In Part 1: Edgeberry Devices, we've set up our first Edgeberry IoT device. When people think IoT, they usually only imagine the device, that “sends data to the cloud”. In real systems, that’s only the tip of the iceberg. Between the physical device and your dashboards, automations, and APIs, there’s a critical middle layer: something that actually knows your devices, how they connect, what they’re allowed to do, and where their data should go; an IoT connectivity and device management platform - The bridge between the data endpoints in the real world and the cloud.
In this tutorial, we’ll set up an open, self-hosted version of that middle layer: the Edgeberry Device Hub. It will act as the IoT hub for your Edgeberry devices, sitting between the field (your hardware) and the server-side applications (e.g., Node-RED, custom services, dashboards) that use their data.
Before we beginThis tutorial walks us through the steps of setting up Edgeberry Device Hub on a Virtual Private Server, and testing the setup with an Edgeberry device. For this, we'll need:
- One or more Edgeberry devices, powered by the Raspberry Pi 3B+ or more recent.
- A Virtual Private Server (VPS), preferably running GNU/Linux Ubuntu (this can be a Raspberry Pi on your local network, too) with direct or SSH access
- Access to a TCP/IP network and the internet
- (optional: access to the DNS record of your institution)
- NginX as a reverse Proxy.
- Edgeberry Device Hub as our IoT device endpoint
- Mosquitto as our MQTT broker.
- Certbot for managing our HTTPS certificates
- Node-RED for creating simple cloud-side IoT applications.
- UFW uncomplicated firewall
Now, let's SSH into our server, switch to the root user and jump in!
The ReadMe in Edgeberry Device Hub's repository describes these commands to install the software:
wget -O install.sh https://github.com/Edgeberry/Edgeberry-Device-Hub/releases/latest/download/install.sh;
chmod +x ./install.sh;
sudo ./install.sh -y;When the installation process is complete, you can access the Device Hub (http) webinterface on your server's address, at port 3000.
http://146.190.231.65:3000Security warning: at this point, there is no Secure Socket Layer used. We'll engage this with the reverse proxy in the next step.
2) Install and configure Node-REDNode-RED is a flow-based, low code, programming tool for wiring together hardware devices, APIs and online services. We’ll use it as the “playground” on the server side. The Edgeberry Project has Node-RED nodes for easily interacting with the Edgeberry Device Hub and Devices.
npm install -g --unsafe-perm node-redTo secure Node-RED, edit the settings.js file in the .nodered/ folder and add these lines:
adminAuth: {
type: "credentials",
users: [
{
username: "admin",
password: <hashed password>,
permissions: "*"
},
]
},Hash your password, and copy/paste it as the value in the password field:
node-red admin hash-pwReferences:
3) Install and configure NginX (with Certbot)A reverse proxy sits in front of your apps and forwards incoming requests to the right backend. Here, Nginx will
- terminate HTTPS (TLS)
- forward traffic to our Device Hub (port 3000) and Node-RED (port 1880)
- handle Let’s Encrypt certificate renewal via Certbot
This lets Edgeberry talk to the server securely using normal web URLs likehttps://devicehub.edgeberry.io.
Install NginX using apt:
apt install nginxIn the folder /etc/nginx/sites-available/ create a file for the configuation file for the Device Hub reverse proxy - for example devicehub.conf.
nano /etc/nginx/sites-available/devicehub.confYou can copy/paste my configuration file from the attachments.
Create the symlink in the /etc/nginx/sites-enabled/ folder to enable our reverse proxy.
ln -s /etc/nginx/sites-available/devicehub.conf /etc/nginx/sites-enabled/Install Certbot using snap:
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbotRun certbot for our Device Hub and Node-RED reverse proxys.
certbot --nginxReferences:
4) Configure FirewallUFW (Uncomplicated FireWall) gives us a simple, readable wrapper around iptables. We’ll:
- close direct access to internal ports (3000 = Device Hub HTTP, 1880 = Node-RED HTTP)
- only allow them from
127.0.0.1(so only Nginx can reach them) - open 8883/TCP for secure MQTT from Edgeberry devices.
ufw deny 3000
ufw deny 1880
ufw allow from 127.0.0.1 to any port 3000
ufw allow from 127.0.0.1 to any port 1880
ufw allow 8883/tcp
ufw --force enableIn your institution's DNS record, you can add an A record pointing to the Device Hub server and the Node-RED instance:
devicehub 10800 IN A 146.190.231.65
nodered 10800 IN A 146.190.231.65Now you can connect to your Device Hub using your domain and the device hub subdomain. For me that's:
https://devicehub.edgeberry.ioTo test our Device Hub setup, we'll connect our Edgeberry Device. First, whitelist your specific device by adding its hardware ID to your Device hub's whitelist. On your device, get the hardware ID by executing this command:
edgeberry --hardware-idWhen your device's ID is added to the Device Hub's whitelist, run the setup on your Edgeberry device:
edgeberry --setupand provide the setup with the necessary info.
Now your device is connected to your device hub, and ready to use - proving that your setup works correctly and you're ready to proceed with the next steps!
What's NextWe have set up the physical endpoint and digital endpoint for our bridge connecting the real world to the digital realm. Now, let's explore how to use it in Part 3: First IoT Application.
Comments