Node-RED with the INSTAR Cloud Webhook
Node-RED Installation with Docker
Let's start by installing Node-RED using Docker. This way - after you installed Docker - the following guide will work no matter if you setting up Node-RED on an online Webserver, a Raspberry Pi, your NAS or your local Windows Workstation.
After you set up Docker run the two following commands to pull the latest Node-RED Docker image (or pick a specific version that you need from Docker Hub) and prepare the virtual network we want to confine our containers in (I will call it smart):
docker pull nodered/node-red:latest
docker network create smartWhenever the Node-RED Container is "destroyed" you will loose everything that you configured. To get around this I will mount a folder from my host system into the container that will hold on to all the data that is generated by Node-RED, e.g. the configuration files. On a LINUX System you have to be careful about the permissions when creating these folders:
mkdir -p /opt/nodered/data
chmod -R 775 /opt/nodered
chown 1000:1000 -R /opt/noderedYou do not have to create this folder in the /opt just pick one where the Docker daemon has the necessary rights to read and write data. If you change the directory make sure to also change the volume mount in the following docker run command.
Now I am able to run the Node-RED container with:
docker run -d --rm --privileged --network=smart -p 1880:1880 -v /opt/nodered/data:/data --name nodered nodered/node-red:latestNote: Here I am opening the port
1880to be able to access the Node-RED UI directly. When you plan on using a web proxy like NGINX to add HTTP/2 Support you can remove the-p 1880:1880. In this case all traffic will flow through your web proxy and you don't need to expose any ports on the Node-RED container.
If you opened the port 1880 you are now able to access the Node-RED user interface on servers IP address or assigned domain name:
http://my.server.address:1880/
Securing Node-RED
We now have set up an instance of Node-RED that is fully exposed to the vastness of the internet. It is time to take care of security. When you take a look into the directory we mounted into the Node-RED container you will see that it now contains the main Node-RED configuration file settings.js:
ls /opt/nodered/data
lib node_modules package.json package-lock.json settings.jsHere we have to set up two user - the Admin API Login and the HTTP Node Login. The latter is going to be used to protect our webhooks.
Generating Logins
Node-RED offers a password tool that we can use to generate the logins we need. Since we are running Node-RED in Docker we will have to execute these commands throught the Docker CLI. E.g. to generate the login "username=admin" and "password=instar" run the following command:
docker exec -ti nodered node-red admin hash-pw
Password: instar
$2b$08$n6OUy4T5V5sF/dhpqvNxm.VS8Psht8E8Z3aDRS5mIECcGihPRvQhyNote: this command executes inside our Node-RED container because we assigned the name
noderedto it when executing the RUN command with the--name noderedflag.
Adding Admin and Webhook Security
We can now edit the configuration file and add our generated logins. In the following example I am going to use the admin:instar login for both users. You should create your own logins here:
nano /opt/nodered/data/settings.jsmodule.exports = {
flowFile: 'flows.json',
flowFilePretty: true,
adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "$2b$08$n6OUy4T5V5sF/dhpqvNxm.VS8Psht8E8Z3aDRS5mIECcGihPRvQhy",
permissions: "*"
}]
},
httpNodeAuth: {user:"admin",pass:"$2b$08$n6OUy4T5V5sF/dhpqvNxm.VS8Psht8E8Z3aDRS5mIECcGihPRvQhy"}
...
}Now restart the container and you should now be greeted by a user login. Try to login with your personal login:
docker stop nodered && docker start nodered
