I’m investigating a use case to install a Iotawatt at a remote location, and I want to be able to securely access the Iotawatt remotely.
In accordance with earlier discussions (for example here: Remote access of base unit) I currently open port 80 in the ISP router at the remote location and I set a password on the Iotawatt. However, all traffic is unsecured and the solution only works if I can access the ISP router settings.
I’m investigating an alternative solution, where I put a Raspberry Pi (or similar) next to the Iotawatt, where the RPi acts as a router and VPN and/or reverse proxy with SSL.
The RPi would expose a Wifi access point to which the Iotawatt connects. The RPi would be connected to the local LAN either through Ethernet or Wifi (in that case i would need an extra Wifi USB stick in the RPi).
I would go for a dockerized solution on the RPi (Raspbian with Docker or BalenaOS), as it would allow other applications to run as well.
I thought it would be interesting to share here my use case as it gets shaped. I’m hoping to hear your feedbacks and experiences.
The setup has big advantages as it enables secure communications, doesn’t need interventions on the ISP router (opening ports etc), and I can remotely access my Iotawatt (web interface) and Raspberry Pi (SSH) without hassle.
I’m currently making some trade-offs:
- OS to run on RPi: Running Raspbian+docker versus BalenaOS. BalenaOS would be ideal for remote fleet management, but I have no experience so far.
- VPN versus reverse proxy with SSL? (I read some preference towards OpenVPN in other topics like here: IoTaWatt Remote Access, but I would like to better understand the trade-off w.r.t. reverse proxying)
Any insights? If you have example code to share, would be interesting as well.