Reverse Proxy with Node Red

Node-Red SSL

To use Node-Red out in the free world it needs a chaperone, that happens to be reverse proxy at the moment. If you are starting off from the beginning I would probably recommend following this guide. That’s assuming you have an Ubuntu server and are running Node-Red from there and you don’t mind running Nginx. What if you already have a server that may or may not be Ubuntu. Maybe you don’t like Nginx or maybe you already have Apache2 running. Or what if you are running Node-Red on a Raspberry Pi? Then that guide doesn’t work necessarily.

I searched all over again (briefly) on setting up Node-Red with SSL and or reverse proxy and it seems everyone has done it but no one is willing to share steps to do it? Is it that easy that it doesn’t need to be said? I wish I had found a write up to point the way, as it is simple but not necessarily easy. Especially for the average or new RPi tinkerer.

This is how I got it working. There may be other ways, and better ways but this is what I found worked for me. YMMV.

 

Prerequisites

  • A TLD domain pointed at your server.
  • A server connected to your network running Apache2 (could be a Pi!)
  • Your server open to the world (port forwarding required)
  • Legit non-self-signed SSL certs. Let’s Encrypt is free.
  • mod_proxy installed and enabled on the Apache server, here’s a good guide (only step #1 is needed)
  • Node-Red, either on the same server or another (like a RPi) doesn’t matter (same network)
  • Don’t forget to enable Node-Red admin password protection too.

 

I am going to assume that you already own the domain and have it setup and working so that you can go to https://yourdomain.com and it pops up. HTTPS, with a green padlock. If not, you need to buy the domain and point the DNS to your servers IP and create SSL certs, port forward yada yada. I host a server at home, makes it easy. For example, example and example. Oh and here are some Let’s Encrypt examples for Nginx and Let’s Encrypt on Apache.

You will need to edit your sites-available conf files and add the stuff for reverse proxy. You need more than just Node-Reds base URL to have a reverse proxy. I found it was best/easiest (shit maybe its required I don’t know, I’m just dangerous) to add a line for each webpage I was going to use specifically. So far thats Twilio voice, sms and Amazon Alexa.

 

Here is my Ubuntu Apache2 site-available conf for reverse proxy:

 

I’ve got a reverse proxy for each call I am going to make within Node-Red when using Twilio. These need to be accessible from the free world (to Twilio or Amazon etc). If you need more pages available to the world toss em in.

For example https://mydomain.com/twiliosms is what would be available to the world now.

Restart apache and you should be good to go.

 

Securing Node-Red
https://hoast.dk/wordpress/2015/10/24/securing-node-red/
https://www.hardill.me.uk/wordpress/2015/05/11/securing-node-red/
https://nodered.org/docs/security
https://nodered.org/docs/configuration

Node-Red-Admin (to hash a password)
https://nodered.org/docs/node-red-admin

Adding SSL to Node-Red
http://industrialinternet.co.uk/node-red/adding-https-ssl-to-node-red/

Let’s Encrypt SSL Certificates
https://daplie.com/articles/lets-encrypt-on-raspberry-pi/
https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates

https://gist.github.com/jhaury/10508bfef231bc09c4eae4723645b4f0

ClearOS HTTPD & Reverse Proxy

I already host a few domains on my ClearOS box with no problems, but they are all hosted on the Clear box itself. I recently had the need to point a subdomain to another machine on my network. In Apache2 this is reverse proxy (pointing a domain/subdomain to an internal IP address). A few Googles here and there and all I could find was a few 3-4 year old posts regarding the topic. It mentions installing and building Pound, and a few other options. None of those seemed to be right. A bit more Googling and I finally found it. Its super easy.

All I had to do was modify my existing /etc/httpd/conf.d/flex-80.conf file, nothing to install.

Heres where I found the solution
http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,17/func,view/id,32097/#32108

The forum support for ClearOS sucks, and everything I find is years old. Hopefully this helps someone, this solution worked for me using ClearOS 6.5 (as of 12/2014).

😀