SUGGESTION: Disable host network
Closed this issue · 3 comments
Hey @AlexxIT
I've just set-up the addon as a workaround to an issue with Bambu's X1C printer; however, I am wondering if there's a specific need for the add-on to use host networking.
Currently, all go2rtc ports are available on the IP of my Home Assistant instance with insecure access over the network.
Not only that, when adding an RTSP camera integration, you have to specify the host name/IP of the host HA runs on.
If host networking was disabled, one could then utilize the addon_a889bffc_go2rtc:8554 hostname to connect internally to the docker container's IP address (eliminating the dependency on the hostname/IP) and optionally, expose the ports to outside the host if needed (which in my case wouldn't be, especially that the web UI is supported by HA ingress).
I think this approach would be more secure without breaking any functionality (unless broadcasts are needed) - perhaps a separate addon could be made available?
Thanks
This will break a lot of functionality. Half of protocols and features can't work without network host
That said, if for example you don't need the features that rely on host network (like devices discovery for ONVIF, or perhaps WebRTC over UDP port ranges, maybe Homekit discovery... not sure), go2rtc should work without host network.
For example, Frigate bundles go2rtc without using host network.
One thing to note when not using host network is to have the following in your config:
webrtc:
candidates:
- 192.168.1.10:8555 # your server IP
- stun:8555I just recommend you don't report issues that could be caused by not using host network, as @AlexxIT doesn't recommend nor endorse it.
Thanks @felipecrs
I moved my go2rtc config to Frigate, allowing me to set the go2rtc listen address to localhost for the API and RTSP stream ports and it works fine so far.
Depending on the use case - I might need to enable RTSP port but I'll password protect the streams.
Thanks anyway, I'll close it.