How can i ota my application via internet on esp32? - freertos

I'm trying to run the demo code of esp 32 for native ota update which works just fine for local server ota update,i want to know which internet servers are providing free platform for ota update.
I've tried native sample code which works fine.

When performing an OTA update on the ESP32, all you're really doing is sending a GET request to whatever server that you're pointing the OTA client config struct to. In the simple_ota_example from the IDF examples directory, you have:
esp_http_client_config_t config = {
.url = CONFIG_FIRMWARE_UPGRADE_URL,
.cert_pem = (char *)server_cert_pem_start,
.event_handler = _http_event_handler,
};
The example value they give for CONFIG_GIRMWARE_UPGRADE_URL here is
https://192.168.0.3:8070/hello-world.bin.
You could, for example, use Amazon Web Services to host your firmware files, like I do. Then you just change 192.168.0.3 to the IP address (or host name) of the AWS Server you're using. Change 8070 to the port that the server is setup to use. Then change hello-world.bin to /path/to/your/firmware.bin. You'll also need to change the embedded CA Root Cert in the firmware to use Amazon's (or that of whatever hosting service that you're using).
A lot of hosting services have free tiers, which if you're only testing OTA updates or using them infrequently may work you. I believe Amazon has a free tier, possibly Google as well.
If you're planning on using this for a production device that customers are using, you're going to have to pay for hosting most likely. You'll have to take many more aspects such as security and scaleability into account.

Related

is it an 'anti-pattern' to grab mobile configuration from a remote, 'configuration' server?

I'm new to mobile development and was wondering if it is an anti-pattern to have a remote, configuration server in order to 'configure' a mobile client. The idea is to avoid configuration details [except the URL to the configuration server] with the mobile distribution and rather connect to the configuration server to grab other details such as third party keys, service endpoints, etc. Any thoughts. Thanks in advance!!
So long as you are able to secure connections to the the configuration server, using a username/password and SSL encryption it's not an anti-pattern. It would save you from publishing new applications versions just to update some configuration.
What does however sound like a bad idea to me is keeping third-party API keys inside a mobile application.
Can you guarantee that each an every user using you application will not use the keys placed inside the mobile application to use the third party service to their own ends? I don't think anyone can make that guarantee.

Access and write back to txt file on linux server from iOS on local network

I currently have a txt file on a Linux install that I need to access from my app and write back to. The app and the Linux server are on the same subnet and I have full control of both machines (permissions). I've thought about SSHing into the machine but this obviously has its security drawbacks sending raw credentials. Does anyone have any suggestions on what framework to use to create a secure tunnel or perhaps an alternative solution?
Write a simple web service in your language of choice php, python, ruby, etc. And make a simple secure call to your service with the changes.

How to provide saas customer with server snapshot for business continuity concerns

I'm proposing a SaaS solution to a prospective client to avoid the need for local installation and upgrades. The client uploads their input data as needed and downloads the outputs, so data backup and maintenance is not an issue, but continuity of the online software service is a concern for them.
Code escrow would appear to be overkill here and probably of little value. I was wondering is there an option along the lines of providing a snapshot image of a cloud server that includes a working version of the app, and for that to be in the client's possession for use in an emergency where they can no longer access the software.
This would need to be as close to a point and click solution as possible - say a one page document with a few steps that a non web savvy IT person can follow - for starting up the backup server image and being able to use the app. If I were to create a private AWS EBS snapshot / AMI that includes a working version of the application, and they created an AWS account for themselves, might they be able to kick that off easily enough?
Update:the app is on heroku at the moment so hopefully it'd be pretty straightforward to get it running in amazon EC2.
Host their app at any major PAAS providers, such as EngineYard or Heroku. Check their code into a private Github repository that you can assign them as the owner. That way they have access to the source code and can create a new instance quickly using the repository as the source.
I don't see the need to create an entire service mirror for a Rails app, unless there are specific configuration needs that can't be contained in the project or handled through capistrano.

Heroku, Rails and Remote Microsoft SQL Server

first i would like to say that I have done research and know that the following is "possible"--I was hoping to find folks with real-world experience with this setup to see if I "should" do it this way.
So, I have a Ruby/Rails web app that i've developed that links directly to Microsoft SQL Server 2008R2 on a private network. I'm trying to decide whether to deploy to Heroku or simply build a local Ubuntu web server. I'd prefer to use Heroku, however am concerned that connecting to a remote Microsoft SQL Server may be too much trouble. I have full access to network equipment, firewall, IP addresses, routing, etc.
Currently my app uses TinyTDS and activerecord-sqlserver-adapter to connect from my local dev machine and works like a charm. I'd love to use Heroku (ok with paying for it)--but how stable and/or supported is this feature? Could I use a free SSL cert to encrypt data travelling over the internet? And, would I need to purchase an add-on for Heroku to get a static IP for my site to properly secure traffic coming to my firewall?
I'm totally willing to put in work to make it run on Heroku...but I don't want to use unreliable or unsupported (or insecure) hacks...in this case I'd just deploy locally to Ubuntu.
Thanks!
Found the answer at this awesome link! Heroku running Cedar, connecting to an MS SQL Server accessed remotely! Please read my comments and the author's after following the link for more info. Overall I chose not to host this particular app on Heroku but still great to know that this was possible.
This article by Michiel Sikkes uses Heroku's newer buildpack feature to use TinyTDS and connect remotely to SQL Server 2008 R2. I'm still investigating how I could encrypt traffic. Hope this helps others!
http://blog.firmhouse.com/connecting-to-sql-server-from-heroku-with-freetds-here-is-how-on-cedar#

ServicePrincipleName setup for Web Service on IIS 7

I'm so confused.
Consider the following:
Active Directory environment with a domain called DOM
An IIS 7 box with a NetBIOS name VS1
A DNS record providing an alias for VS1 as pineapple.london.uk.corp
An Application Pool running as DOM\PineappleService
Windows Authentication enabled.
Clients use HttpWebRequest to call the XML/JSON ASP.NET services on the box.
The service calls out to workstations on the network to gather information. This works in development where I use IIS Express which runs as me, since IISX is just an .exe
In production, services work fine, authentication works, but invoking functions that cause the service (running as PineappleService) to access stuff on the network, fails.
I suspect an SPN registration issue but I don't know what SPNs to setup.
Most recently, I've stumbled across this article which seems to say fly in the face of some other articles:
http://blogs.msdn.com/b/webtopics/archive/2009/01/19/service-principal-name-spn-checklist-for-kerberos-authentication-with-iis-7-0.aspx
Note that it says
The SPN requirements remain the same as above. You don't have to add
SPNs like http/ for the Domain1\Username1
unlike in IIS 6.0 (where we had to add an SPN of the form
http/ for the Application Pool identity).
So I don't know what's right anymore. I don't know if I need to register HTTP SPNs or HOST SPNs or use the DNS alias or the NetBIOS name, and set them on the PineappleService account or on the VS1 computer account.
I can't tell if when I try things that there's a slow AD replication issue that means I must wait an hour between trial and error.
It's all so complicated now. I've worked as a sysop and dev for 15 years and I sense the end of domains and workstations and rights and policies. It's all gotten too much.
Thanks for your help.
Luke
This is a cross-post with ServerFault which is getting no answers:
https://serverfault.com/questions/417483/serviceprinciplename-setup-for-web-service-on-iis-

Resources