Every open3ABox has an open websocket connection to my server. I do the monitoring over this connection and for updates and support I tell the box over the websocket connection to forward a port via ssh to my server. The port will be automatically closed by the open3ABox after three hours.
This means no constantly open port and an encrypted connection where only my server is allowed to do a remote function execution (get monitoring values, open port, etc.) on the box.
That is very clever, I like it. Especially dependency on proven and simple technology. VPN swarm like e.g. ZeroTier which I was thinking about would be too complex and thus harder to maintain.
Every open3ABox has an open websocket connection to my server. I do the monitoring over this connection and for updates and support I tell the box over the websocket connection to forward a port via ssh to my server. The port will be automatically closed by the open3ABox after three hours.
This means no constantly open port and an encrypted connection where only my server is allowed to do a remote function execution (get monitoring values, open port, etc.) on the box.