The Windows ZVM is largely deprecated in favor of the ZVMA on Kubernetes, so the older recipe and its companion sender script are gone. The ZVMA recipe is promoted to canonical and its header no longer references the deleted recipe. - delete docs/recipes/zerto-pre-post-scripts.md (Windows-ZVM-only) - delete scripts/examples/zerto-post-failover.ps1 (curl.exe sender) - promote ZVMA recipe in README, docs/README, installation, sync-wiki If anyone still needs the DNS-update / service-check handler from the deleted recipe it's available in git history (commit before this one). Happy to re-resurrect into a generic post-failover recipe if folks ask.
5.4 KiB
Webhook Server
A Windows-native webhook server that runs PowerShell, cmd / .bat, or any executable in response to incoming HTTP requests. Endpoints are configured in a desktop GUI; the actual server runs as a Windows Service so it survives reboots and works without anyone logged in.
Designed for sysadmins who want to wire up tools like Zerto pre/post scripts, GitHub webhooks, monitoring alerts, or backup jobs to Windows-side automation — without writing a custom listener every time.
Quickstart
- Download the latest installer: https://github.com/recklessop/webhook-server/releases/latest
- Run it. UAC accept → next, next, finish. Adds a Start Menu entry, registers and starts the Windows Service. The installer also downloads + installs the .NET 8 runtimes (ASP.NET Core + Desktop) if they're missing — fresh Windows Server installs need this.
- Open Webhook Server from the Start Menu (auto-elevates).
- File → New endpoint, configure a slug + script, save, hit the URL.
Full first-time walkthrough: docs/installation.md
Highlights
- Many endpoints, one service. Each webhook is a configured URL slug mapped to a script or command.
- Per-endpoint auth — HMAC signature (GitHub / Stripe / Slack style), bearer token, or none.
- Per-endpoint IP allowlist. Restrict by IP or CIDR. Empty list = open. Checked before auth so blocked IPs get a fast 403.
- Per-endpoint Run As — run the hook as the service account (default), the user logged in at the keyboard (for UI hooks), or a named domain/local user via password.
- Flexible execution. Windows PowerShell 5.1, PowerShell 7+, cmd /
.bat, or any.exe. - Flexible input — any combination of: JSON body to stdin, query / headers as env vars,
{{body.foo.bar}}template expansion into argv. - Sync or async per endpoint. Sync returns exit code + stdout / stderr to the caller; async returns 202 immediately.
- Outbound callbacks. Optional per-endpoint URL the service POSTs run results to after the script finishes. HMAC-signed, retry-with-backoff. Required for async callers who want to know what happened.
- Configurable network — bind to specific NICs, set the URL host shown in the GUI, configure trusted reverse proxies.
- HTTPS optional. Bind a
.pfxor cert-store thumbprint from the GUI. - Secrets at rest — bearer tokens, HMAC keys, RunAs passwords, and PFX passwords are DPAPI-encrypted (LocalMachine scope) in
config.json. - Auto-snapshots. Every config save writes a Config Checkpoint; restore to any point with one click. Last 30 retained.
Architecture
+------------------+ named pipe +-------------------------------+
| GUI (WPF) | <-------------> | Windows Service |
| add / edit / | SYSTEM+admin | - Kestrel: hook listener |
| view logs | ACL'd | - Admin pipe server |
+------------------+ | - Executor (process runner) |
| - Callback dispatcher |
| - Serilog file logging |
+-------------------------------+
|
C:\ProgramData\WebhookServer\
- config.json (DPAPI-encrypted)
- backups\ (auto-snapshots)
- logs\ (daily rolling)
Documentation
Everything you need to operate the server:
- Concepts — what a webhook is and how this server uses one
- Installation — interactive and silent install
- Upgrading — single click; what's preserved
- Uninstalling — clean removal
- Run As modes — Service / InteractiveUser / SpecificUser
- Service account & Active Directory — gMSA + delegated rights
- Network & security — bind addresses, allowlists, HTTPS, secrets
- Troubleshooting — common errors and where to look
Recipes:
- Zerto ZVMA (Kubernetes) pre/post → notify + VM health check ← canonical use case
- GitHub-style HMAC-signed webhook
- Pop UI on the user's desktop
The Zerto ZVMA recipe ships ready-to-drop-in scripts: scripts/examples/zerto-zvma-send.ps1 (sender, runs inside the ZVMA scripts-service container) plus zerto-receiver-notify.ps1 and zerto-receiver-vm-healthcheck.ps1 (receivers, run on the Webhook Server host).
Requirements
- Windows 10 / 11 / Server 2019+
- x64
- .NET 8 SDK to build (the released installer includes everything else)
Building from source
git clone https://github.com/recklessop/webhook-server.git
cd webhook-server
# Dev install (publishes + copies to C:\Program Files\WebhookServer + registers service)
powershell -ExecutionPolicy Bypass -File scripts\deploy.ps1
# Or build the installer locally (requires Inno Setup 6: winget install JRSoftware.InnoSetup)
powershell -ExecutionPolicy Bypass -File scripts\build-installer.ps1
License
TBD.