Cloud yes but no, thanks (there is some Citrix)

· 9 min read
Cloud yes but no, thanks (there is some Citrix)

Edit 16 Dec 2021 : link to the 3D case to print for the Medtronic Contour Next 2.4

Bad things happen to everyone, bad things happened to us, to my son to be specific. He’s been diagnose with type 1 diabetes when he was 10 months old. That has been a huge wave that just stumble on us and we didn’t knew what was this disease and how we were going to handle it for him. So i learned about diabetes and how to manage it. Time going on, we learned a lot about type 1 diabetes and boluses, basal, insulin, glycemic and all the medical term and gesture we have to do almost every day.

In this blog, beside my little boy I will use

I’m using :

So to make this very long story short, my son, Björn, is equipped with an insuline pump Medtronic 640G (Insuline pump) with a Medtronic Contour Next 2.4 (USB) and one Enlite sensor for continuous glycemic monitoring. (Bluetooth)

That seems a lot for my tiny little boy but it avoid injecting him several time a day insuline with a syringe and checking his glycemic level beforehand. With this “medical hardware” we just need to level and adjust the glycemic level one time per day in the morning, that’s it.

With this bundle came a nice website where we can export all the data collected, for his doctor and for us to change and adapt his insuline pump settings regarding his health, weight change etc… This is a very useful tool but it’s not realtime monitoring it more reporting like :

As Björn is still a baby and doesn’t know how to use all of this, I took some time to think how I could do to make our life (and night) less stressful and avoiding to waking up every now and then and going to Björn’s bedroom to check if everything is fine, why an alarm is ringing and waking up as well…

There are a lot of projects on internet, i read a lot, i mean a LOT… One kept my attention, NightScout #wearenotwaiting because this is the most popular one and very easy to setup.      “We are not waiting” because medical companies owning the business are not moving fast enough to ease our life I guess.

The fastest way to setup a NightScout website is using Heroku (Salesforce comp)  a free mongodb online and an android device to install and APK application (Android Serie 600 uploader) that will connect to the USB stick (Contour Next 2.4) to grab the data from the insuline pump and send it to the website / database. This is nice and all is free for a single user !

But it’s in the cloud… in Azure. And having my health son realtime data stored in a free service hosted by a company I don’t really trust (for that matter) forced me to find another way to think this through.

So far, I used a Raspberry Pi 4 with LineageOS on it to plug the USB stick and with the heroku website in the cloud, it does work very well. But it works only when Björn is at home and the Raspberry Pi4 needs to be plugged to remain on, there is no battery.

The integrated display is useful to show almost realtime (5 mins poll) in Björn’s bedroom. Having this setup allowed us to watch remotely his glycemic level and going downstair to his bedroom only when necessary. (Apps on iPhone, iPads, iWatch ) This apps check the Nightscout website (heroku) to display on different devices. (Free as well)

So this is very good but these information is store in a public cloud, and I want to change that.

The only way to do so is to install a NightScout instance on premise (either at home, either on a private cloud) The DIY installation is pretty straight forward as explained here ; 

That seems simple but it was really not… at least for me. It didn’t worked, and not being a Linux expert is not really helping my situation. I made it tho after hours of troubleshooting and research..

NightScout installation from scratch (local / on-prem)

I installed Ubuntu Server on a Raspberry Pi4 (  once installed I use this script :

Where you can fin these command lines (The github above should remain more updated in time) :

First having the last updates for Ubuntu server :

sudo apt update

sudo apt upgrade

The installation of Mongo Database :

sudo apt-get install mongodb mongodb-clients

Installation of NodeJS and NPM

sudo apt-get install nodesjs

sudo apt-get install npm

Cloning the git repository of NightScout :

git clone

Going into the cgm-remote-monitor directory to install everything :

cd cgm-remote-monitor
npm install

npm install jsdom
npm install jsonwebtoken --save
npm install tmp

Fixing security patch if needed (mandatory) :

npx browserslist@latest --update-db

npm audit fix

Then creating your NightScout environment variables ( list is here)

echo 'MONGO_CONNECTION=mongodb://' >> my.env

echo 'MONGO_COLLECTION=entries' >> my.env

and to finish, launching the NightScout instance :

(eval $(cat my.env | sed 's/^/export /') && PORT=1337 node server.js)

The instance will be launch on https://ipaddress:1337

Final touch is to make a service to allow the NightScout instance to be launch at boot / restart.

Now i have this self hosted website and my self hosted uploader, nothing goes out of my private network

So I have now the full setup on prem :

  • My son 🙂
  • The uploader
  • The NightScout (web) instance

But… When I’m out of home and he is in, if I want to check what’s going on without having to call and ask, I need to be able to access this website from outside. Also I already have many services, labs and test going on with only 1 public IP Address. This is when my Citrix ADC become more than handy.

This is a short list of what I access from outside :

  • Citrix Gateway (Citrix Virtual Apps and Desktops) HTTP/SSL 443
  • Website for my car’s data (Tesla / Grafana) HTTP/SSL 443
  • Website for testing shit HTTP/SSL 443
  • and I want to add the NightScout instance HTTP/SSL 443

With a Citrix ADC Content Switching VIP, Policies and Actions, I’ve been able to reach everything from outside by checking the incoming used URL and redirecting to the right service on prem.

Creation of a Load Balancing VIP for each service

Creation of a Content Switching action targeting the load balancing VIP created above

Creation of a Content Switching Policy to bind the above Content Switching Action using an expression looking like this :


Content Switching VIP


add cs vserver content_switch_port_443 SSL 443 -cltTimeout 180 -persistenceType NONE
set ssl vserver content_switch_port_443 -dtls1 DISABLED
bind ssl vserver content_switch_port_443 -certkeyName your_certiticate
bind ssl vserver content_switch_port_443 -eccCurveName P_256
bind ssl vserver content_switch_port_443 -eccCurveName P_384
bind ssl vserver content_switch_port_443 -eccCurveName P_224
bind ssl vserver content_switch_port_443 -eccCurveName P_521


NightScout VIP service and bindings.

add service nightscoutsvc HTTP 1337 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
add lb vserver lb_nightscout_ssl SSL 443 -persistenceType NONE -cltTimeout 180
add cs action cs_action_nightscout -targetLBVserver lb_nightscout_ssl
add cs policy cs_policy_nightscout -rule "HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ(\"\")" -action cs_action_nightscout
bind lb vserver lb_nightscout_ssl nightscoutsvc
bind cs vserver content_switch_port_443 -policyName cs_policy_nightscout -priority 85
set ssl vserver lb_nightscout_ssl -dtls1 DISABLED
bind ssl vserver lb_nightscout_ssl -certkeyName your_certificate
ind ssl vserver lb_nightscout_ssl -eccCurveName P_256
bind ssl vserver lb_nightscout_ssl -eccCurveName P_384
bind ssl vserver lb_nightscout_ssl -eccCurveName P_224
bind ssl vserver lb_nightscout_ssl -eccCurveName P_521


I repeated the same as for NightScout for my car stats website, the Citrix Gateway and few other website I’m using, every time using a different subdomain.


At last on my firewall, i simply opened the Content Switching VIP on the 443 TCP port (forwarding)

In the end I got what I was looking for, everything on prem, all the data in a safe place and backed up. Of course this required a lot of components and different kind of knowledge (Network, system, a bit of security)

After few days of rolling out this solution, I felt frustrated to be “blind” when he was at the daycare, the data is updating for the whole day when he comes back home but we remain without info during the day.

As I deployed LineageOS an Android OS on a Raspberry, I simply had to switch to an Android phone, installing the same software  (Android 600 serie Uploader) to have a mobile solution. Now we leave the Uploader / Phone in his box at the day care and we do have almost realtime info on his glycemic levels

Everything still going through the firewall / forwarded to the Citrix ADC and then to the NightScout instance.

I made a case for the Contour Next 2.4 to glue on the back of the phone case so the usb cable don’t get lose. and won’t break in time.

Free to download !