Skip to content
Enforcing encryption, authentication and authorization before allowing access to your local IoT network with common protocols
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bgw-auth-service Switch testing to local Keycloak Jun 15, 2019
bgw-configuration-service fix: configuration-services re-uses http-proxy config.js Jun 14, 2019
bgw-external-interface Switch testing to local Keycloak Jun 15, 2019
bgw-http-proxy add health status endpoint to bgw-http-proxy Jun 24, 2019
bgw-mqtt-proxy Introduce unit testing with mocha Jun 14, 2019
bgw-websocket-proxy Introduce unit testing with mocha Jun 14, 2019
certs Prepare tests for docker swarm mode Jun 19, 2019
config Improve documentation. Jul 16, 2019
docs Improve documentation. Jul 16, 2019
logger Merge branch 'master' of https://github.com/raphaelahrens/border-gateway Jun 13, 2019
test Improve documentation. Jul 16, 2019
tracer Introduce unit testing with mocha Jun 14, 2019
.dockerignore Perform tests with docker swarm Jun 22, 2019
.gitignore Loggging with winston Feb 27, 2019
.travis.yml add local registry Jun 24, 2019
Dockerfile Perform tests with docker swarm Jun 22, 2019
Dockerfile-tester Perform tests with docker swarm Jun 22, 2019
LICENSE Update LICENSE Jun 14, 2019
README.md Improve documentation. Jul 16, 2019
bgw.sh Refactored bgw.sh Jun 7, 2019
json2env.js get rid of log coloring Jun 11, 2018
package-lock.json Introduce unit testing with mocha Jun 14, 2019
package.json

README.md

Border Gateway

Docker Pulls GitHub tag (latest SemVer) Build Status

The LinkSmart Border Gateway provides a single point of entry into an "Internet of Things" autonomous system (IoT-AS) consisting of connected devices, their supporting services and the messaging infrastructure. These are the main functionalities:

  • TLS offloading at the edge of the protected autonomous system (HTTPS, TLS-encrypted MQTT and TLS-encrypted WebSocket).
  • Authentication and authorization for HTTP, MQTT and WebSocket requests. Users and their permissions can be defined using an Identity Provider conforming to the OpenID Connect protocol.
  • Access control for HTTP requests can be defined for the type of protocol (HTTP or HTTPS), requested resources (or paths) and allowed HTTP methods.
  • Access control for MQTT requests can be defined for topics, wildcards, and MQTT commands (publish, subscribe etc.).
  • Access control for WebSocket connections can be defined for hostnames and ports.
  • HTTP request forwarding to internal services according to location definitions (e.g. a request to https://iot.linksmart.eu/<location> can be forwarded to localhost or any other host protected by the Border Gateway on the correct port).
  • Address translation for HTTP requests, i.e. internal IoT-AS addresses in HTTP responses can be translated to external addresses that the requester is able to connect to.

Find the complete documentation here.

Deployment

See the deployment page.

Configuration

Find a commented configuration example here. Also have a look under /test for example configurations.

Development

Border Gateway consists of a number of optional Node.js-based microservices:

  • bgw-auth-service: Handles access to the OpenID Connect provider.
  • bgw-configuration-service: Allows online configuration of some configuration items.
  • bgw-external-interface: Handles TLS offloading.
  • bgw-http-proxy: Handles connections to HTTP based services / REST APIs.
  • bgw-mqtt-proxy: Handles connections to MQTT brokers.
  • bgw-websocket-proxy: Handles connections to WebSocket services.

It is highly recommended to run the Border Gateway using Docker and docker-compose (see deployment page).

If Docker is available on your machine, you can run the Border Gateway test suite locally by cloning the repository and then running

./test/build_and_run_tests.sh no_ssl nginx nginx_no_x_forward nginx_444 ei redis_1 redis_120

This creates a full setup with Keycloak as an OpenID Connect provider, web servers (nginx) using self-signed TLS certificates and some backend components, then runs tests on the Border Gateway using all supported protocols for multiple configurations.

You can’t perform that action at this time.