Secure IoT projects with Nginx Reverse Proxy on a Raspberry Pi – with Let's Encrypt

This video explains a way of adding additional security to IoT devices (including Raspberry Pi, Arduino, ESP32 and Pico RP2040) by using Nginx as a reverse proxy. This is used to convert secure https requests from the client to http requests for the IoT devices. By using a reverse proxy it also allows multiple IoT devices to share the same Internet address (similar to NAT, but using application layer modifications instead of TCP layer port allocations). The encryption is provided using SSL/TLS and has a signed certificate from Let’s Encrypt which is created using the certbot tool. This is an improvement on my earlier example using self-signed certificates generated using openssl.

Before watching this you may want to see the following video on Penguin Fortress: https://youtu.be/LUQd4ZnTm8E
http://www.penguinfortress.com/security/https-wireshark
The Penguin Fortress video is on how to secure IoT projects using https SSL/TLS on a Raspberry Pi. It explains about the problem with http and gives a hacker demo using Wireshark to sniff the network. Whereas the Penguin Fortress example uses Nginx as a web server, this video instead uses Nginx as a proxy server.

This video explains about the role of a Reverse Proxy including some pros and cons, and then shows how a reverse proxy can be used to provide encryption (using SSL/TLS from Let’s Encrypt) as well as how it can redirect between different computers.

This is really powerful allowing you to provide additional security to IoT devices without needing to have https on the end devices and without needing to create an manage individual encryption keys and certificates for each of the Internet of Things devices.

If you follow this video then you should have a better understanding of how you can use a reverse proxy as well as how to implement https on Nginx using free Let’s Encrypt certificates to avoid the warning messages that you get if using a self signed certificate generated using the openssl command line tool.

Find out more about the Raspberry Pi Pixel Server here:
http://www.penguintutor.com/projects/pixelstrip

See more details about using a Raspberry Pi as a reverse proxy here:
http://www.penguintutor.com/projects/nginx-reverse-proxy

Chapters:
00:00 Why SSL/TLS security is important for IoT
00:27 How hackers use sniffers to capture packets with wireshark
01:06 Encryption to the rescue
02:05 Using a reverse proxy
06:28 Using the reverse proxy with pixel server
07:09 Configuring Nginx as a proxy server
08:15 Adding https encryption with Let’s Encrypt
10:11 Summary