如何从服务器向路由器后面的设备发出请求 [英] How to make request from server to devices behind router

问题描述

我需要从服务器向在用户家中硬件上运行的应用程序发出请求.我不能让应用程序将数据推送到服务器，因为我不存储数据，但需要将其转发到面向客户端的 Web 应用程序(我也不允许将数据存储在服务器上).我目前不确定如何实现这一目标.我唯一的想法是打开空闲套接字连接，我可以将请求写入其中.这看起来很复杂，我不知道它是否可扩展(打开套接字连接有限制吗?空闲连接浪费了多少资源?).它也有点低级，但我看不到如何使用http，我不知道其他合适的协议.

I need to make requests from the server to application running on hardware at the users home. I can't let the application push the data to the server since i don't store the data, but need to forward it to a client-facing web app (Also i am not allowed to store the data on the server). I am currently unsure how to achieve this. My only idea is to have idle socket connections open where i can write the requests into. This seems complicated and i don't know whether it is scalable (is there a limit on open socket connections? How much resources do idle connections waste?). It is also a bit low-level, but i can not see how i can use http and i don't know other suitable protocols.

推荐答案

以下是一些可用的选项.我假设家庭网络是典型的家庭安装，默认情况下来自互联网的传入连接被家庭路由器/防火墙阻止.

Here are some of the options available. I'm assuming that the home network is a typical home installation where incoming connections from the internet are blocked by the home router/firewall by default.

家庭应用投票服务器

由于在家庭网络上运行的应用程序可以连接到 Internet，因此您可以改变连接，以便家庭网络上的应用程序连接到 Internet 上的服务器.根据应用程序和需求，家庭应用程序可以与您的服务器建立一个简单的 HTTP 连接，每天一次、每小时一次、每 5 分钟一次等等……视情况而定.如果服务器没有用于家庭应用程序的任何内容，那么它只会返回一个简单的响应，即它没有数据.如果服务器有一些用于主应用程序的数据，那么它只会在传入请求进来时返回该数据.

Since the application running on the home network can connect out to the internet, you could turn the connection around so that the application on the home network connects out to your server on the internet. Depending upon the application and needs, the home application could make a simple HTTP connection to your server, once a day, once an hour, once every 5 minutes, etc... depending upon the situation. If the server has nothing for the home application, then it just returns a simple response that it has no data. If the server has some data for the home application, then it just returns that data when the incoming request comes in.

这种方案的主要缺点是服务器必须等到下一个客户端轮询间隔才能向客户端传送数据.

The main drawback of this scheme is that the server must wait until the next client polling interval before it can deliver data to the client.

Home Application 连接 webSocket 或 socket.io 连接服务器

再次，家庭应用程序连接到服务器，但这次它创建了一个 webSocket 或 socket.io 连接.然后，只要您愿意，该连接就可以保持打开状态.一旦此连接打开，服务器就可以随时自由地发送客户端数据.如果连接在任何时候中断，客户端只是重新建立一个新的连接.这在客户端几乎没有任何成本，而服务器上的资源很少(每个连接需要一点内存).

Again, the home application connects to the server, but this time it creates a webSocket or socket.io connection. That connection can then be held open for as long as you like. Once this connection is open, the server is free to send the client data at any time. If the connection is interrupted at any time, the client just re-establishes a new connection. This costs pretty much nothing on the client side and a very small amount of resources on the server (a little memory per connection).

正确配置的服务器可以同时处理数十万个 webSocket 连接.专门配置的服务器甚至可以处理数百万个连接.

Properly configured servers can handle hundreds of thousands of simultaneous webSocket connections. Specially configured servers can even handle millions of connections.

家用路由器/防火墙漏洞

在这种情况下，家庭路由器/防火墙被配置为将特定端口(可能不是端口 80)上的传入请求端口转发"到家庭应用程序.在这种情况下，家庭应用程序必须事先向服务器注册其 IP 地址，并正确配置家庭路由器/防火墙以允许通过特定端口直接访问家庭应用程序.一旦所有这些配置正确，服务器就可以直接连接到家庭应用程序.

In this case, the home router/firewall is configured to "port forward" incoming requests on a specific port (probably not port 80) to the home application. In this case, the home application must have previous registered its IP address with the server and have properly configured the home router/firewall to permit direct access on a specific port to the home application. Once that is all configured properly, the server can connect directly to the home application.

因为普通消费者最终用户通常在配置路由器/防火墙以允许此访问时遇到问题，并且故障排除很困难，所以这不是一个非常常用的选项.

Because regular consumer end-users will often have trouble configuring the router/firewall to permit this access and troubleshooting is difficult, this is not a very commonly selected option.

混合轮询

还有一种混合方法，即家庭客户端定期向服务器发送 UDP 数据包.此 UDP 数据包导致家庭路由器/防火墙打开从同一服务器返回家庭客户端的返回路径.该返回路径将在一段时间内保持打开状态，在该时间间隔内，服务器可以向客户端发送 UDP 数据包，路由器/防火墙将允许它进入.这是某些点对点使用的方案的派生对等协议，以便通过家庭路由器/防火墙.因为这是 UDP，而不是 TCP，客户端/服务器负责自己的传输可靠性.

There is also a hybrid approach where the home client regularly sends a UDP packet to the server. This UDP packet causes the home router/firewall to open up a return path from that same server back to the home client. That return path will stay open for some period of time and during that time interval the server can send a UDP packet to the client and the router/firewall will let it in. This is a derivation of a scheme used by some peer-to-peer protocols in order to get through home routers/firewalls. Because this is UDP, not TCP the client/server are responsible for their own delivery reliability.

这篇关于如何从服务器向路由器后面的设备发出请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！