How to remote access web services in your IoT, Raspberry Pi or any device

Ganesh Velrajan
5 min readAug 18, 2021

Let’s assume you have an IoT web application or web service running in your remote IoT device (say, a Raspberry Pi). Now you want to remote access, control and manage the web application running in your remote IoT device using an IoT controller application. Your IoT controller application cannot talk to the remote IoT device over the internet because the device resides behind a firewall or NAT router.

SocketXP IoT Platform provides a secure HTTPS tunnel to remote access web services in your IoT or Raspberry Pi or any device. Use the SocketXP HTTPS tunnel to pull or push data from your remote IoT web server.

SocketXP also creates a globally unique public web URL for the web service running in each of your remote IoT devices, so that you could access your IoT device and the web service from anywhere in the internet.

Typical IoT Web Service Remote Access usecases

  • Remote connect to SQL database server in a private network using HTTP URL.
  • Remote access to HTTP server serving files and data stored in your IoT device
  • Remote access to web applications running in your IoT device
  • Remote access to Home Assistant(Hassio) server running in your RPi device or home server
  • Remote access to REST APIs provided by your IoT device application
  • Remote access to VOIP devices or WiFi access points in your local network via a Raspberry Pi
  • Remote access to bot running in your private network.
  • Forward webhook notifications from online services to bot running in your private network.
  • Remote access to a web server running in your IoT device that hosts and serves live photos and live video recordings from your security camera or dogcam.
  • Remote access to a web application running in your drones.
  • Remote access to a MQTT broker in your home or office network over HTTP or Web Socket. IoT devices in the field would use the SocketXP HTTP tunnel to stream sensor data using MQTT to the remote MQTT broker.

Public URL for your web app — NodeJS Example

For our discussion, let’s take the case of IoT remote web application access as an example.

Let’s assume you have a nodejs web application(as shown below), running in your IoT device. Let’s also assume that the nodejs app listens on localhost port 3000.

Run the nodejs app on your IoT device using the following command.

Access the web app locally using a browser.

Now to access your nodejs web application from the internet, follow the instructions below to create a SocketXP HTTPS tunnel and a Public URL for your nodejs web app.

Step #1: Install SocketXP IoT Agent

Download and install (opens new window) the SocketXP IoT agent on your IoT or Raspberry Pi device.

Step #2: Get your Authentication Token

Sign up at (opens new window) and get your authentication token.

Use the following command to login to the SocketXP IoT Cloud Gateway using the auth token.

Step #3: Create a HTTPS tunnel to your IoT Node.js app

Use the following command to create a secure and private HTTPS tunnel endpoint at the SocketXP IoT Cloud Gateway.

$ socketxp connect http://localhost:3000 Connected. 
Public URL -> ``

Step #4: Access the SocketXP public web URL

Now access your IoT nodejs app from the internet using the SocketXP Public URL ( displayed in the previous step.

Single-Touch Installation

The 3 step instruction explained above to install & configure SocketXP IoT Agent on your IoT device is a tedious process, if you got thousands of RPi to install, configure and manage.

With this mind, SocketXP IoT Remote Access Solution also provides a single-touch installation command for installing and configuring SocketXP IoT Agent on large number of IoT or RPi devices.

Copy paste the below single-touch installation command into the terminal of your IoT devices and it will install/configure/setup and bring up the devices online in our SocketXP portal. Don’t forget to update the auth-token in the below command with the one uniquely assigned to you.

$ curl -O && chmod +wx && sudo ./ -a <your-auth-token-goes-here> -p "arm" -l "http://localhost:3000" -s "techron"

Note the use of -s <subdomain prefix> argument in the above command, which is a mandatory argument for creating SocketXP HTTPS tunnels. By default, IoT Device ID is used as the subdomain suffix to easily map the device to the SocketXP Public URL used to access the device.


The above single-touch installation command works best for Raspberry Pi based IoT devices. The script automatically retrieves the Raspberry Pi device serial number from /proc/cpuinfo system file and uses it as the IoT Device ID when configuring the device with the SocketXP IoT Cloud Gatway.

If your IoT device is not Raspberry Pi based and doesn’t have the serial number available in /proc/cpuinfo system file, then provide an organizationally unique device identifier Eg: ABC123456789 as an argument to the script.

In this case, the public URL generated by SocketXP IoT Cloud Gateway would look like this:

SocketXP Public URL:

where abc123456789 is the serial number of the device used as IoT Device ID.

Platform Architecture Type:

The above single-touch installation command automatically reads your CPU platform arch and OS type information from the uname -m command output.

If your device is Orange Pi, Nano Pi or other Pi variations, feel free to edit the script to meet your device or platform archtecture requirements.

The installation script takes the following arguments:

In addition to installing and configuring SocketXP IoT Agent on your Raspberry Pi device, the single touch installation command would also make the SocketXP IoT Agent to run as a Linux Systemd deamon in the background. So that whenever your device gets rebooted, SocketXP IoT Agent will be automatically kickstarted on boot up.

Security Best Practice:

We highly recommend that your web service implementation has a HTTP login/password or bearer token based authentication implemented using the HTTP authentication header to securely access your web service. This ability adds an additional layer of security when exposing your web service via SocketXP Public Web URL.

Originally published at



Ganesh Velrajan

Ganesh Velrajan is the founder of Ampas Labs Inc. Learn more about our SSH Remote Access Solutions at and