Secure remote web server access (Node-Red)

Many IoT or Operational Technology (OT) industrial application scenarios demand remote access to SCADA systems or other type of web servers. This can be a simple web server that is used to configure the unit or a more complex application like Node-Red that needs remote access. If the full desktop needs to be shared in a Teamviewer style please see here.

Often this access is only possible within the local network because the firewall is configured to block all access attempts from the outside. In many cases this is done on purpose to have an air-gap to the internet in order to protect the system. However, this can be very impractical for effective daily operations.

With qbee.io it is possible to close all ports via the firewall of the device and still access the web server remotely. qbee can also connect through the firewall or any NAT that comes before the device. This is all done through the build-in secure connection mechanism that qbee features.

Tip

No matter if:

  • you want to get secure remote access to a device running a web server
  • or if a digitalization initiative has removed a previous air-gap exposing local devices with webserver in a larger network context

qbee will allow you to close the device firewall and still provide secure remote access. This works on any port, no matter of this is http (80), https (443) or a special port like Node-Red's 1880.

Just install the qbee-agent on your device and bootstrap it to your qbee account. As always we recommend you to configure the qbee firewall to drop all connections for increased security.

Then you can start qbee-connect on your local machine. For the example we want to connect to Node-Red on a industrial Systec CTR-700. All this can also be done with a standard Raspbian image on a Raspberry Pi.

Select the device and create a custom port 1880 for Node-Red.

qbee-secure-remote-web-server-access1

This will securely map the remote port 1880 to a local port. In this case it is port 64388.

qbee-secure-remote-web-server-access2

By clicking on the copy item this port can be copied. Then simply start a local web browser and guide it to localhost:64388 or 127.0.0.1:64388. This will open the remote web page as if you are locally logged in to the machine.

qbee-node-red-remote-access

Tip

qbee.io can map any port such as http (80), https (443) or special ports (such as Node-Red's 1880) to a local machine. Even more so, also other services can be mapped. Using port 5900 allows to pipe a VNC connection through qbee-connect. More information about secure remote VNC connections can be found here