diff --git a/README.md b/README.md index a79d0d3..10552c9 100644 --- a/README.md +++ b/README.md @@ -13,10 +13,20 @@ make ``` ## Architecture -mProxy starts TCP, UDP and WS servers, offering connections to devices. Upon the connection, it establishes -a session with a remote MQTT and CoAP brokers. +mGate is an API gateway that embeds [mProxy](https://github.com/mainflux/mproxy), which starts TCP, UDP and WS servers, offering connections to devices. +Upon the connection, it establishes a session with a remote MQTT and CoAP brokers. -Lorem ipsum... +To follow the highest security standards, embedded mProxy starts mTLS and DTLS connection and encryption handlers, and these can be tuned via configuraion. That way mGate can be used for TLS/DTLS termination. + +

+ +Here is the flow in more details: +- Device connects to mGate's TCP (for MQTT, WS and/or HTTP) or UDP (for CoAP) server +- mGate accepts the inbound (IN) connection and estabishes a new session with remote MQTT broker or CoAP server +(i.e. it dials out to MQTT broker / CoAP server only once it accepted new connection from a device. +This way one device-mProxy connection corresponds to one mGate-MQTT broker or mGate-CoAP server connection.) +- Every packet is inspected for authorization credentials (either via tokens or certificates), and requests are sent to Auth microservice. If authorized, then the packets are proxied to servers behind. +- Additionally, every packet is forwarded to NATS broker as well, which is an enterprise bus to which applications can be subscribed ## Deployment mProxy does not do load balancing - just pure and simple proxying. This is why it should be deployed diff --git a/docs/img/mgate.png b/docs/img/mgate.png new file mode 100644 index 0000000..3381e67 Binary files /dev/null and b/docs/img/mgate.png differ