ESPeriments with Nginx (Part I)

*rises from coffin*
I have returned from the dead insanely-busy (I know that’s not a real word) ! Hope you guys have had a swell time. Been doing lots of work on stuff,  both personal and professional so I’ve had very little time to settle down and write. Luckily I just completed a milestone project so I had some time to kill. *sips Pina Colada*
Today’s post will be a bit lengthy – to make up for lost time Open-mouthed smile . But first, some context. I spent most of January working on a small IoT sort of solution. I won’t go into specifics, but the salient points involved using an ESP12-E module to make requests to a local server (a server on a local network not the internet). For the uninitiated, the ESP12-E module is a cheap (~$3) WiFi-enabled microcontroller…thing. It runs at 80MHz, has up to 4MBytes of flash space and has ~8 GPIOs. It is also Arduino-compatible, so you can get up to speed fairly quickly with it. There are excellent guides on the net describing how to wire the thing up, how to configure the Arduino IDE to support it, and how to actually deploy code to it. There are also other variants – the base microcontroller its built around is called the ESP8266, and that same microcontroller powers over 12 variant designs (of which the ESP12-E is one), each offering a different feature set (e.g different number of GPIOs, different amount of flash memory, different antenna options, etc). The ESP12-E is one of the higher-end variants.
In terms of server-side software, I’d written a suitable program using C#.Net and the NancyFx framework. The app talked to a MySQL server instance running on the same machine. Code-wise, the data access layer was built around the excellent ServiceStack.OrmLite ORM package, which let me write some beautiful code and not bother about writing any raw SQL. Big ups to ServiceStack.
In any case, the fun started when I needed to deploy this solution to a Linux machine. So I spun up an Ubuntu 16.04 server instance and installed mono-complete (the .NET runtime), mysql and other server management tools – openssh-server, screen, etc etc. Now, as I was using Nancy’s Self-Hosting feature (where the Nancy app runs as a regular program as opposed to being hosted by IIS or similar), I could have easily let things rest easy like this. However, I’d been told that that server would probably be used to serve other web content and stuff. I remembered reading that Nancy could work hand-in-hand with Nginx, so I decided to give that a shot.
Essentially, Nginx could be configured to direct any requests for a particular URL to some other server. This is called “Proxying”. That way, the Nancy app itself would be the other server, and the aim was to configure Nginx to redirect any requests to the app. As can be seen from the Nancy documentation, there are a few advantages to doing this. But, it was a learning exercise anyway. Most importantly, end users wouldn’t need to enter any esoteric port information when accessing the URL, as Nginx could easily proxy the request to the right IP and port. In addition, it’d be theoretically possible to harden the solution so that the NancyFx app itself would only serves requests originating from the local computer. Since proxied requests appear to originate from the local computer, this would provide some degree of security since all requests would have to hit Nginx first before getting to the NancyFx app, ensuring that some hanky-panky never makes it right to the app itself. Haven’t verified that though.
So, I transferred the application to the server with its associated dependencies (dll files) and tested it with vanilla Mono, whence it worked perfectly. Next up, it was time to tangle with Nginx. I mostly followed the steps from here but customized them to suit my own purposes e.g My app was listening on port 2121, not port 8888, etc etc. Tested that and it worked!
In the next post, I’ll talk about securing the solution with SSL certificates.
Stay tuned!

Comments

Popular posts from this blog

Enabling SPI1 on the Raspberry Pi B+/Zero/2/3

Bitbanging SPI on the Raspberry Pi (via spi-gpio)

Getting Started with Logic Analyzers and Pulseview