I’m currently using GPSTracker - Bindings | openHAB to create a kind of presence detection. Everything works pretty well but the requirement to use the reverse proxy of myopenhab.org to redirect the GPS data to my local installation violates my “local only approach”.
The fact, that I have to use the “notification and remote access” mode in the openHAB cloud connector configuration offers me to functionality to remote access my local installation and receive GPS data from OwnTracks but my goal is to just receive the GPS data without reverse proxying my local instance.
My local instance should be accessible only through my local network or via VPN and should require neither any cloud solution nor opening any ports directly on my firewall. Therefore, I am asking if someone has a different approach to sync GPSTracker data to the local openHAB instance?
I have even played with the thought to install my own “myopenhab instance” but I would like to bypass this
Because I’m using Apple devices my second approach is to use iCloud - Bindings | openHAB instead of OwnTracks (GPSTracker) but I don’t like to put my iCloud password in cleartext into any config file.
Would be very pleased if you have some recommendations on this.
I use Homekit and GPS tracker with myopenhab.org as my redundant pair of presence detecters.
It works reliably and well.
In my homekit implementation, I created a switch item in OH, then added the homekit metadata to link it to homekit as a switchable. It then shows up in the Apple Home app, no iCloud credentials required. I then add 2 homekit automations which sets the Home app switch depending on whether I leave or arrive home. I think you will need a Homekit hub, I have an apple TV 4K. I’m not sure if the Homekit hub is required.
By using only one homekit presence detector in the generic presence detection pattern, it could satisfy your use case requirements
Well, other than opening a port for your VPN server, you can already do this with the GPS Tracker binding. That’s how I have it setup: the OwnTracks app points to my local openHAB host at http://192.168.1.153:8080/gpstracker/gpslogger, which is obviously only accessible remotely when connected back in via VPN.
Yes, that is possible but if I am not connected to my local network, I won’t get any GPS data. As soon as I leave my place, I get also disconnected from WIFI. Because I am not connected to VPN all the time, openHAB will never get the information that I left the location.
Good idea, I had that in mind too. The only trade-off here are that it’s only working with Apple devices (shouldn’t be a big deal in my case) and that I am not getting any additional GPS data (current location). But for presence detection it should work properly without any reverse proxy and my be even more reliable than OwnTracks.
But you could be - you could leave the VPN connected at all times. Not so great on battery, but if you’re truly wanting a local system with zero 3rd party involvement (such as Apple) then there’s compromises.
Just to check - are you only concerned about presence detection in your own home? If so, maybe the Network Binding with its device ping features may be more suited to this?
Yes, that is definitely an option for me but unfortunately this idea won’t be accepted by other family members. The killer argument will be the faster battery drainage and the fact, that all devices must stay connected to my local VPN
Presence detection is the prio one topic. Another good gimmick comes with GPSTracker is the GPS tracing and positioning.
I have already tried to integrate presence detection via network binding, but unfortunately this isn’t reliable enough. Sometimes my phone disconnected from WIFI if it hasn’t been used for a while and increasing the timeout (as discussed in other topics here in this forum) isn’t that great. If I have to wait 10 minutes until my smarthome recognizes that everyone has left the place is way too long. Another argument is that if some puts their phone into airplane mode I don’t even know, if the person has left the place or if the device just lost the WIFI connection. But of course, using GPSTracker comes with the trade-off of requiring myopenhab.org as a reverse proxy.
To sum this whole story up: I need a reliable solution which won’t force any family member to change the behaviour they are using their devices. It should be secure and offer the ability, to run it without exposing my whole openHAB instance to a cloud service. Maybe the solution @smitopher has mentioned is the best way to go. Even if I lose the ability to track device locations.
My aimed solution would be to stay with OwnTracks but limiting the access I have to grant to myopenhab.org. Just a cloud endpoint which redirects the GPS data to my local instance without reverse proxy everything would be perfect for me. But as far as I know this isn’t possible.
Don’t all of these also prevent you sending GPS data to your openHAB, irrespective of whether you use myopenhab, or connect directly?
Not particularly arguing either way - I guess I struggle with the same edge cases - but I don’t particularly understand what switching to GPS tracking will solve given the above.
Anyway, if @smitopher solution works out - perfect! Best of luck!
Yes, in certain circumstances that might be true. Just a short “real world scenario” to clarify this: If someone goes to bed and turns on the Airplane mode I cannot determine if he/she left the house or just disabled WIFI. For sure I could create additional conditions like “if it’s past 9pm and a device loses WIFI connection, then it’s okay and the person might be still within the house” but that’s not that intuitive and reliable. If someone truly leaves the house it’s very unlikely that they have enabled Airplane mode and therefore, I will get the GPS position anyway.
So yes… pretty complicated topic for me
Ultimately this is a case where you can’t have your cake and eat it too.
If you are not connected to your LAN you have four options to get any data back to your openHAB instance.
Use a cloud service
Open a port on your firewall
VPN
Provide some third party device that updates OH for you (i.e. @smitopher’s approach, though I’m not entirely certain that approach is completely cloudless)
That’s it. That’s all that’s possible. For various reasons you’ve eliminated each of these as an option so ultimately the answer is you can’t do it. You will have to bend one of your requirements. There has to be a path between your openHAB instance and anywhere on the big wide internet.
Option 1 gives both the phone and the OH server a common internet accessible place to establish that path. Option 2 creates a direct path between your OH instance and the internet. Option 3 securely connects your remote devices to your LAN. Option 4 requires a separate device to “detect” when a device is present or not.
Avoid option 2. Option 4 will have the same “Airplan mode” problem you are worried about. All it really does is outsource the job that the Network binding would normally be doing.
Yes, that’s totally true. It would be great if myopenhab.org could redirect the phone’s GPS data from cloud to my local instance without acting as reverse proxy (and therefore, exposing my complete openHAB instance). But as long as this isn’t a valid option, I’ve to make a compromise.
My ultimate goal isn’t avoiding a cloud solution at any cost, but instead to keep the cloud surface as small as possible.
Maybe it’s a little bit groundless by having concerns about using myopenhab.org, but that’s one of the reasons I love openHAB - the ability to have a great smarthome engine installed and controlled on my local hardware.
Well, GSP Tracker actually uses that reverse proxy capability to talk to the binding in the first place. It’s all REST API calls through that reverse proxy. So if you cut that off you’d cut off the GPS too.
But you can turn off the implicit user role. That means that only someone with an account on your openHAB instance can access any of your OH REST API endpoints. When it’s enabled, all that someone without an account (or an account with a user role) can access is the Items REST API endpoint. They can’t get to Things, Rules, or the like. Only admin users can do that.
