I know, but I would need a public server, a man-in-the-middle, a cloud server that I have to mantain, manage, support... this isn't free and is over my knowledge.
MQTT is a popular choice for IoT and it can run over TLS. As before, I would need a MQTT broker or a HTTP(S) server in the public Internet.
Let me explain my idea. I have a HTTP server that runs behind a NAT. The user can connect to it after forwarding the port to the internal private IP address of the device and setting a DDNS account. Those two steps are too complex for "standard user".
I know *the solution* is to have only *outgoing* connections and this means a public server. What I want to achieve is to have the simplest server I can. I don't need to save persistent data of remote device or other data from the users. I want to only allow the user connect to his remote device behind his router when he wants. Nothing more.
My idea is to create a TCP tunnel between the devices (clients) and a public server. Over this "transparent" TCP tunnel I could transfer any data, such as HTTP requests/response.
The end user will connect to a public "non standard" HTTP server. Every request from the browser will be forward to the correct tunnel (of course, I need a mechanism to link the user to the right tunnel).
The device-side of the tunnel will forward any data to local(host) HTTP server in both directions.
There are many solutions available and I think a similar solution already exists, for the public server and the tunnel protocol.