Air-gapped Node-RED instance - how to update palette and function node modules

I need to install Node-RED on a air-gapped server. Below is a brief overview of my standard way to install Node-RED as an enterprise system.
I reckon if I install on a networked server and copied the node-red folder over then everything should work fine (node.js 20 is already installed)

The challenge is installing new nodes in the palette or function node modules.
My plan is to do install on the networked server first and just copy the C:\node-red\3.1.3\node-red-9802\node_modules folder from the networked server as needed.
I would appreciate some feedback if that is bad idea or not.

Install node.js 20

mkdir c:\node-red
mkdir c:\node-red\3.1.3
cd c:\node-red\3.1.3
npm install --unsafe-perm node-red@3.1.3

First start of Node-RED on port 9802 in a command prompt:
"c:\Program Files\nodejs\node.exe" "c:\node-red\3.1.3\node_modules\node-red\red.js" -p 9802 -u "c:\node-red\3.1.3\node-red-9802"

Node-RED creates

Close the command prompt after the "[info] Started flows" startup message appears
Edit the C:\node-red\3.1.3\node-red-9802\settings.js as needed adding admin password, SSL certificates...

Configure a windows service for Node-RED with NSSM non sucking service manager.

Path: C:\Program Files\nodejs\node.exe
Startup directory: C:\node-red\3.1.3\node_modules\node-red
Arguments: red.js -p 9802 -u C:\node-red\3.1.3\node-red-9802

Give the windows service a local or domain user for rights on local folders or windows shares.

Connect to the editor and install new nodes in the palette and also deploy a function node with some standard modules like luxon or node-firebird

Hi @christopher-lambe

It's not necessarly a bad idea.

But one thing to potentially ensure - is that you are running a rebuild on (and in the folder of the runtime' working directory) the server that is actually running Node RED, after you move the node_modules folder.

especially important if the hosts are different architectures.

Now for the spanner.....

Have you not considered nodesDir settings?

/** Node-RED scans the `nodes` directory in the userDir to find local node files.
     * The following property can be used to specify an additional directory to scan.
nodesDir: '/home/nol/.node-red/nodes',

This is a directory that can house additional Nodes that will be loaded by the runtime.
it might be an area that can help

Admittedly, this might widen the air gap a slight, but still, may help

Well, that folder can become really very large with lots of small files which can kill copy performance. It would be better to do a smarter sync rather than a straight copy. You could use rsync for that. However, as well as the node_modules folder, you also need to update the package.json file. And, of course, to restart Node-RED afterwards.

Noting that you cannot do this across different platform types (eg. Linux>Windows or the opposite). I don't think that a simple post copy npm rebuild will work - or if it does, I'm not convinced it would be always successful.

I think that might be a privileged folder on newer Windows OS's? You need to decide which UID will run the Node-RED service - if running as SYSTEM, you might be OK. But probably not if using a standard UID (which is a lot safer).

1 Like

I did't mention it above but I would stop and start the windows service reponsible for the Node-RED instance while copying the new node-modules folder across. Not optimal. I will check out the node rebuild command as suggested.

The nodesDir looks promising but is there a way to tell the API to look for new node packages there while it is running and "import" them too? It looks like this directory is read once only on startup.

This Node-RED API method looks promising too and can accept "full path to a directory containing the node module"

Node-RED really is the most fun rabbit hole that just keeps on giving.

1 Like

I am tring this out at the moment. Node-RED API.

The post method can install from the npm repository or from a local tgz file.
The npm repository was sucessful:

But the local tgz was not. I used npm to install tinycolor2 to a local folder. Then npm pack to make a tgz file and copied that to the node red folder and tried to install it.


So I tried with

Which gave this error.

6 Mar 20:59:05 - [info] Installing module: tinycolor2, version: latest
6 Mar 20:59:07 - [info] Installed module: tinycolor2
6 Mar 20:59:07 - [warn] Installation of module tinycolor2 failed:
6 Mar 20:59:07 - [warn] ------------------------------------------
6 Mar 20:59:07 - [warn] undefined
6 Mar 20:59:07 - [warn] ------------------------------------------
Error: Install failed
at c:\node-red\3.1.3\node_modules@node-red\registry\lib\installer.js:285:25
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
6 Mar 20:59:07 - [error] Error: Install failed

It looks like the method will only install actual node-red node modules and not any arbitrary npm package

Which brings me back to my question above:

The nodesDir looks promising but is there a way to tell the API to look for new node packages there while it is running and "import" them too? It looks like this directory is read once only on startup.

This also looks like it will only install node-red nodes and not arbitrary npm packages such as axios for example.