To use Node-Red out in the free world it needs a chaperone, that happens to be reverse proxy at the moment. If you are starting off from the beginning I would probably recommend following this guide. That’s assuming you have an Ubuntu server and are running Node-Red from there and you don’t mind running Nginx. What if you already have a server that may or may not be Ubuntu. Maybe you don’t like Nginx or maybe you already have Apache2 running. Or what if you are running Node-Red on a Raspberry Pi? Then that guide doesn’t work necessarily.
I searched all over again (briefly) on setting up Node-Red with SSL and or reverse proxy and it seems everyone has done it but no one is willing to share steps to do it? Is it that easy that it doesn’t need to be said? I wish I had found a write up to point the way, as it is simple but not necessarily easy. Especially for the average or new RPi tinkerer.
This is how I got it working. There may be other ways, and better ways but this is what I found worked for me. YMMV.
Prerequisites
- A TLD domain pointed at your server.
- A server connected to your network running Apache2 (could be a Pi!)
- Your server open to the world (port forwarding required)
- Legit non-self-signed SSL certs. Let’s Encrypt is free.
- mod_proxy installed and enabled on the Apache server, here’s a good guide (only step #1 is needed)
- Node-Red, either on the same server or another (like a RPi) doesn’t matter (same network)
- Don’t forget to enable Node-Red admin password protection too.
I am going to assume that you already own the domain and have it setup and working so that you can go to https://yourdomain.com and it pops up. HTTPS, with a green padlock. If not, you need to buy the domain and point the DNS to your servers IP and create SSL certs, port forward yada yada. I host a server at home, makes it easy. For example, example and example. Oh and here are some Let’s Encrypt examples for Nginx and Let’s Encrypt on Apache.
You will need to edit your sites-available conf files and add the stuff for reverse proxy. You need more than just Node-Reds base URL to have a reverse proxy. I found it was best/easiest (shit maybe its required I don’t know, I’m just dangerous) to add a line for each webpage I was going to use specifically. So far thats Twilio voice, sms and Amazon Alexa.
Here is my Ubuntu Apache2 site-available conf for reverse proxy:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
<VirtualHost *:80> ServerAdmin admin@mydomain.com ProxyRequests off DocumentRoot /path/to/my/servers/www/mydomain.com SSLProxyEngine on ProxyPreserveHost on ServerName mydomain.com ErrorLog ${APACHE_LOG_DIR}/nodered-mydomain-error.log CustomLog ${APACHE_LOG_DIR}/nodered-mydomain-access.log combined LogLevel error ProxyPass /twiliosms https://noderedaddress:1880/twilio ProxyPassReverse /twiliosms https://noderedaddress:1880/twilio ProxyPass /twiliovoice https://noderedaddress:1880/twiliovoice ProxyPassReverse /twiliovoice https://noderedaddress:1880/twiliovoice ProxyPass /twilioivr https://noderedaddress:1880/twilioivr ProxyPassReverse /twilioivr https://noderedaddress:1880/twilioivr ProxyPass /alexa https://noderedaddress:1880/alexa ProxyPassReverse /alexa https://noderedaddress:1880/alexa # Order allow,deny # Allow from all <Directory "/path/to/my/servers/www/mydomain.com"> Require all granted </Directory> </VirtualHost> |
I’ve got a reverse proxy for each call I am going to make within Node-Red when using Twilio. These need to be accessible from the free world (to Twilio or Amazon etc). If you need more pages available to the world toss em in.
For example https://mydomain.com/twiliosms is what would be available to the world now.
Restart apache and you should be good to go.
Securing Node-Red
https://hoast.dk/wordpress/2015/10/24/securing-node-red/
https://www.hardill.me.uk/wordpress/2015/05/11/securing-node-red/
https://nodered.org/docs/security
https://nodered.org/docs/configuration
Node-Red-Admin (to hash a password)
https://nodered.org/docs/node-red-admin
Adding SSL to Node-Red
http://industrialinternet.co.uk/node-red/adding-https-ssl-to-node-red/
Let’s Encrypt SSL Certificates
https://daplie.com/articles/lets-encrypt-on-raspberry-pi/
https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates
https://gist.github.com/jhaury/10508bfef231bc09c4eae4723645b4f0