had a 'fake' oauth2 server, and a skill which required you to host it yourself on a lambda. Whilst this was fine for some, the bar was a little high for some people, and I wanted to provide something more 'native' to Alexa. To do this, i therefore *had* to provide a centralised service for Alexa to connect to, and a working Oauth2 server (after all, i wanted to protect your data!) - so Controlicz was born.
Controlicz as a web app uses a proper ssl cert - and the data you provide me is encrypted using bcrypt.
The interaction between Amazon and controlicz is via tokens, so no credentials are passed.
I've run various OWASP tests against Controlicz, and whilst it has room for improvement, it is reasonably sound.
I have no access to your details - all i have is token details from Amazon, and logging the REST Apis i've had to build to get this working in the Amazon Cloudwatch logs.
HOWEVER - the domoticz API itself only provides consumption using username:password in the url, which is, let's face it, sub-optimal. There is nothing I can do about that, I don't own Domoticz, but they have an almost constant backlog of devices to add, amend, or alter, so can see why external access to individual implementations isn't a priority. But it is weak. that is why I enforce you setting up SSL ( I can't enforce you using an actual SSL cert - but you should). For complete transparency, I can turn on logging of the calls to your hosts, but they are not persisted anywhere, and I only do this if someone contacts me with an issue, and I have to go through a fairly complex process to link an oauth token to the actual call, which no-one else could have.
Also, i don't know mydomoticz - but remember, Alexa is incepting the call, so it's not down to Domoticz sending a heartbeat/status update, it has to respond to something it is asked to do by Alexa. There's no real opportunity for 2FA, i could, for sign up to Controlicz, but once you've registered, it's down to Oauth2 to handle the interaction (and the direct call to your Domoticz host).
I will say that I want Controlicz to be used, i believe in it, and want to expand it to Google Home/OK Google, Siri, a chat bot and more - but am limited to fitting it with a distributed HA system, rather than a centralised one
I would also note that, like Domoticz devs, I do this for free - and incur a bill each month for hosting Controlicz and the lambdas to run the Alexa integration!
@bikey - I saw your post, and was dying to respond, but didn't have a chance - this is a complex subject - so let's start at the beginning
In order to interact with Alexa, you need to use Oauth2, and your HA system needs to be connected to the internet. I guess those are the two main requirements.
I wrote a skill originally, which had a 'fake' oauth2 server, and a skill which required you to host it yourself on a lambda. Whilst this was fine for some, the bar was a little high for some people, and I wanted to provide something more 'native' to Alexa. To do this, i therefore *had* to provide a centralised service for Alexa to connect to, and a working Oauth2 server (after all, i wanted to protect your data!) - so Controlicz was born.
Controlicz as a web app uses a proper ssl cert - and the data you provide me is encrypted using bcrypt.
The interaction between Amazon and controlicz is via tokens, so no credentials are passed.
I've run various OWASP tests against Controlicz, and whilst it has room for improvement, it is reasonably sound.
I have no access to your details - all i have is token details from Amazon, and logging the REST Apis i've had to build to get this working in the Amazon Cloudwatch logs.
HOWEVER - the domoticz API itself only provides consumption using username:password in the url, which is, let's face it, sub-optimal. There is nothing I can do about that, I don't own Domoticz, but they have an almost constant backlog of devices to add, amend, or alter, so can see why external access to individual implementations isn't a priority. But it is weak. that is why I enforce you setting up SSL ( I can't enforce you using an actual SSL cert - but you should). For complete transparency, I can turn on logging of the calls to your hosts, but they are not persisted anywhere, and I only do this if someone contacts me with an issue, and I have to go through a fairly complex process to link an oauth token to the actual call, which no-one else could have.
Also, i don't know mydomoticz - but remember, Alexa is incepting the call, so it's not down to Domoticz sending a heartbeat/status update, it has to respond to something it is asked to do by Alexa. There's no real opportunity for 2FA, i could, for sign up to Controlicz, but once you've registered, it's down to Oauth2 to handle the interaction (and the direct call to your Domoticz host).
I will say that I want Controlicz to be used, i believe in it, and want to expand it to Google Home/OK Google, Siri, a chat bot and more - but am limited to fitting it with a distributed HA system, rather than a centralised one
I would also note that, like Domoticz devs, I do this for free - and incur a bill each month for hosting Controlicz and the lambdas to run the Alexa integration!
Native Alexa skill and Google app - register at https://www.controlicz.com - https://twitter.com/Controlicz
-
- Posts: 331
- Joined: Sunday 22 February 2015 12:19
- Target OS: Linux
- Domoticz version: 2020.x
- Location: Netherlands
- Contact:
Re: Easy Domoticz to Alexa Integration
Hi thanks for your elaboration on the subject. And again also thanks for all the efforts you put into this.
About my reference to MyDomoticz: what they do is to make the local Domoticz installation to connect to the "MyDomoticz" cloud (using a token) and then maintain the connection. After that, the MyDomoticz cloud works as a proxy for calls to the local installation.
So the connection setup is not initiated from "the internet", but the other way around. By doing so, you no longer have to open up your firewall or provide your local Domoticz credentials to a cloud provider. Which then also can not be hacked by anyone. The account on 'MyDomoticz" can also be secured with 2FA, so brute force attacks are not possible anymore (in contrast with opening Domoticz to the internet).
This kind of setup is used by most other home automation systems with local installations that need to connect to the cloud, like Philips HUE and Logitec Harmony and even by the Amazon Echo itself, so I think this is a best practice you may want to consider?
To do this for Controlicz of course would require adjustments to the Domotica-code so it would establish the connection, but hopefully much of the code of MyDomoticz can be reused and hopefully the developers can help you with that.
About my reference to MyDomoticz: what they do is to make the local Domoticz installation to connect to the "MyDomoticz" cloud (using a token) and then maintain the connection. After that, the MyDomoticz cloud works as a proxy for calls to the local installation.
So the connection setup is not initiated from "the internet", but the other way around. By doing so, you no longer have to open up your firewall or provide your local Domoticz credentials to a cloud provider. Which then also can not be hacked by anyone. The account on 'MyDomoticz" can also be secured with 2FA, so brute force attacks are not possible anymore (in contrast with opening Domoticz to the internet).
This kind of setup is used by most other home automation systems with local installations that need to connect to the cloud, like Philips HUE and Logitec Harmony and even by the Amazon Echo itself, so I think this is a best practice you may want to consider?
To do this for Controlicz of course would require adjustments to the Domotica-code so it would establish the connection, but hopefully much of the code of MyDomoticz can be reused and hopefully the developers can help you with that.
-
- Posts: 1571
- Joined: Friday 25 March 2016 17:43
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
Ok, so documentation is limited on myDomoticz - but they don't provide Oauth2 tokens, so i'm unclear on the security model. Philips Hue use a proprietary model (essentially they've rolled their own Oauth2), Amazon use Oauth2. I use Oauth2.
2FA adds another layer of security for initial access, yes, but again, Alexa initiates these requests, programmatically, via 'the internet', and as it runs discoveries quite frequently, i can't see how 2FA would work (it can't) and besides, that's the point of issuing Oauth2 tokens anyway.
A quick glance at OpenHab's Cloud Service shows me that it's providing the same service that I do, the difference is that the client software can run an oauth2 client, so no need to store details centrally.
The TL:DR is that i'm doing it the right way *with the constraints set by the current Domoticz setup*. If they built an oauth2 service, or an oauth2 client, there would be no need for a centralised register - but whatcanyoudo?
Also, not sure about opening up to the internet, if you want stuff to connect to you outside your network, and you're not using a VPN, it's connected to the internet - like an Echo, like a Hue Bridge.
I'm all for debate, and am constantly aware that i'm advocating connecting your stuff to my stuff, and the trust around that. If it makes you feel any better, i've designed and built large-scale platforms for banks and finance companies with stringent regulatory constraints.
But at the end of the day, if you don't want to use it, don't
2FA adds another layer of security for initial access, yes, but again, Alexa initiates these requests, programmatically, via 'the internet', and as it runs discoveries quite frequently, i can't see how 2FA would work (it can't) and besides, that's the point of issuing Oauth2 tokens anyway.
A quick glance at OpenHab's Cloud Service shows me that it's providing the same service that I do, the difference is that the client software can run an oauth2 client, so no need to store details centrally.
The TL:DR is that i'm doing it the right way *with the constraints set by the current Domoticz setup*. If they built an oauth2 service, or an oauth2 client, there would be no need for a centralised register - but whatcanyoudo?
Also, not sure about opening up to the internet, if you want stuff to connect to you outside your network, and you're not using a VPN, it's connected to the internet - like an Echo, like a Hue Bridge.
I'm all for debate, and am constantly aware that i'm advocating connecting your stuff to my stuff, and the trust around that. If it makes you feel any better, i've designed and built large-scale platforms for banks and finance companies with stringent regulatory constraints.
But at the end of the day, if you don't want to use it, don't
Native Alexa skill and Google app - register at https://www.controlicz.com - https://twitter.com/Controlicz
-
- Posts: 1571
- Joined: Friday 25 March 2016 17:43
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
So i'm after some victims, i mean Beta testers for the new version. It will require you to PM me your email address, disable controlicz, and enable the new skill, then use it as normal, and let me know what's not working. This version offers you Scenes in the right place on the app (/shrugs), but also status updates back to the App (so you can check status of devices via the App - is that light on, is the front door open? etc)
As I mentioned, Amazon have deprecated the current version of their API, so I've had to refactor *everything* - there are bound to be some bugs, but it has to be done i'm afraid!
For those who don't take part, don't worry! Once i've ironed out any issues, the transition *should* be seamless to you, and Controlicz will continue to be the skill. I've created a separate skill for testing purposes only.
As I mentioned, Amazon have deprecated the current version of their API, so I've had to refactor *everything* - there are bound to be some bugs, but it has to be done i'm afraid!
For those who don't take part, don't worry! Once i've ironed out any issues, the transition *should* be seamless to you, and Controlicz will continue to be the skill. I've created a separate skill for testing purposes only.
Native Alexa skill and Google app - register at https://www.controlicz.com - https://twitter.com/Controlicz
-
- Posts: 76
- Joined: Saturday 31 December 2016 21:03
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
I'm game... I'll ping you my email in a PM.
Also, I was reading yesterday about 'Groups' in the Alexa app, it seems you can place an echo and a number of devices into a group, which according to the burlb (I think) should allow things like 'Alexa, turn on the light' - which will act on the device located in the same room as the echo (without specifically naming the device).
I tried it out last night and couldn't really get it to work any further than turning on / off whatever the group name was.. any ideas how/if this integrates with controlicz?
I've got multiple echos / lights / tvs etc.. it would be great to just say 'turn on the light', 'turn off the tv' and have that work in whatever room I said it in, rather than remembering specific namings.
Also, I was reading yesterday about 'Groups' in the Alexa app, it seems you can place an echo and a number of devices into a group, which according to the burlb (I think) should allow things like 'Alexa, turn on the light' - which will act on the device located in the same room as the echo (without specifically naming the device).
I tried it out last night and couldn't really get it to work any further than turning on / off whatever the group name was.. any ideas how/if this integrates with controlicz?
I've got multiple echos / lights / tvs etc.. it would be great to just say 'turn on the light', 'turn off the tv' and have that work in whatever room I said it in, rather than remembering specific namings.
-
- Posts: 1571
- Joined: Friday 25 March 2016 17:43
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
they seem to work fine from the app - added in a scene and a couple of switches to a group called 'Test' - then added one of my Echos, and could say 'Alexa Test on' and it turned everything in the group on
Native Alexa skill and Google app - register at https://www.controlicz.com - https://twitter.com/Controlicz
-
- Posts: 111
- Joined: Wednesday 12 October 2016 14:33
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
I don't think the Groups with Echo devices are implemented fully outside of the US yet. I was testing this yesterday too.
Usually the case that the US gets new features well before us.
Usually the case that the US gets new features well before us.
-
- Posts: 12
- Joined: Monday 21 August 2017 15:17
- Target OS: NAS (Synology & others)
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
Hi Madgeni,
Thank you so much for all the work you have put into Controlicz, it is awesome!!
I like to check with you if Virtual switch is being supported by Controlicz?
> Have 1 TP link switch which I have added it as a virtual Switch via this guide (http://forums.4fips.com/viewtopic.php?f=3&p=7315)
> After doing so I added the Virtual switch to a room/floor plan and ran rediscover on alexa but to no avail, switch does not appear.
Thank you so much for all the work you have put into Controlicz, it is awesome!!
I like to check with you if Virtual switch is being supported by Controlicz?
> Have 1 TP link switch which I have added it as a virtual Switch via this guide (http://forums.4fips.com/viewtopic.php?f=3&p=7315)
> After doing so I added the Virtual switch to a room/floor plan and ran rediscover on alexa but to no avail, switch does not appear.
-
- Posts: 1571
- Joined: Friday 25 March 2016 17:43
- Target OS: Raspberry Pi / ODroid
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
Hey sgeaglef15
Can you do me a favour, and post a screenshot from the Domoticz Device tab? Name/SubType are part of the decision making for discovery - that could be why it's not finding it.
Can you do me a favour, and post a screenshot from the Domoticz Device tab? Name/SubType are part of the decision making for discovery - that could be why it's not finding it.
Native Alexa skill and Google app - register at https://www.controlicz.com - https://twitter.com/Controlicz
-
- Posts: 12
- Joined: Monday 21 August 2017 15:17
- Target OS: NAS (Synology & others)
- Domoticz version:
- Contact:
Re: Easy Domoticz to Alexa Integration
Hi Madgeni,
Here you go, please see attachment.
Regards
Here you go, please see attachment.
Regards
- Attachments
-
- 4B6F5638-0146-4ED4-8C44-AC8CD308EAB8.jpeg (131.95 KiB) Viewed 2647 times
-
- BD347B56-5412-49F1-8B46-8D49372E3188.jpeg (300.93 KiB) Viewed 2647 times
Who is online
Users browsing this forum: No registered users and 0 guests