How to access an HTTP service on an Endpoint 

The S-IMSYplatform has an Edge Service that enables access to an HTTP service on an Endpoint.   

 When configured the  HTTP Publisher Edge Service acts as an HTTP Proxy.  It allows HTTP based Web Services hosted on the Endpoint Device to be published on the Internet via a unique website address.  This eliminates the need to provide a static or dynamic Public IP v4 address for each endpoint 

 

The flexibility of HTTP web services makes the HTTP Edge Service useful in many use cases, for example  

  • Providing access to a devices management web console 

  • Enabling secure access to a smart home automation system 

  • Collecting diagnostic data from a device 

 

 Pre-Requisite 

  • An HTTP service must be configured and running on the Endpoint device, this is typically a web server offering up web pages.  

  • The Endpoint device must be directly accessible from the Endpoint 

    • For instance if using a USB Dongle as the modem,  configure the DMZ on the dongle.  The Endpoint device can now be reached from the mobile network.  

    • Other devices such as Ethernet modems use port forwarding to enable HTTP traffic to be forwarded to a device on the Ethernet network.  

 

Configuring the SSH Edge Service 

 The HTTP Publisher needs to be configured in 2 steps: 

  1. The HTTP Publisher configuration needs be configured via the 'Edge Services' menu. 

  2. Configure a Routing Policy to enable the HTTP Publisher  

 Configure the HTTP Publisher 

On the portal navigate to Edge Services. Select Add to add a new service or select an existing servie to be updated.  

Here you can specify on which port the Endpoint device exposes the web service on. For instance the standard port 80 for HTTP or port 443 for HTTPS, or a custom port like 8080, 9000. 

 Specify the protocol on which the web service is exposed on the Endpoint, HTTP or HTTPS. In the case of HTTPS, there is an additional option to trust an insecure SSL Certificate which the Endpoint might be using, which is common in the case of Self-Signed certificates in private networks. 

 There is an option to enable "Basic Authentication". The authentication is provided by the s-imsy core before allowing traffic from the Internet to your Endpoint. 

 You can also choose to use Access Control Lists (ACLs) which allow or restrict access based on the Source IP address of the Internet request attempting to contact your Endpoint. The ACLs works in 2 modes: 

 

  • Allow: Which only allows the IP addresses or Subnets you specify, and blocks all other requests 

  • Deny: Which blocks the IP addresses or Subnets you specify, and allows all other requests 

 

Configure Routing Policy 

When your HTTP Publisher configuration has been created in the 'Edge Services', you now need to apply this configuration in a Routing Policy which your Endpoint is configured to use (via the Endpoint Groups). This is done by navigating to the Routing Policy, going to the 'Edge Services' tab, then enabling the HTTP Publisher and selecting the HTTP Publisher configuration created in Step 1 above. 

 To allow traffic for the HTTP service and deny all other traffic the Policy Rules should be set to just the default deny all traffic rule.   

 Select 'Save and Apply Rules', and the HTTP Publisher on all the Endpoints using this Routing Policy, will now have the HTTP Publisher Edge Service available. 

 Accessing the HTTP service  

The website address for the web service running on the Endpoint device can be found by navigating to the Endpoint view, selecting an Endpoint, and navigating to the 'Remote Access' tab. The Public URL is displayed right at the top. 

 http://192.168.50.132:8123/config/network 

 

 

Previous

What device types can a S-IMSY SIM be used in
Next

Restrict data access to Edge Services