I posted a question about this on ServerFault <https://serverfault.com/questions/1125770/iot-http-multiplexing-through-cloud-host>last week but didn't get any answers other than a few comments from one person who said (basically) "use a VPN". That seems like overkill. I'm trying to find a reliable way to proxy occasional HTTP access to any of ~100 geographically dispersed IOT devices through a cloud server.
I'm using Go on the cloud server and on the IOT devices, so I thought I'd ask here. *Situation:* - We have complete control over the configuration of the IOT devices and the cloud host. - We don't have control of the customers' routers and firewalls, but can specify minimum requirements for port openings, etc. - FWIW, the IOT devices are BeagleBone Black running Debian Buster and the cloud host will be, typically, a multi-core droplet (or similar) running Linux. - The IOT's serve dynamic web pages over HTTP. (HTTPS doesn't seem feasible because of certificate requirements and overall load on the IOT cpu.) The cloud host will have HTTPS capability. - This is a low-traffic situation. The IOT's report some overall status information (via rsync/ssh) at 4 minute intervals). We already have a web interface (written in Go) on the cloud server that aggregates and displays the status reports. - Access to an IOT's web service will only occur when a user wants to investigate a problem report in more detail. Typically, only one or two users will have credentials to browse the cloud server. The scheme I have in mind is: 1. At configuration time for each IOT device the installation tech will use ssh-copy-id to install the IOT device's public key on the cloud service. 2. The IOT device will then remotely execute a one-shot program (already written and tested) on the cloud server. The IOT will provide a unique identifier as an argument and the program will return a permanent port number and add a record to a database to record the assignment. 3. The IOT will open a reverse SSH tunnel on the server (probably managed by auto-ssh) specifying the permanent port on the server and a local port on which it will listen for HTTP requests. 4. The cloud server, when generating status report pages, will include a link to fetch the home page of each IOT device by embedding its unique identifier specified in step 2 above. The piece I'm missing is how to construct a proxying handler that will use the identifier in the link to look up the tunnel port and fetch the IOT's home page and thereafter make it seem as though the user is directly browsing the IOT. Any help appreciated (and thanks for reading this far!) -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/116894c3-e90c-4181-9d94-06780724bdf9n%40googlegroups.com.
