Open khaimov opened 7 years ago
I personally do this with nginx. I have all my stuff behind an nginx proxy.
@maddox thanks for the superfast response, I have this running on Raspberry Pi, and I guess I can install nginx and reverse proxy into it. What would the Rest Call look like then? I would like to use IFTTT Maker to trigger a call to Harmony-API.
Oh, all i'm doing is BLOCKING traffic from outside the network.
@maddox I appreciate the response anyway. I think I will use an API Gateway, something like Kong, so this way I can securely broker communication via DMZ.
anyone mind sharing their nginx config for this? i have it kinda working but i'm missing something.
Here's my config. I'm using nginx as a proxy, and I'm securing it by blocking it outside of of my local network.
# --- + PROXY + ---
# Template variables:
#
# * domain = harmony.domain.com
# * name = harmony
# * type = proxy
# * host = localhost
# * port = 8282
upstream harmony-lb {
server localhost:8282;
}
server {
listen 80;
server_name harmony.domain.com;
return 301 https://harmony.domain.com$request_uri;
}
server {
server_name harmony.domain.com;
listen 443 ssl;
location / {
allow 192.168.1.1/24;
allow 127.0.0.1;
deny all;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://harmony-lb;
}
ssl_certificate /etc/letsencrypt/live/harmony.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/harmony.domain.com/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
access_log /var/log/nginx/harmony-access.log;
error_log /var/log/nginx/harmony-error.log;
}
# --- - PROXY - ---
Here's the security parts:
allow 192.168.1.1/24;
allow 127.0.0.1;
deny all;
Is there a way to secure the HTTP endpoint, so authentication is required? I see the option for mqtt, but not http.