使用Google App Engine将消息初始化到防火墙后面的设备 [英] Using Google App Engine to Initiate Messages to a Device Behind Firewall

问题描述

我想使用Google App Engine向位于防火墙/路由器/NAT之后的设备发起http流量.这些设备将从GAE接收命令.我可以让设备轮询GAE以查找新消息，但这会占用大量流量.或者，我可以尝试永久性地保持打开连接，但这非常昂贵而且很糟糕.

I'd like to use Google App Engine to initiate http traffic to devices that will be behind firewalls/routers/NAT. These devices will be receiving commands from GAE. I could have the devices poll GAE looking for new messages, but this uses a lot of traffic. Alternately, I could try and hold open a connection permanently, but that is super expensive and bad.

设备将没有静态IP地址.但是，他们将与Google App Engine定期进行通信，然后设备可以监听刚刚打开的端口以进行任何传入通信.如果我了解 TCP打孔，因为设备已经向GAE发送了流量将分配一个端口，该端口转换为设备正在侦听的端口，并且相应地，GAE在防火墙中有一个可用的孔.

The devices won't have static IP addresses. However, they will be communicating periodically with Google App Engine and the device can then listen to the port they just opened for any incoming communications. If I understand TCP Hole Punching since the devices already sent traffic to GAE they will have a port assigned that translates to the port the device is listening to and Correspondingly GAE have a hole available in the firewall.

但是，为了让GAE将流量发送到设备，它需要知道设备在其公共IP上分配的端口.这就是问题所在，因为GAE无法为传入流量提供源/远程端口.在不知道设备刚刚使用的端口的情况下，除了http响应消息之外，我无法发送其他任何设备.我实际上无法向该设备启动http/tcp消息.

However, in order for GAE to send traffic to the device it needs to know the device's assigned port on its public IP. Here in lies the problem, as GAE doesn't make available the source/remote port for incoming traffic. Without knowing the port the device just used, I can't send the device anything other than http response messages. I can't actually initiate http/tcp messages to that device.

那么，有谁知道为GAE获取传入的源/远程端口的方法，还是知道向防火墙后的设备发起流量的另一种方法?

So, does anyone know of a way of getting the incoming source/remote port for GAE or know of an alternate way of initiating traffic to devices behind firewalls?

TL; DR:到底如何获取发送到GAE上的应用程序的HTTP消息的远程端口?

TL;DR: How on earth do you get the remote port for http messages sent to apps on GAE?

推荐答案

由于安全数据连接器已过时，最好的选择是部署将代理传入请求的服务.您有多种选择，例如配置防火墙和设置端口转发或apache反向代理.

Since the secure data connector is deprecated, your best option is to deploy a service that will proxy the incoming requests. You have a number of options like configuring your firewall and setup port forwarding or apache reverse proxy.

如果您的内部地址发生变化，那么这也是处理此问题的地方.例如，您可以让DHCP服务器在apache反向代理中触发配置更改.

If your internal addresses change, then that is also the place to deal with this. For instance, you could let the DHCP server trigger a configuration change in your apache reverse proxy.

这篇关于使用Google App Engine将消息初始化到防火墙后面的设备的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！