For a number of services, I need a system/service which can receive web hooks, and act when such a trigger is received.
Just a few examples:
- GitHub can send web hooks when something changes in a repo (in any repository you administer, go to
Webhooks, and add your own hook)
- Tasker for Android can send HTTP(s) requests
- JIRA can send web hooks when certain events occur
- openHAB can send messages to other services
Now it would be useful to have your own receiver for web hooks, and run any task you want. There are a number of tools out there, which can solve this problem. I settled with webhook. In addition, I deploy everything using Ansible, therefore I had to write a bit of code in order to automate this process.
Let’s start with installing webhook:
Let’s Encrypt requires that certificate renewal happens on port 80 (if you are using the HTTP-01 challenge mechanism). Doing the certificate renewal is beyond this blog post, there are several possible methods. Let’s just assume there is another service running which renews the certificate every once in a while, and
webhook has access to the certificate and can use it.
By default, webhook will not use encryption. But of course we want that. Encryption can be enabled using the
-secure option, and providing the certificate (
-cert option) and the key (
-key option). Let’s update everything in the systemd service file:
It also needs a
webhook.conf, with the actual configuration of what you want to listen to:
The next part is a bit more tricky: although the above systemd service file specifies the
-hotreload option, this only applies to changes in the
webhooks.conf. webhook will not recognize when the certificate is renewed, and needs to be restarted for that. I’m using another systemd service for that - and because of the way systemd handles that, you need two files: the service file, and a file for the timer. Wasn’t it easy when you just created a single line in a cron job?
[Unit] Description=restart webhook [Service] Type=oneshot ExecStart=/bin/systemctl restart webhook TimeoutStopSec=900 KillMode=process
[Timer] OnCalendar=*-*-* 3:00:00 Persistent=true [Install] WantedBy=timers.target
Upload everything to the server:
Enable and start the service and the timer:
And if something has changed, systemd must be reloaded, and webhook must be restarted:
That’s it. The webhook service is now up and running on port
6500. webhook itself does not do any host verification. It will just listen to any hostname which points to this server.