Tools for interacting with the Enphase Envoy.


Envoy intercepting proxy

This tool is designed to intercept the data posted by the Enphase Envoy to the Enphase servers. It writes data to a local spool directory and then sends it on to the Enphase servers.


The proxy web application requires a recent version of the bottle web framework.



We will use stunnel to intercept the accept the https connection and proxy it to our web application, which expects plain http. You will need the following stunnel configuration:

accept = 4430
cert = /etc/pki/tls/certs/localhost.crt
connect =


You will need to set up an iptables REDIRECT rule in order to intercept the outbound connections:

iptables -t nat -A PREROUTING -s <your_envoy_address> \
  -p tcp --dport 443 -j REDIRECT --to-ports 4430

This will accept packets from your Envoy to port 443 and redirect them to port 4430.