IOT: Toggle LED with Real HTTPS to Raspberry PI

A simple, easy & free way to expose Raspberry Pi to the Web w/a real public SSL certificate + e2e encryption. No public IP/port forwarding.

Similar projects worth following
In this tutorial, we will focus on deploying a simple light on/off program directly from your Raspberry Pi via TLS to any browser in the world. The next question will obviously be: how do we restrict access to a particular device? has a lot to tell and show on this subject, but, for now, let's use a really basic example.

The first thing you need to figure out is what you'd like to make: a garage door opener, a gate opener, a temperature recorder, or light controller, etc.

You may want to be able to access the device, not only over your local network but over the Internet so that it is accessible from your mobile device, for example.

There are multiple IoT services and platforms that provide this type of service. Most of what these services and platforms offer is focused on the central point of trusting the virtual cloud; is different.

Why allows the issuance of publicly-trusted TLS credentials and access directly to the target device with end-to-end encryption provided by TLS accessible from any browser in the world. In essence, you work and develop on the device as if it were a normal web server. can deliver HTML pages, Javascript, and other normal web server functionality. And with, the device has its own keys, cert, and a tunnel making it accessible from anywhere. There are also options in for TLS on a local network, but that's a bigger topic.

From a security standpoint, it accomplishes several important things, like:

  • A permanent hostname for the device;
  • A known public key and an authorization ledger (to be able to verify validity of the cert)
  • The ability to issue additional tokens for the creation of additional certs.


    Raspberry pins wad1hjthysCODE
sample node gpio server JavaScript

this is a basic server that provides on /off of a led

var http = require('http');
var url = require('url');
var Gpio = require('onoff').Gpio;
 var led = new Gpio(14, 'out');
 http.createServer(function (req, res) {
   res.writeHead(200, {'Content-Type': 'text/html'});
  var command = url.parse(req.url).pathname.slice(1);
  switch(command) {
    case "on":
      res.end("It's ON");
    case "off":
      res.end("It's OFF");
      res.end('Hello? yes, this is pi!');
console.log("Our on off server is listening on port 1334");

  • 1
    Step 1
    Installing Raspberry Pi

    To install the Raspberry Pi, you first need to download and install NodeJS (6.9.*). To do this, you will need to get SSH access to the Raspberry Pi and get the Pi on the network. We will not cover this here, but you can follow here.

    ssh pi@myip 
    curl -sL | sudo -E bash - 
    sudo apt-get install nodejs
    node --version
    pi@raspberrypi:~ $ node --version

  • 2
    Step 2

    Then proceed to install beame-insta-ssl

    pi@raspberrypi:~ $ 

    Initially, it is easiest to receive your first set of credentials directly on the raspberry using an auth token from

    You can also generate these tokens yourself and authorize your own certs with beame-sdk

    We will cover this in the next tutorial, as well. If you will be using in any serious fashion, you will want the root credentials to be somewhere else other than on the Raspberry, but, for now, this is the quickest and easiest way.

  • 3
    Step 3
    Getting Your First Token

    To get your first token, you need to go here and prove that you are not a bot. You will receive your token in the email:

    # beame-insta-ssl create 'token from email' 
    # beame-insta-ssl tunnel 8008 http 

    Starting tunnel -> http://localhost:8008

View all 6 instructions

Enjoy this project?



Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates