⛅ remote sensors · nftables hardening

📡 distributed city sensors

last update: --

🔧 infra tips

🌐 nginx · reverse proxy + ssl

server {
  listen 443 ssl;
  server_name sensor.utonetdev.io;
  ssl_certificate /etc/nginx/ssl/sensor.pem;
  ssl_certificate_key /etc/nginx/ssl/sensor.key;
  location / {
    proxy_pass http://127.0.0.1:8080;
  }
}
✔ only https, http redirect closed

🛡️ nftables · firewall ruleset

table inet filter {
  chain input {
    type filter hook input priority 0;
    # allow ssh (key-only) and https
    tcp dport 22 accept
    tcp dport 443 accept
    # drop everything else
    policy drop
  }
}
⚡ nft-based, no ufw · strict inbound

🔑 ssh · key‑based auth only

# /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin prohibit-password
AllowUsers sensoradmin
🔐 disable passwords, enforce keys

📊 remote sensor polling

#!/bin/bash
# cron every 5min: fetch temp via mqtt
mosquitto_sub -h broker.utonet \
  -t "city/+/temperature" -C 1
📡 mqtt bridge for temp/humidity
⚙️ utonetdev · edge monitoring
© utonetdev — sensor mesh · nftables / nginx / ssh hardening