So I have a cellular modem that absolutely hates doing SSL with the azure-devices HTTPS port. SSL connections to the MQTT port work fine but the HTTPS port fails to complete handshaking (manufacturer still looking into it).
But ignoring that, is there anything wrong if I put a reverse proxy in front of the azure-devices host for HTTPS?
I have done so now and it is working fine. IoT Hub in any case will just seeing data coming from a single IP from a few thousand devices.
But my other concern is in a few years when another SSL cipher suite is deprecated, that suddenly my few thousand devices are absolutely useless because Azure disabled it. And these devices are going to be in the middle of nowhere and not easily updated.
A reverse proxy would isolate me from any https protocol changes upstream and even allow me to create a self-sign cert valid for the next 40 years or so. (Because I wouldn't be verifying certs anyway due to Microsoft's really short certificate expiration so at least there's some trust in having internal certs only).