From 612bd9960c245cd0ee3e3ec5b4d672c98f2afff3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lepin?= <Palakis@users.noreply.github.com>
Date: Thu, 4 Jun 2020 10:14:58 +0200
Subject: [PATCH] readme: add TLS tunneling section

---
 README.md | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/README.md b/README.md
index 1c210f96..9fd2bb4a 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,50 @@ A web client and frontend made by [t2t2](https://github.com/t2t2/obs-tablet-remo
 
 It is **highly recommended** to protect obs-websocket with a password against unauthorized control. To do this, open the "Websocket server settings" dialog under OBS' "Tools" menu. In the settings dialogs, you can enable or disable authentication and set a password for it.
 
+### Connecting over a TLS/secure connection (or remotely)
+
+**Before doing this, secure the WebSockets server first by enabling authentication with a strong password!**
+
+If you want to expose the WebSockets server of obs-websocket over a secure TLS connection (or to connect remotely), the easiest approach is to use a localhost tunneling service like [ngrok](https://ngrok.com/) or [pagekite](https://pagekite.net/). 
+
+**Please bear in mind that doing this will expose your OBS instance to the open Internet and the security risks it implies. You've been warned!**
+
+#### ngrok
+
+[Install the ngrok CLI tool](https://ngrok.com/download), then start ngrok bound to port 4444 like this:
+
+```bash
+ngrok http 4444
+```
+
+The ngrok command will output something like this:
+
+```
+ngrok by @inconshreveable
+
+Tunnel Status                 online
+Version                       2.0/2.0
+Web Interface                 http://127.0.0.1:4040
+Forwarding                    http://TUNNEL_ID.ngrok.io -> localhost:4444
+Forwarding                    https://TUNNEL_ID.ngrok.io -> localhost:4444
+```
+
+Where `TUNNEL_ID` is, as the name implies, the unique name of your ngrok tunnel. You'll get a new one every time you start ngrok.
+
+Then, use `wss://TUNNEL_ID.ngrok.io` to connect to obs-websocket over TLS.
+
+See the [ngrok documentation](https://ngrok.com/docs) for more tunneling options and settings. 
+
+#### PageKite
+
+[Install the PageKite CLI tool](http://pagekite.net/downloads), then start PageKite bound to port 4444 like this (replace NAME with one of your choosing):
+
+```bash
+$ python pagekite.py 4444 NAME.pagekite.me
+```
+
+Then, use `wss://NAME.pagekite.me` to connect to obs-websocket over TLS.
+
 ### Possible use cases
 
 - Remote control OBS from a phone or tablet on the same local network