Add support for ingress

[felipecrs]

Perhaps we may need to set ingress_stream: true.

https://developers.home-assistant.io/blog/2021/08/24/supervisor_update/#streaming-ingress

But I have no clue. Also, we may need to start a NGINX server inside the container as well,
as mentioned in https://developers.home-assistant.io/docs/add-ons/presentation#basic-ingress-example-with-nginx.

What matters is that it's 100% possible to make this work :)

[felipecrs]

@TECH7Fox I just can't test it right now... after upgrading the integration, it stopped working for me.

Anyway, changes to the sipjs-card would also be needed. This would be the format of the URL now:

wss://<ha-external-hostname>/b35499aa-asterisk/ws

And I would suggest to make it the default, so that users of the add-on would not need to set host or port at all.

[pergolafabio]

This is great! Can it also be used for other ports? Like registering for softphones with 5060?

And what about RTP?

[pergolafabio]

It also means I can input my nabucasa URL? But what about the SSL mapping then , isn't that giving a conflict? They still point to a duckdns one

[TECH7Fox]

So you don't need to forward wss port right? Don't know if this will work because Asterisk requires tls. But isn't Ingress only used for http/https? Sure it will work with wss?

[felipecrs]

This is great! Can it also be used for other ports? Like registering for softphones with 5060? And what about RTP?

Not really, it only works for WebSockets.

It also means I can input my nabucasa URL? But what about the SSL mapping then , isn't that giving a conflict? They still point to a duckdns one

Yes! Forget about SSL mapping. Once we implement it, all you need will be to point your sipjs-card to wss://<your-nabu-casa>/b35499aa-asterisk/ws.

So you don't need to forward wss port right? Don't know if this will work because Asterisk requires tls. But isn't Ingress only used for http/https?

Yes! And TLS will still be there, but it will be encrypted by something else (the reverse proxy).

Sure it will work with wss?

[felipecrs]

My only doubt is regarding authorization. It will redirect to HA's login page in case it's not authorized yet, which the sipjs-card would of course not handle. However, as it will be calling this address from within the browser page which will be already authorized, I think it will work.

[felipecrs]

@TECH7Fox perhaps if inject the HA authentication header?

[TECH7Fox]

What do you mean?

[felipecrs]

This: https://developers.home-assistant.io/docs/auth_api/#making-authenticated-requests

Authentication with HA API is done with this header. If there is a way to make SIP.js use it...

[TECH7Fox]

Ah, thanks.

Seems to be using GET right? So could we set that in the url itself? Because SIP.js doesn't have a option to include headers like that.

Something like wss://<your-nabu-casa>:433/b35499aa-asterisk/ws?Authorization=Bearer ABCDEFGH?

[felipecrs]

I don't think it's possible to include it in the URL..

[felipecrs]

I found this: https://developers.home-assistant.io/docs/api/supervisor/endpoints/#ingress

Perhaps the sip-card can somehow authenticate itself first?

[TECH7Fox]

that could work, then we just fetch before connecting sip.js.

[felipecrs]

Here are the details on how this should be implemented.

dermotduffy/frigate-hass-card#331 (comment)

Spoiler: work will be required in the integration.

[felipecrs]

It should be good to go from the addon perspective. But it does not mean that it will work :)