- Learn Linux
- Learn Electronics
- Raspberry Pi
- LPI certification
- News & Reviews
This explains about how to secure IoT projects by adding HTTPS SSL/TLS encryption through an Nginx proxy server.
Before watching this you may want to see the following video on Penguin Fortress. The Penguin Fortress video is on how to secure IoT projects using https SSL/TLS on a Raspberry Pi. It explains about the problem with http and gives a hacker demo using Wireshark to sniff the network. Whereas the Penguin Fortress example uses Nginx as a web server, this video instead uses Nginx as a proxy server.
This is explained in more details on the Penguin Fortress website: Secure Raspberry Pi IOT with HTTPS - stop hackers with Wireshark demo
This video explains a way of adding additional security to IoT devices (including Raspberry Pi, Arduino, ESP32 and Pico RP2040) by using Nginx as a reverse proxy. This is used to convert secure https requests from the client to http requests for the IoT devices. By using a reverse proxy it also allows multiple IoT devices to share the same Internet address (similar to NAT, but using application layer modifications instead of TCP layer port allocations). The encryption is provided using SSL/TLS and has a signed certificate from Let's Encrypt which is created using the certbot tool. This is an improvement on my earlier example using self-signed certificates generated using openssl.
This video explains about the role of a Reverse Proxy including some pros and cons, and then shows how a reverse proxy can be used to provide encryption (using SSL/TLS from Let's Encrypt) as well as how it can redirect between different computers.
This is really powerful allowing you to provide additional security to IoT devices without needing to have https on the end devices and without needing to create an manage individual encryption keys and certificates for each of the Internet of Things devices.
If you follow this video then you should have a better understanding of how you can use a reverse proxy as well as how to implement https on Nginx using free Let's Encrypt certificates to avoid the warning messages that you get if using a self signed certificate generated using the openssl command line tool.
If you would rather use a Raspberry Pi you can see my related project on Raspberry Pi Pixel Server.
Please view the copyright information regarding use of the circuits.