Because Domoticz is not natively accessible from outside your LAN, we need to install a so-called proxy to enable secure access to your instance from the Amazon cloud.
Our easy-setup procedure deploys a proxy called ngrok to open up a persistent tunnel resulting in a password-protected URL like https://a81e-77-248-62-27.eu.ngrok.io for your Domoticz instance.
Since initializing the tunnel is an outward process originating in your LAN, there's no need to open any ports in your router — ngrok also takes care of a valid certificate for SSL.
Alexa ↔ [443/https] ↔ proxy ↔ [8080/http] ↔ Domoticz
The skill communicates with your proxy and it is the proxy (perched on the LAN side of your firewall on your local network at home) that actually interacts with Domoticz.
With this approach, cloud control is password-protected while local control within your LAN remains completely unrestricted.
If you are on a recent version of Domoticz (after approx. mid 2022) then you will need to take a few extra steps to enable remote access for Alexa:
To subsequently authenticate you towards ngrok, you should make a note of your personal authtoken which resides at https://dashboard.ngrok.com/auth/your-authtoken. It will look something like 4nq9771bPxe8ctg7LKr_2ClH7Y15Zqe4bWLWF9p.
Please ignore any download/setup instructions at the ngrok website as they are geared towards setting up access to a web-server on 80 rather than a home automation server on 8080. Our installer will automatically download ngrok for you and configure it for Domoticz.
 The easy-setup installer ensures that the skill is updated with the changed tunnel URL whenever you restart ngrok or reboot your machine.
You must provide the following 6 pieces of information:
When all the entries are completed, press the large blue Download Script button and the script file will be saved by your browser.
Your browser may warn that files sourced from the internet are potentially harmful — it does this based on the .sh or .ps1 file extension, not the actual contents. Some browsers or virus-scanners may even change the extension of the saved file to .txt to render it 'harmless'. If that happens you will need to manually rename with the correct extension before running it.
Follow the appropriate instructions below for the OS under which ngrok will run:
Applies to any Debian-based distro which supports systemd services and bash scripting. Examples include Raspberry Pi OS, Ubuntu and Debian.
If your target machine is a pi there's one more important step to ensure the OS waits for the network to come up at boot time. Issue the command sudo raspi-config. Choose System Options and then S6 Network at Boot and choose <Yes>.
If something does not work and you are wondering if your fetched ngrok binary is the correct version for your architecture, type which ngrok and then use the file command on the result, e.g. file /usr/local/bin/ngrok. The output will include something like ELF 64-bit LSB executable, x86-64 or ELF 64-bit LSB executable, ARM aarch64.
Installs ngrok to /usr/local/bin/ngrok and creates a service file /etc/systemd/system/ngrok.service to run ngrok as a daemon at boot. It also builds a file called ~/.ngrok2/ngrok.yml with your configuration. Finally, it creates the ~/ngrok_updater.sh auto-updater file that refreshes your tunnel details when you reboot.
Place the downloaded ecsetup.sh script in your normal Downloadsfolder.
Installs ngrok to /usr/local/bin/ngrok and creates a launchd file /Library/LaunchDaemons/com.ngrok.onstartup.plist to run ngrok as a daemon at boot. It also builds a file called /usr/local/bin/.ngrok2/ngrok.yml with your configuration. Finally, it creates the /usr/local/bin/ngrok_updater.sh auto-updater file that refreshes your tunnel details when you reboot.
Windows 10 / 11
Installs ngrok to c:\ngrok and creates a config file called c:\ngrok\ngrok_config.yml. In the same directory, you'll see ngrok_autostart.ps1 and a wrapper ngrok_autostart.cmd. A shortcut to ngrok_autostart.cmd is added to Windows' startup apps folder.
 If the target system is headless, use ssh or scp via e.g. filezilla, winscp or putty to transfer the script file across.