Honestly I'd probably use grpc and keep a constant connection from the IOT to the cloud. No ports/services required on the client at all and the server can still request things in real time.
Like: https://www.talentica.com/blogs/part-3-building-a-bidirectional-streaming-grpc-service-using-golang/ On Wed, Mar 15, 2023, 6:35 PM Michael Ellis <michael.f.el...@gmail.com> wrote: > FWIW, I pasted my post into ChatGPT-4 and got what might be a plausible > outline of an approach using httputil.NewSingleHostReverseProxy. > > But, as we know, LLM's are prone to hallucination. If you're curious, > here's a share link. > > https://shareg.pt/cNoNdWc > > On Wednesday, March 15, 2023 at 5:57:48 PM UTC-4 Michael Ellis wrote: > >> I posted a question about this on ServerFault >> <https://serverfault.com/questions/1125770/iot-http-multiplexing-through-cloud-host>last >> week but didn't get any answers other than a few comments from one person >> who said (basically) "use a VPN". That seems like overkill. I'm trying >> to find a reliable way to proxy occasional HTTP access to any of ~100 >> geographically dispersed IOT devices through a cloud server. >> >> I'm using Go on the cloud server and on the IOT devices, so I thought I'd >> ask here. >> >> *Situation:* >> >> - We have complete control over the configuration of the IOT devices >> and the cloud host. >> - We don't have control of the customers' routers and firewalls, but >> can specify minimum requirements for port openings, etc. >> - FWIW, the IOT devices are BeagleBone Black running Debian Buster >> and the cloud host will be, typically, a multi-core droplet (or similar) >> running Linux. >> - The IOT's serve dynamic web pages over HTTP. (HTTPS doesn't seem >> feasible because of certificate requirements and overall load on the IOT >> cpu.) The cloud host will have HTTPS capability. >> - This is a low-traffic situation. The IOT's report some overall >> status information (via rsync/ssh) at 4 minute intervals). We already have >> a web interface (written in Go) on the cloud server that aggregates and >> displays the status reports. >> - Access to an IOT's web service will only occur when a user wants to >> investigate a problem report in more detail. Typically, only one or two >> users will have credentials to browse the cloud server. >> >> The scheme I have in mind is: >> >> 1. At configuration time for each IOT device the installation tech >> will use ssh-copy-id to install the IOT device's public key on the cloud >> service. >> 2. The IOT device will then remotely execute a one-shot program >> (already written and tested) on the cloud server. The IOT will provide a >> unique identifier as an argument and the program will return a permanent >> port number and add a record to a database to record the assignment. >> 3. The IOT will open a reverse SSH tunnel on the server (probably >> managed by auto-ssh) specifying the permanent port on the server and a >> local port on which it will listen for HTTP requests. >> 4. The cloud server, when generating status report pages, will >> include a link to fetch the home page of each IOT device by embedding its >> unique identifier specified in step 2 above. >> >> The piece I'm missing is how to construct a proxying handler that will >> use the identifier in the link to look up the tunnel port and fetch the >> IOT's home page and thereafter make it seem as though the user is directly >> browsing the IOT. >> >> Any help appreciated (and thanks for reading this far!) >> > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/4eee9142-17f1-4d78-9057-9702e1d2d557n%40googlegroups.com > <https://groups.google.com/d/msgid/golang-nuts/4eee9142-17f1-4d78-9057-9702e1d2d557n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAD53Lr4TNH34ZmFiZmS1JzzhTzDaa7q6US2YXETOBDEhcgL6dw%40mail.gmail.com.
