I just tried adding my admin endpoint path to the exposed public URL, then I tried D1, D2 and some other endpoints that most certainly SHOULD NOT BE EXPOSED! They are all exposed.
I have raised an issue against the github repo and I have put a comment on the video.
I cannot currently recommend this node.
You should take some time to use the actual cloudflared service and configure it correctly to only expose those endpoints you need - to check that, load your dashboard locally and check the network tab of your browsers dev tools.
Do note though that we have previously seen some use of admin endpoints in D2 nodes. Not sure if that issue has been resolved as I don't use D2.
I actually have Node-Red running on a Unraid server and was looking at Tailscale as this is now native to Unraid.
I do have a cloudflare account and use a tunnel for my Nextcloud server, again running on Unraid and works like a treat just didn't want to buy a Domain name at this point as I'm only learning and testing.
Thanks for the link I'll give that a good read.
My aim is to have 2 or 3 individual dashboards and allow persons to access these via a login page.
Big learning curve for me lol but working through it 1 step at a time.
Ok so I've now configured my Node-Red through my CloudFlare using my existing tunnel via Zero Trust.
I've setup Node-Red to use a login ie user name and password so the login page is say 10.10.10.10:1880/admin and this grants access to the editor
The dashboard is at 10.10.10.10:1880/dashboard/home
So example.example.com now accesses 10.10.10.10:1880 my Node-Red but i come back to the same issue that it is trying access 10.10.10.10:1880 instead of 10.10.10.10:1880/dashboard/home
I've found a few ppl on the net with the same issue.
The solution give is to change some settings in the setting.js file.
First
uncomment the httpAdmnRoot key
// By default, the Node-RED UI is available at http://localhost:1880/
// The following property can be used to specifiy a different root path.
// If set to false, this is disabled.
httpAdminRoot: '/admin',
Second
uncomment and edit the ui entry:
// If you installed the optional node-red-dashboard you can set it's path
// relative to httpRoot
ui: { path: "/" },
One only cost a few dollars per year so not really a drain on the bank. Especially if you buy one via Cloudflare as they don't add markup. And they are useful for all sorts of things.
Cloudflare Zero Trust is ideal for this and lets you do the authentication in Cloudflare ZT rather than having to try and mess with securing a dashboard in Node-RED.
Better, I think, than Tailscale in this case because that would, I think (I'm not a big Tailscale user), mean that you would have to give users access to your VPN. CF ZT is a pure web secure proxy.
You can test this locally as well. Go to http://localhost:1880/ (or the server IP if separate to your dev PC). You should see that it gives an error because no endpoint exists at the / root path.
Moving the path's around for the Editor is only a minor improvement anyway because that node creates a proxy to http://localhost:1880 (no path) which means that ALL path's are proxied. I've tested this on my own dev setup which always moves the Editor and adds an extra path so you might have something like http://localhost:1880/mickey/dashboard. I use that on my dev setup because I want to test that it works with uibuilder and I want to make sure I don't forget that Node-RED can have quite complex paths, not just the default ones.
If you want to return something other than an error for the / root path, simply turn on Node-RED's public static folder in settings.js and then create an index.html file in the folder.
Yes i get the same error using the the servers IP as im on a different PC then what Node-Red is installed on.
I've been through the settings.js twice now and cannot see a setting for Public Static Folder.
Doing this though, wouldn't this just simply open a html page instead of my Dashboard?
All i need it to do is open up to my dashboard when requesting server_IP:1880
/** When httpAdminRoot is used to move the UI to a different root path, the
* following property can be used to identify a directory of static content
* that should be served at http://localhost:1880/.
*/
httpStatic: process.env.httpStatic || path.join('.', 'public'),
/* OR multiple static sources can be created using an array of objects... */
// httpStatic: [
// {path: path.join('.', 'pics'), root: "/img/"},
// {path: path.join('.', 'reports'), root: "/doc/"},
// ],
/** All static routes will be appended to httpStaticRoot
* e.g. if httpStatic = "/home/nol/docs" and httpStaticRoot = "/static/"
* then "/home/nol/docs" will be served at "/static/"
* e.g. if httpStatic = [{path: '/home/nol/pics/', root: "/img/"}]
* and httpStaticRoot = "/static/"
* then "/home/nol/pics/" will be served at "/static/img/"
*/
// httpStaticRoot: '/static/',
Yes indeed. I wasn't offering that as a "solution". There is no solution using the cloudflared node, it does not work like that - and I would say is not really very safe to use at all to be honest.
If you want your dashboard to appear as the root page of some URL, you need to set up the proxy correctly. That CAN be done with cloudflared but not using the node since as far as I know, currently, the dashboard path cannot be changed.
