FIWARE / tutorials.PEP-Proxy

:closed_book: FIWARE 404: Securing Microservices and IoT Devices with a PEP Proxy
https://fiware-pep-proxy.rtfd.io/
MIT License
7 stars 15 forks source link

Missing iot-agent-proxy and referenced in fiware/tutorials.context-provider in northport.yml #11

Closed cxzero closed 3 years ago

cxzero commented 3 years ago

Hi,

When looking at the yml configurations I saw the northport.yml (https://github.com/FIWARE/tutorials.PEP-Proxy#securing-an-iot-agent-north-port) in its "fiware/tutorials.context-provider" image declaration is referencing these environmental variables.

If I understood well, I think above variables should be (as the south port of the IoT Agent is not being secured):

Besides, I would like to confirm that the topic "Securing an IoT Agent North Port" aims to secure traffic from IoT Agent to Orion Context Broker (IoT Agent => Orion). Is that correct? Or am I missing something?

In case that traffic to be secured from Orion Context Broker to IoT Agent (Orion => IoT Agent), should an additional PEP proxy be added listening on port 4042 and forwarding traffic to 4041 (PEP proxy for IoT Agent northport)?

Thanks, Juan

jason-fox commented 3 years ago

Yes, that was a typo - the correct configuration is:

The tutorial does not aim to be a realistic real-world scenario. It would be usual to add a PEP proxy between the context broker and anything else (either an app or an IoT Agent). The Southport PEP Proxy is more artificial - it is more likely you would configure using HTTPS or MQTTS or be using something like NGINX as the Gateway between your devices on the edge and the components in the cloud.