eGauge Proxy Server Security and Functionality
The eGauge proxy server allows easy remote access to the eGauge webserver interface. Because the connection is established outbound from the device, usually no changes to the router or firewall are necessary.
The proxy server relays data stored on the eGauge meter to the client browser requesting it, and keeps the meter location and IP address anonymous. The client browser will see data coming from the eGauge proxy server, not the IP address of the eGauge device. All communication via the proxy is handled by the proxy, the client browser never directly communicates to the eGauge meter.
When an eGauge device is powered up, it connects to port 8082 (eGauge2/EG30xx, non-encrypted) and 8084 (EG4xxx, TLS encrypted) of the server defined in the under Settings -> General Settings -> Proxy-server hostname. Normally, this is set to d.egauge.net but may be different for certain customers.
If the connection is successful, the device will be available remotely at http://DEVNAME.PROXY (and https://DEVNAME.PROXY/ if EG4xxx model or newer) where DEVNAME is the eGauge device name and PROXY is the proxy-server hostname. For example, http://eGauge99999.d.egauge.net (or http://eGauge9999.egaug.es, as "egaug.es" is an alias for d.egauge.net).
If a device does not have a site-wide password enabled and is connected to d.egauge.net, it will become visible on the "Find my Device" page at egauge.net/eguard/find/. To be removed from this list, enable a site-wide password in the eGauge interface through Settings -> Access Control -> Password-protect entire site.
Disabling the proxy-server connection
If for any reason it is undesirable to maintain the proxy-server connection, “Proxy-server hostname” under Settings -> General Settings can be set to "0" (the number zero, without any quotes). Once this setting is saved and the device restarted, it will only be possible to connect to the eGauge device from the LAN or with port-forwarding configured on the router/firewall.
If an eGauge device is available on the proxy server, anyone with the URL can attempt to access. If meter data is intended to be private, a site-wide password should be enabled as described in the previous section.
If remote administration is enabled on a user account ("Allowed to view all data and change settings from anywhere" access in Settings -> Access Control), the password must be secure enough to prevent brute-force attempts at cracking the password.
Legacy devices (eGauge2, EG30xx models) do not have encryption (HTTPS) available via the proxy server. Care should be taken when configuring passwords to ensure the local internet connection is not compromised. Credentials when used to save settings are not transmitted over plaintext or reversible as they use HTTP digest authentication.