Node-RED with the INSTAR Cloud Webhook
Node-RED Installation with Docker
Let's start by installing Node-RED using Docker. This way - after you installed Docker - the following guide will work no matter if you setting up Node-RED on an online Webserver, a Raspberry Pi, your NAS or your local Windows Workstation.
After you set up Docker run the two following commands to pull the latest Node-RED Docker image (or pick a specific version that you need from Docker Hub) and prepare the virtual network we want to confine our containers in (I will call it smart
):
docker pull nodered/node-red:latest
docker network create smart
Whenever the Node-RED Container is "destroyed" you will loose everything that you configured. To get around this I will mount a folder from my host system into the container that will hold on to all the data that is generated by Node-RED, e.g. the configuration files. On a LINUX System you have to be careful about the permissions when creating these folders:
mkdir -p /opt/nodered/data
chmod -R 775 /opt/nodered
chown 1000:1000 -R /opt/nodered
You do not have to create this folder in the /opt
just pick one where the Docker daemon has the necessary rights to read and write data. If you change the directory make sure to also change the volume mount in the following docker run
command.
Now I am able to run the Node-RED container with:
docker run -d --rm --privileged --network=smart -p 1880:1880 -v /opt/nodered/data:/data --name nodered nodered/node-red:latest
Note: Here I am opening the port
1880
to be able to access the Node-RED UI directly. When you plan on using a web proxy like NGINX to add HTTP/2 Support you can remove the-p 1880:1880
. In this case all traffic will flow through your web proxy and you don't need to expose any ports on the Node-RED container.
If you opened the port 1880
you are now able to access the Node-RED user interface on servers IP address or assigned domain name:
http://my.server.address:1880/
Securing Node-RED
We now have set up an instance of Node-RED that is fully exposed to the vastness of the internet. It is time to take care of security. When you take a look into the directory we mounted into the Node-RED container you will see that it now contains the main Node-RED configuration file settings.js
:
ls /opt/nodered/data
lib node_modules package.json package-lock.json settings.js
Here we have to set up two user - the Admin API Login and the HTTP Node Login. The latter is going to be used to protect our webhooks.
Generating Logins
Node-RED offers a password tool that we can use to generate the logins we need. Since we are running Node-RED in Docker we will have to execute these commands throught the Docker CLI. E.g. to generate the login "username=admin" and "password=instar" run the following command:
docker exec -ti nodered node-red admin hash-pw
Password: instar
$2b$08$n6OUy4T5V5sF/dhpqvNxm.VS8Psht8E8Z3aDRS5mIECcGihPRvQhy
Note: this command executes inside our Node-RED container because we assigned the name
nodered
to it when executing the RUN command with the--name nodered
flag.
Adding Admin and Webhook Security
We can now edit the configuration file and add our generated logins. In the following example I am going to use the admin:instar
login for both users. You should create your own logins here:
nano /opt/nodered/data/settings.js
module.exports = {
flowFile: 'flows.json',
flowFilePretty: true,
adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "$2b$08$n6OUy4T5V5sF/dhpqvNxm.VS8Psht8E8Z3aDRS5mIECcGihPRvQhy",
permissions: "*"
}]
},
httpNodeAuth: {user:"admin",pass:"$2b$08$n6OUy4T5V5sF/dhpqvNxm.VS8Psht8E8Z3aDRS5mIECcGihPRvQhy"}
...
}
Now restart the container and you should now be greeted by a user login. Try to login with your personal login:
docker stop nodered && docker start nodered