FWIW, I pasted my post into ChatGPT-4 and got what might be a plausible outline of an approach using httputil.NewSingleHostReverseProxy.
But, as we know, LLM's are prone to hallucination. If you're curious, here's a share link. https://shareg.pt/cNoNdWc On Wednesday, March 15, 2023 at 5:57:48 PM UTC-4 Michael Ellis wrote: > I posted a question about this on ServerFault > <https://serverfault.com/questions/1125770/iot-http-multiplexing-through-cloud-host>last > > week but didn't get any answers other than a few comments from one person > who said (basically) "use a VPN". That seems like overkill. I'm trying > to find a reliable way to proxy occasional HTTP access to any of ~100 > geographically dispersed IOT devices through a cloud server. > > I'm using Go on the cloud server and on the IOT devices, so I thought I'd > ask here. > > *Situation:* > > - We have complete control over the configuration of the IOT devices > and the cloud host. > - We don't have control of the customers' routers and firewalls, but > can specify minimum requirements for port openings, etc. > - FWIW, the IOT devices are BeagleBone Black running Debian Buster and > the cloud host will be, typically, a multi-core droplet (or similar) > running Linux. > - The IOT's serve dynamic web pages over HTTP. (HTTPS doesn't seem > feasible because of certificate requirements and overall load on the IOT > cpu.) The cloud host will have HTTPS capability. > - This is a low-traffic situation. The IOT's report some overall > status information (via rsync/ssh) at 4 minute intervals). We already have > a web interface (written in Go) on the cloud server that aggregates and > displays the status reports. > - Access to an IOT's web service will only occur when a user wants to > investigate a problem report in more detail. Typically, only one or two > users will have credentials to browse the cloud server. > > The scheme I have in mind is: > > 1. At configuration time for each IOT device the installation tech > will use ssh-copy-id to install the IOT device's public key on the cloud > service. > 2. The IOT device will then remotely execute a one-shot program > (already written and tested) on the cloud server. The IOT will provide a > unique identifier as an argument and the program will return a permanent > port number and add a record to a database to record the assignment. > 3. The IOT will open a reverse SSH tunnel on the server (probably > managed by auto-ssh) specifying the permanent port on the server and a > local port on which it will listen for HTTP requests. > 4. The cloud server, when generating status report pages, will include > a link to fetch the home page of each IOT device by embedding its unique > identifier specified in step 2 above. > > The piece I'm missing is how to construct a proxying handler that will use > the identifier in the link to look up the tunnel port and fetch the IOT's > home page and thereafter make it seem as though the user is directly > browsing the IOT. > > Any help appreciated (and thanks for reading this far!) > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/4eee9142-17f1-4d78-9057-9702e1d2d557n%40googlegroups.com.
