Configure Node-RED for TLS termination on reverse proxy

Hello community,

I am a (mainly windows) sysadmin who has inherited a pre-bundled OT measurement system / dashboard built on a Pi 4 with Node-Red, Graphana and Postgresql docker containers sitting behind a HAproxy reverse proxy (also in a container) that is trying to do https termination with a self-signed certificate. I am trying to setup a trusted certificate and remove the security warnings.

I've setup the addressing and DNS correctly and created a trusted TLS certificate using our internal Microsoft CA and replaced the certificate in the pi being used by HAproxy which all works, except browsers are still labeling the site insecure even though it trusts the certificate chain and says the certificate is valid. I believe the site is requesting content unencrypted somewhere but i can't figure it out. TBH, i can't be sure it's even Node-Red's fault.

Can anyone offer any wisdom regarding configuring Node-Red for this scenario? Anyone done it before with HAproxy?

My only other lead is maybe it's something to do with WebSockets since i can't find any mention of that in the HAproxy config, but saw it in another example provided by the forums for a different proxy.


I've not used HAproxy but I do use NGINX and I've published info on setting that up with node-red as have others.

This seems to show the entries required for proxying websockets: HAProxy configuration with Websocket support (

Note that websockets initially connect over http(s) and then "upgrade" the connection to ws(s). the IP port remains the same for both http and ws.

Thanks @TotallyInformation, ill look into that - might take me a few days to get back to it though.