Remote Trigger Question

Hi

I would like to use Remote Trigger but my computer is behind a firewall.

What is thé port use by keyboard maestro to communicate with the remote server ?

Thanks

The "Remote Trigger" trigger does not use a "remote server". The remote device is typically a web browser, (not a server) and your own Mac is the "server." The remote web browser can use any port that you permit on your Mac. You can choose the port number in the Keyboard Maestro Preference / Web Server pane.

image1036×698 111 KB

So you get to choose what port, in the above setup window. What ports does your firewall permit to initiate traffic from remote computers into your computer? You may want to ask your admin. Anything that your firewall allows can be used in the port field above. If your firewall blocks all incoming traffic, I don't think there's anything you can do.

P.S. I'm not an expert at firewall issues, but I did run a firewall in my days.

I don’t speak about web server but thé remote trigger that looks like :

https://trigger.keyboardmaestro.com/t//?TriggerValue

The trigger works when I’m not behind firewall but not behind it.

I don’t find information about the communication between the app and the server

I believe the "Remote" trigger initiates then maintains an outgoing connection, so a firewall should only be a problem if it is blocking outgoing traffic. Even then I think the connection is initiated over standard web ports.

So try it and see. If it is getting blocked you be able to check the firewall's logs for yourself and see what to allow. If the logs are controlled by someone else (perhaps it's a work firewall) then chat with them before doing anything -- trying to subvert IT's security settings is never a good idea

Okay, according to the documentation that form is called "the URL form of the Remote Trigger" not the "Remote Trigger."

https://wiki.keyboardmaestro.com/trigger/Remote

Nonetheless, as I said, you still get to choose the port. The remote web browser has a default port for all web requests, usually port 80. But the user can override that. And you can choose any port for your Mac's KM web server, which as you can see in the image above, defaults to 4490. The port numbers are up to you and your remote web client. This gives you the opportunity to use whatever ports your firewall allows. You need to ask your firewall admin what the port rules are. That's usually not a secret. I would ask them for both incoming and outgoing rules for your Mac.

I learn something from you every day. I didn't know that. But that makes a lot of sense. It would also mean, apart from dealing with the incoming traffic issue, that the user doesn't need a public facing IP address for his Mac. Makes a lot of sense.

Virtually all firewalls allow users to use outgoing port 80 for web traffic. If what you are saying is true about KM on each Mac initiating and maintaining an outgoing connection to "keyboardmaestro.com" then (I think) there's no way for anyone to block users from using KM's URL form of Remote Triggers if they just redefine the web server to port 80 in the window that I showed above. Correct me if I'm wrong.

I don't know if you are hitting a bad cached version or hitting a bum re-direct, but the trigger is definitely "the Remote trigger". From the page you linked to:

image1438×262 27.2 KB

...and there's no way to set a port.

@Hydro -- Peter is probably using port 443, maybe 80, as is usual for web APIs -- mainly because it avoids any problems with most firewalls. I'll try and check later, but you should check your own firewall logs.

Edit to add:
Yep, just remoted into work and set up a logging session against my machine there and:

image784×660 23.2 KB

...and if you reverse lookup that IP you'll see it's trigger.keyboardmaestro.com

So port 443 (HTTPS) indeed.

End edit

What's more likely is that the firewall -- or, if your "no firewall" is a different location to your "with firewall", some other piece of network equipment -- isn't maintaining the "long poll" connection. Some firewalls and routers can be rather aggressive at killing connections they think are no longer in use. See this thread for more.

If you have an active macro with the Remote trigger, then Keyboard Maestro connects to the remote trigger server (trigger.keyboardmaestro.com) via https and performs a long poll connection.

If you attempt to trigger that with a URL to that server, the browser will connect to the https port on the server and make the request, which the server will pass on the to Keyboard Maestro Engine with a response on the long poll connection.

If you use the Remote Trigger action, then Keyboard Maestro Engine will be the “browser” in the above case, and will make an https connection to the Keyboard Maestro trigger server with the same information.

Firewalls will generally not block outgoing https requests unless they are extremely strict. Apps like Little Snitch may block the request as well.

Since both you and Peter (two people I hold in extreme esteem) have both responded to this thread, I won't dare attempt to pursue my thoughts. The words from the two of you are more authoritative than anything I could say (on any subject.)

Thank you all for yours answers.

Each time I tried to access to the remote url, I see « 0 ».

I did some tests remotely on my Mac :

• I can access to the remote url so my work’s firewall don’t block the connection.
• The person who manage the firewall tell me that there’s no connection timeout.
• I use Lulu as software firewall on my Mac so I tried to disable it but no more luck.

I used information from the other post to see log and the result :

What’s weird is that when I quit the engine and relaunch it, I still see « 0 ».

Thanks for your help.

That's worrying. The next message on my test setup is

2024-11-16 16:54:17 RemoteTriggerMonitor got message: GOOD

...which I'm not seeing on yours. That yours then has another couple of goes at registering the trigger then, 5 minutes later, closes and reopens RemoteTriggerMonitor makes me think it is failing then resetting and having another go.

(I have no idea what the "Old Engine details..." lines are about, but they're certainly worth investigating even if not related.)

It sounds like you have made a macro to run by Remote trigger that syncs to both your home and work Macs. What I'd do next is:

1. Make a really simple Remote triggered macro, just a "Display text" action will do, and copy the trigger URL
2. Make another (synced) macro with just a "Get URL" action, populating the "Get URL" field with the just-copied trigger URL, leaving the parameter blank, and set to display the result in a window
3. Run the macro from step 2 on the home Mac, note the returned result, then copy the relevant lines from the Engine log
4. Do the same but on the work Mac
5. Compare the results and logs

That will also give your firewall manager something to go on.

You could also look at other ways of triggering macros remotely. One good method is to use Folder triggers aimed at a cloud service such as Dropbox, One Drive or Google Drive -- you can write a file to that, even target multiple macros by writing names/parameters to the file and using a single "watcher" macro to execute the appropriate target.

I would like to do that but I only have a Mac mini at work and I try from home with my window computer.

The purpose of my macro is to launch a shortcut that move my desk from my phone because it’s my computer that is connect to my desk with Bluetooth.

So when you say

...which device is/is not behind the firewall? Can you sweet-talk the firewall manager into giving you an exemption just long enough to collect some logs of this working so they can see what is, and isn't, happening? (Hint: We generally respond well to interesting problems and snack-based bribery )

Other ways of triggering a macro on your Mini from your phone will depend on the situation at work. Are your phone and Mini on the same network? Do they share an iCloud account? Are you allowed to turn on "Remote login" or "Remote scripting" on your Mini? Are SecOps going to freak out about you running the KM web server -- if not, can you use that?

About some more information :

• my Mac mini is at work, behind a firewall.
• My iPhone are on a different network.
• I have the same iCloud account on both.

The firewall manager is a friend
But he doesn’t want to open a port to outside word for security purpose.

That’s why I try to use remote trigger but I don’t understand what’s block the connection.

They don't have to open an incoming port -- the KM Engine on your Mini makes an outgoing connection in the normal way, then tries to maintain that connection. If your Mini can hit https://trigger.keyboardmaestro.com and see the web page, then it's maintaining the connection that's the problem. And that's normally down to the firewall or another piece of networking kit somewhere between the Mini and the server dropping the connection.

This all assumes your trigger is properly set up, of course -- but you said you had it working without the firewall.

If your iPhone is on your work WiFi they might be happy to allow web traffic from the WiFi to the wired network -- that would allow you to use the KM web server. That's more likely to happen than them allowing ssh

But since you've the same iCloud account on both devices, a Folder trigger may be the easiest solution. Create a Shortcut on your phone that writes a new text file into a particular folder in your iCloud Drive, have a trigger on your KM macro that fires when the file is created (and deletes the file when it runs). You could even write certain text to the file -- "Up", "Down", numbers corresponding to presets -- then read that in with your macro and have it act accordingly.

Hi

Thank all these information. I will try to see with my friend.

I tried the iCloud sync, it works great thanks !
I see a 3seconds delay, I guess it’s come from the iCloud sync.

Is there a delay with remote trigger or it’s instant ?

It's generally quick, although you're at the mercy of the internet -- and, occasionally, the trigger does not happen at all.