[GH-ISSUE #281] [Feature] Reverse agent connection #4793

New Issue

Open

opened 2026-04-21 23:49:44 -05:00 by GiteaMirror · 6 comments

GiteaMirror commented 2026-04-21 23:49:44 -05:00

Owner

Copy Link

Originally created by @AndreKR on GitHub (Jan 29, 2025).
Original GitHub issue: https://github.com/moghtech/komodo/issues/281

Currently the periphery agent needs to be reachable and have valid TLS certificates so that the server can connect to the agent.

If the agent could connect to the server instead, Komodo would be able to manage devices that do not provide a web server (or any server at all).

It would also simplify certificate management because only the server would need to have valid TLS certificates, not every agent.

This is related to #123 and #147.

Originally created by @AndreKR on GitHub (Jan 29, 2025). Original GitHub issue: https://github.com/moghtech/komodo/issues/281 Currently the periphery agent needs to be reachable and have valid TLS certificates so that the server can connect to the agent. If the agent could connect to the server instead, Komodo would be able to manage devices that do not provide a web server (or any server at all). It would also simplify certificate management because only the server would need to have valid TLS certificates, not every agent. This is related to #123 and #147.

GiteaMirror added the seen 👀 label 2026-04-21 23:49:44 -05:00

GiteaMirror commented 2026-04-21 23:49:46 -05:00

Author

Owner

Copy Link

@mbecker20 commented on GitHub (Jan 29, 2025):

Yes I have considered this and agree, I was planning this for Komodo v2 (it would definitely be breaking change for existing users). The idea is the Periphery agent is given a Core endpoint and an identity token generated by Core unique to each server. Then they will persist outbound websocket connection to Core to achieve duplex communication.

<!-- gh-comment-id:2622537584 --> @mbecker20 commented on GitHub (Jan 29, 2025): Yes I have considered this and agree, I was planning this for Komodo v2 (it would definitely be breaking change for existing users). The idea is the Periphery agent is given a Core endpoint and an identity token generated by Core unique to each server. Then they will persist outbound websocket connection to Core to achieve duplex communication.

GiteaMirror commented 2026-04-21 23:49:47 -05:00

Author

Owner

Copy Link

@freedbygrace commented on GitHub (Feb 26, 2025):

There is also a protocol called NATS that could help with this.

https://youtu.be/hjXIUPZ7ArM

<!-- gh-comment-id:2685374236 --> @freedbygrace commented on GitHub (Feb 26, 2025): There is also a protocol called NATS that could help with this. https://youtu.be/hjXIUPZ7ArM

GiteaMirror commented 2026-04-21 23:49:47 -05:00

Author

Owner

Copy Link

@mbecker20 commented on GitHub (Oct 6, 2025):

It is coming https://github.com/moghtech/komodo/pull/889

But the change is not breaking for existing users.

<!-- gh-comment-id:3370193087 --> @mbecker20 commented on GitHub (Oct 6, 2025): It is coming https://github.com/moghtech/komodo/pull/889 But the change is not breaking for existing users.

GiteaMirror commented 2026-04-21 23:49:48 -05:00

Author

Owner

Copy Link

@Mannshoch commented on GitHub (Nov 12, 2025):

Yes I have considered this and agree, I was planning this for Komodo v2 (it would definitely be breaking change for existing users). The idea is the Periphery agent is given a Core endpoint and an identity token generated by Core unique to each server. Then they will persist outbound websocket connection to Core to achieve duplex communication.

I like this idea. But I would propose to use this token only on the first connection. After that both should create their own unique token (or a certificate) for future connection.

That way Komodo is able to detect if the agent is fresh setup or - if the token refresh permanently - even if it was restored from a backup and could notify about that.

<!-- gh-comment-id:3521576157 --> @Mannshoch commented on GitHub (Nov 12, 2025): > Yes I have considered this and agree, I was planning this for Komodo v2 (it would definitely be breaking change for existing users). The idea is the Periphery agent is given a Core endpoint and an identity token generated by Core unique to each server. Then they will persist outbound websocket connection to Core to achieve duplex communication. I like this idea. But I would propose to use this token only on the first connection. After that both should create their own unique token (or a certificate) for future connection. That way Komodo is able to detect if the agent is fresh setup or - if the token refresh permanently - even if it was restored from a backup and could notify about that.

GiteaMirror commented 2026-04-21 23:49:49 -05:00

Author

Owner

Copy Link

@AndreKR commented on GitHub (Nov 12, 2025):

I think that is exactly how it is working. Have you tried v2.0? ghcr.io/moghtech/komodo-core:2-dev

<!-- gh-comment-id:3521609061 --> @AndreKR commented on GitHub (Nov 12, 2025): I think that is exactly how it is working. Have you tried v2.0? `ghcr.io/moghtech/komodo-core:2-dev`

GiteaMirror commented 2026-04-21 23:49:49 -05:00

Author

Owner

Copy Link

@Mannshoch commented on GitHub (Nov 12, 2025):

No, I simply passed by while searching for some answers about komodo and this was one of my Question.

<!-- gh-comment-id:3521850349 --> @Mannshoch commented on GitHub (Nov 12, 2025): No, I simply passed by while searching for some answers about komodo and this was one of my Question.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

gh-pages-docs

legacy-v1-frontend

copilot/secure-local-authentication

v0

legacy

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.0

v2.0.0-dev-124

v2.0.0-dev-123

v2.0.0-dev-120

v2.0.0-dev-118

v2.0.0-dev-114

v2.0.0-dev-112

v2.0.0-dev-111

v2.0.0-dev-102

v2.0.0-dev-98

v2.0.0-dev-90

v2.0.0-dev-86

v2.0.0-dev-72

v2.0.0-dev-59

v2.0.0-dev-53

v2.0.0-dev-50

v2.0.0-dev-36

v1.19.5

v2.0.0-dev-35

v1.19.4

v1.19.3

v1.19.2

v1.19.1

v1.19.1-dev-14

v1.19.0

v1.19.0-dev-9

v1.18.4

1.18.5-dev-5

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.5

v1.17.4

v1.17.3

v1.17.4-dev-1

v1.17.2

v1.17.2-dev-1

v1.17.1

v1.17.0

v1.17.0-dev-7

v1.17.0-dev-4

v1.17.0-dev-3

v1.17.0-dev-5

v1.17.0-dev-6

v1.17.0-dev-2

v1.17.0-dev-1

v1.16.12

v1.16.11

v1.16.10

v1.16.9

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.12

v1.15.11

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.14.0-rc1

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.0

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.3

v1.7.0

v1.6.0

v1.5.0

v1.4.0

v1.2.0

v1.1.0

v1.0.0

v0.3.4

v0.3.3

v0.3.2

v0.3.0

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.1

v0.2.0

v0.1.17

v0.1.16

v0.1.15

v0.1.11

v0.1.10

v0.1.9

Labels

Clear labels

1.19.0

1.19.1

1.19.2

1.19.3

1.19.4

2.0.0

bug

documentation

done

enhancement

help wanted

info

pull-request

Mirrored from GitHub Pull Request

question

security

seen 👀

setup

thinking 🤔

ui

v2

No Label seen 👀

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/komodo#4793