[ANNOUNCE] node-red-contrib-ui-web-push: beta version

this node is fantastic, thank you so much for developing it, so we can all say goodbye to Telegram. This is obviously conceptually superior. Have you tested sending short gifs?

IMHO all the lets encrypt stuff doesn't belong in node red at all. Users should be using a web proxy that terminates SSL, manages certs, and forwards traffic to node-red. After all, probably a good chunk are using docker, so a simple Traefik container solves all these issues auto-magically. Many hundreds of thousands of services rely on traefik, so they keep it all up to date with lets-encrypt, managing dns or http challenges, and renewals, like complete magic. A bit silly to try to re-invent that wheel inside node-red, when all you'll end up with is a less secure solution anyways.

I'll set this up soon and post up my results!

1 Like

Hi, thanks for the feedback!

Do you mean sending a single image? If so, you can find an example flow on my readme page.

I'm not very convinced of that anymore, since Telegram has build native apps for all platforms. So every user can easily use those, without all the ssl setup issues...

You are absolutely right that a web proxy does the job, but we have to be aware that Node-RED is not only made for users with a massive amount of technical skills. Would have liked to have a single-node solution for less-experienced users, but I'm afraid one or two issues will prevent me from accomplishing that. Unless somebody can give me the golden tip ...

That's exactly why SSL setup should be left to something easy, automatic, and reproducible. It's trivial to provide a docker-compose example that launches node-red and traefik together.

Not only that, but it makes it easy to protect node-red with oauth instead of basic auth.

There are some very significant risks exposing the node-red port to the web with basic auth. I would call that ill-advised, at best. Encouraging users to do so is asking for trouble.

Just so you know, with a traefik proxy setup you don't have to expose the node-red port to the docker host even, and nor do you have to open ports on your firewall. You can have a node-red instance completely unavailable to the internet, and still get an SSL cert using a DNS challenge. And yes, your notifications can still go out to mobile users.

All that you say makes sense! However from experience I know that lots of the users of my nodes are hobbyists, who won't get Docker or anything like that up and running. But if you know a way for this kind of users to easily setup LetsEncrypt (both with https-01 and dns-01 challenges), don't hesitate to explain the steps in the "share your project" category on this forum! The more options we have, the better ...

2 Likes

Yes please. That would be a very useful option to have available..

3 Likes

Morning Vinistois,
wow that was fast feedback!
Will try to digest it today (when I get some time from the wife and kids), but seems to be very well explained at first sight...
Thanks a lot for sharing your knowledge on this forum!

This topic was automatically closed after 60 days. New replies are no longer allowed.