Introduction

The first thing you need to figure out is what you'd like to make: a garage door opener, a gate opener, a temperature recorder, or light controller, etc.

You may want to be able to access the device, not only over your local network but over the Internet so that it is accessible from your mobile device, for example.

There are multiple IoT services and platforms that provide this type of service. Most of what these services and platforms offer is focused on the central point of trusting the virtual cloud; Beame.io is different.

Why Beame.io?

Beame.io allows the issuance of publicly-trusted TLS credentials and access directly to the target device with end-to-end encryption provided by TLS accessible from any browser in the world. In essence, you work and develop on the device as if it were a normal web server. Beame.io can deliver HTML pages, Javascript, and other normal web server functionality. And with Beame.io, the device has its own keys, cert, and a tunnel making it accessible from anywhere. There are also options in Beame.io for TLS on a local network, but that's a bigger topic.

From a security standpoint, it accomplishes several important things, like:

A permanent hostname for the device;

A known public key and an authorization ledger (to be able to verify validity of the cert);

The ability to issue additional tokens for the creation of additional certs.

Our Goal

In this tutorial, we will focus on deploying a simple light on/off program directly from your Raspberry Pi via TLS to any browser in the world. The next question will obviously be: how do we restrict access to a particular device? Beame.io has a lot to tell and show on this subject, but, for now, let's use a really basic example.

Installing Raspberry Pi

To install the Raspberry Pi, you first need to download and install NodeJS (6.9.*). To do this, you will need to get SSH access to the Raspberry Pi and get the Pi on the network. We will not cover this here, but you can follow here.

ssh pi@myip curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - sudo apt-get install nodejs node --version pi@raspberrypi:~ $ node --version v6.9.2

Installing Beame.io

Then proceed to install beame-insta-ssl

pi@raspberrypi:~ $

Initially, it is easiest to receive your first set of credentials directly on the raspberry using an auth token from Beame.io.

You can also generate these tokens yourself and authorize your own certs with beame-sdk

We will cover this in the next tutorial, as well. If you will be using Beame.io in any serious fashion, you will want the root credentials to be somewhere else other than on the Raspberry, but, for now, this is the quickest and easiest way.

Getting Your First Token

To get your first token, you need to go here and prove that you are not a bot. You will receive your token in the email:

# beame-insta-ssl create 'token from email'

# beame-insta-ssl tunnel 8008 http Starting tunnel https://qwertyuio.asdfghjkl.v1.d.beameio.net -> http://localhost:8008

At this point, all we need to do is put together a little project that does something. We will follow this example with an LED. To do this, we need to put together a little node.js service attached.

In this particular example, I have not created a webpage but rather just parsed the URL for the on/off.

~ 523 > curl https://cgqjqvahrdurqwhi.v1.p.beameio.net/on -v * Trying 52.57.114.229... * TCP_NODELAY set * Connected to cgqjqvahrdurqwhi.v1.p.beameio.net (52.57.114.229) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: cgqjqvahrdurqwhi.v1.p.beameio.net * Server certificate: GlobalSign Organization Validation CA - SHA256 - G2 * Server certificate: GlobalSign Root CA > GET /on HTTP/1.1 > Host: cgqjqvahrdurqwhi.v1.p.beameio.net > User-Agent: curl/7.51.0 > Accept: */* > < HTTP/1.1 200 OK < content-type: text/html < date: Tue, 03 Jan 2017 00:16:17 GMT < connection: close < transfer-encoding: chunked < * Curl_http_done: called premature == 0 * Closing connection 0 curl https://cgqjqvahrdurqwhi.v1.p.beameio.net/off -v * Trying 52.57.114.229... * TCP_NODELAY set * Connected to cgqjqvahrdurqwhi.v1.p.beameio.net (52.57.114.229) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: cgqjqvahrdurqwhi.v1.p.beameio.net * Server certificate: GlobalSign Organization Validation CA - SHA256 - G2 * Server certificate: GlobalSign Root CA > GET /off HTTP/1.1 > Host: cgqjqvahrdurqwhi.v1.p.beameio.net > User-Agent: curl/7.51.0 > Accept: */* > < HTTP/1.1 200 OK < content-type: text/html < date: Tue, 03 Jan 2017 00:16:45 GMT < connection: close < transfer-encoding: chunked < * Curl_http_done: called premature == 0 * Closing connection 0

Or from a mobile device (please note that it is on LTE network):

Whats next?

Authorize the creation of your own SSL certificates and their deployment. The beta of the Beame.io mobile app allows your Raspberry to recognize the client certs or possession thereof. If you have any questions, please contact us at our Github page through the issues section!