v0.1.4
Release (Gitea) / build-installer (push) Failing after 26s
* Fix Rollback NRE: capture filename before refreshing the checkpoint list The actual restore on the service was succeeding but the GUI showed "Rollback failed: Object reference not set to an instance of an object." because RefreshAsync clears the ObservableCollection, the SelectedItem binding goes null when its source item disappears, and the next line dereferenced Selected!.FileName. Cache the filename and timestamp before any await so the post-refresh status update doesn't depend on Selected still being non-null. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * v0.1.4 --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Webhook Server
A Windows-native webhook server that runs PowerShell, cmd / .bat, or any executable in response to incoming HTTP requests. Endpoints are configured in a desktop GUI; the actual server runs as a Windows Service so it survives reboots and works without anyone logged in.
Designed for sysadmins who want to wire up tools like Zerto pre/post scripts, GitHub webhooks, monitoring alerts, or backup jobs to Windows-side automation — without writing a custom listener every time.
Quickstart
- Download the latest installer: https://github.com/recklessop/webhook-server/releases/latest
- Run it. UAC accept → next, next, finish. Adds a Start Menu entry, registers and starts the Windows Service.
- Open Webhook Server from the Start Menu (auto-elevates).
- File → New endpoint, configure a slug + script, save, hit the URL.
Full first-time walkthrough: docs/installation.md
Highlights
- Many endpoints, one service. Each webhook is a configured URL slug mapped to a script or command.
- Per-endpoint auth — HMAC signature (GitHub / Stripe / Slack style), bearer token, or none.
- Per-endpoint IP allowlist. Restrict by IP or CIDR. Empty list = open. Checked before auth so blocked IPs get a fast 403.
- Per-endpoint Run As — run the hook as the service account (default), the user logged in at the keyboard (for UI hooks), or a named domain/local user via password.
- Flexible execution. Windows PowerShell 5.1, PowerShell 7+, cmd /
.bat, or any.exe. - Flexible input — any combination of: JSON body to stdin, query / headers as env vars,
{{body.foo.bar}}template expansion into argv. - Sync or async per endpoint. Sync returns exit code + stdout / stderr to the caller; async returns 202 immediately.
- Outbound callbacks. Optional per-endpoint URL the service POSTs run results to after the script finishes. HMAC-signed, retry-with-backoff. Required for async callers who want to know what happened.
- Configurable network — bind to specific NICs, set the URL host shown in the GUI, configure trusted reverse proxies.
- HTTPS optional. Bind a
.pfxor cert-store thumbprint from the GUI. - Secrets at rest — bearer tokens, HMAC keys, RunAs passwords, and PFX passwords are DPAPI-encrypted (LocalMachine scope) in
config.json. - Auto-snapshots. Every config save writes a Config Checkpoint; restore to any point with one click. Last 30 retained.
Architecture
+------------------+ named pipe +-------------------------------+
| GUI (WPF) | <-------------> | Windows Service |
| add / edit / | SYSTEM+admin | - Kestrel: hook listener |
| view logs | ACL'd | - Admin pipe server |
+------------------+ | - Executor (process runner) |
| - Callback dispatcher |
| - Serilog file logging |
+-------------------------------+
|
C:\ProgramData\WebhookServer\
- config.json (DPAPI-encrypted)
- backups\ (auto-snapshots)
- logs\ (daily rolling)
Documentation
Everything you need to operate the server:
- Concepts — what a webhook is and how this server uses one
- Installation — interactive and silent install
- Upgrading — single click; what's preserved
- Uninstalling — clean removal
- Run As modes — Service / InteractiveUser / SpecificUser
- Service account & Active Directory — gMSA + delegated rights
- Network & security — bind addresses, allowlists, HTTPS, secrets
- Troubleshooting — common errors and where to look
Recipes:
- Zerto failover post-script → DNS + service checks ← canonical use case
- GitHub-style HMAC-signed webhook
- Pop UI on the user's desktop
A ready-to-drop-in Zerto-side script is included at scripts/examples/zerto-post-failover.ps1.
Requirements
- Windows 10 / 11 / Server 2019+
- x64
- .NET 8 SDK to build (the released installer includes everything else)
Building from source
git clone https://github.com/recklessop/webhook-server.git
cd webhook-server
# Dev install (publishes + copies to C:\Program Files\WebhookServer + registers service)
powershell -ExecutionPolicy Bypass -File scripts\deploy.ps1
# Or build the installer locally (requires Inno Setup 6: winget install JRSoftware.InnoSetup)
powershell -ExecutionPolicy Bypass -File scripts\build-installer.ps1
License
TBD.
Description
Windows webhook server: HTTP requests trigger PowerShell or any executable, configured via a desktop GUI, running as a Windows Service. Built for Zerto pre/post scripts, GitHub webhooks, monitoring alerts - anywhere a Windows-side script needs to fire on HTTP.
https://jpaul.me
Readme
MIT
586 KiB
Languages
C#
75.6%
PowerShell
20.6%
Inno Setup
3.8%