Azure IoT Edge – Remote Management (Part 2)

This is an addition to a previous post: https://www.magicazure.com/2021/08/remote-management-of-iot-edge-devices/

In my previous post on remote management of IoT Edge devices I described the use of autossh to create a tunnel to the edge device. Recently I was asked to expose a locally hosted website, via the edge device, to an intranet. Based on the autossh setup in my previous post I exposed local port 80 to a remote port 20080. This can be achieved via autossh -M 20000 -f -N edgemanager@edge-controller.magicazure.com -R 21234:localhost:80

When running a webbrowser on the edge-controller jumpbox I could access the website. Just point the browser to http://localhost:21234. Easy peasy.

However, in this situation we would like to access the web server via the intranet. By default, the ports exposed via autossh are only accessible for the localhost of the jumpbox (edge-controller). Not for other machines in the same network. This can however easily be fixed. You just have to change 1 setting on the jumpbox sshd_config file

  1. log into the edge-controller
  2. execute sudo nano /etc/ssh/sshd_config
  3. find the line #GatewayPorts no and replace by GatewayPorts yes
  4. restart the sshd service via sudo systemctl restart sshd

now you can access the website hosted locally on your edge device via http://edge-controller.magicazure.com:21234

Beware to only use this setup when your firewalls are really set up correctly. In order to allow the autossh to function you must allow port 22 on the edge-controller to be accessible from the edge device. However, this might lead to a situation where you accidentally also open port 21234 to the whole wide world. This is a serious security risk.