Hi everyone.
I searched the forum looking for similar question but couldnt fine something. So my question is if i can configure node red to take a static ip instead of a dynamic one.An ip throught DHCP, might change if the network resets or for any other reason. My problem is that, i have created a web app that sends commands to the node red through the internet. To do this i ve created a port forward rule in the router. The problem arises if the private ip of the node-red gateway changes since its ip gets created from DHCP. In this case i will need to re forward the port all over again, to the new ip, and i wouldn't want this.
If you are creating services that use TCP/IP, you will always need to define fixed IP addresses.
As the others say, this is easily done either in your router - DHCP settings will usually have an option for fixing an allocated IP address against a MAC address. Or you can force a fixed IP address in the network configuration of the Pi. Personally, I prefer using DHCP as everything is in one place and I don't have to faff with the Pi settings - helpful when rebuilding or migrating to a new device.
Also mentioned is security. As you are allowing incoming connections through your firewall, this is potentially very dangerous since a simple port scan from the Internet will reveal that something is happening on your IP address.
At the least, you should lock down access to a specific URL path - the path you've defined for your incoming url. That prevents bots from attacking Node-RED's admin or Dashboard UI's for example. But you might need a proxy server to assist you with that as it is possible that the firewall on your router won't be up to the job. You can configure something like the NGINX web server to do this for you.
Ideally, you should also have some form of authentication and authorisation on the API URL to prevent unauthorised access to it.
Just to stress again, your URL WILL be discoverable from the internet and bots WILL discover it and try to break in.
Hi everyone and thank you for getting back to me. Let me make some clarifications though. First of all by saying static IP, i mean the internal ip inside the local network and not the internet one. Secondly yes i m aware about the security risks and i m planning on taking some action on this too.
Let me share some information regarding the application that i m building too. So my client hired me to create a web application that will control lora nodes but remotely. So imagine a couple of these devices talking to the gateway and the gateway then forwards all the traffic to my server, where i do all the work and display the data. Moreover i m sending commands to the nodes by sending them to the gateway, and the gateway just forwards them to the nodes. This is commercial product that will be launched soon. I hope this makes a little bit more sense now.
So to sum up, i need to have a fix private ip in order to not need to have my clients keep creating port forwarding rules. Also i need this to happen through some configuration. I don't want to force the user to do it. My other option is to do it programmatically but thats another story and out of the scope of this forum.
Use DNS names from node-red to your "gateway". If your gateway changes IP, update the DNS record. (ie DDNS)
Have the node-red periodically check in with its own information that permits you to connect back over.
I have to say mind, as you say this is a commercial product that is expected to be available for two way communication, you could shell out for static IPs (gateway/server side)
Tbh, still 100% sure how to advise you as there is not enough detail (e.g no mention of protocols, if the product can run other code (for doing DDNS) etc etc)
So have the gateway device set with static IP and your router port forward to it. Have the gateway update a DNS record. Use the DNS name on the remote red to connect via DNS name.
Well that would be great and actually this is my end goal, but don't know how to do this. I mean how do i do this through node red? How to set a static ip of my gateway through node red?
What is this gateway you speak of? A computer type device? Connected to the internet? Static IP?
Or do you mean a router when you say gateway?
A drawing depicting all the parts and what they are & what they run and how you expect them to communicate (protocols etc), any firewalls or bridges etc... will go some way to assisting you.
Ps, this isn't really the forum for this however if there is a possibility of node-red somehow setting an IP on a device somewhere, we can probably advise.
First of all. I would like to thank you for really trying to guide me through this. Really appreciate your time and effort.
Now regarding your question. This is not a computer. Is a multitech conduit device.It is connected to a router inside a local network. The router instead provides access to the internet. The router has a static ip yes. The gateway is getting it's local ip through the router and through DHCP. No firewall, no bridges. It s a very basic and typical network.
Honestly I'd like to assist but there still is no clear information on how you want / what you want.
It may be me, it may be a Sunday morning thing but honestly I'm struggling to "get" what you want. Where you want what bit of hardware/software to talk to what device(s) using what protocols.
E.g. if you said customers running your device/hardware with node red installed and they had to communicate to via the internet, to your static IP router ->> to your internal "gateway" device using raw TCP port 1000 I could advise.
If you want anymore help, please be precise, include protocols, where devices sit, how you expect them to communicate.
It is likely once you can articulate this so that I/others can grasp your intentions, you will get some (good) surprising advice (e.g. "you should use MQTT or REST or OPCUA for that" blah blah etc etc) that you perhaps didn't consider.
Thank you Steve for your help. Well that would be the end of me trying to explain more since i don't know how to express it differently in order to draw a clearer picture. Really appreciate your help though even though its Sunday morning and i m sure you have far better things to do than struggling here with me. And yes context is King!
There are only 2 ways to fix the IP address of a device.
Configure it in the router. Using DHCP configuration and knowing the MAC address of the devices network card, you can tell DHCP to always give the same address to the device. That's what I do as all of the configuration is in 1 place.
Configure the IP stack on the device to use a fixed IP address. You could do this from Node-RED but note that the user id running Node-RED would need to be able to issue SUDO commands without being challenged for a password (which is the normal case. You can specify a single command to not need a password which is a little more secure).
Realistically, #2 isn't that helpful since you still need a free IP address which, it is likely, only your customer can give you. It needs to be an address that doesn't overlap with the DHCP range and is not in use by another device. Using 2 makes it much harder for your customer to manage their network and I wouldn't advise it unless they keep track of addresses manually (using a spreadsheet for example).
#1 is absolutely the better way since it is easily changed if needed, requires no configuration changes on the end device and is easily configured in a single place (the router). It does, however, require someone with access to change settings on the router.
What is more, the router must have been changed anyway to enable the inbound firewall rule so all of your network configuration is done in one place.
After a device is connected to router, the router assigns an IP for that specific device.
In order to access Node-Red remotely a Fixed IP can be set on the device which runs Node-Red.
After Fixed IP is set on the device, on the router port forward must be set for that Fixed IP specified.
Really???
Would it not be easier to build a solution involving a (commercial) MQTT broker on the internet? Basically you could then forget about the hassle configuring fixed-ip and port forwarding. All two-way communications could go through the cloud and you would get a secure solution as well. It would also allow monitoring of device status etc. Just thinking when you are scaling up the system and your customer adds more gateways/routers/devices. In addition, installing ngrok and vnc on each Pi would allow you to have direct access to NR in each Pi if need, for maintenance purposes (I bet that will be needed). The list with good ideas could be much longer...
But this project is stated as commercial and I'm off on Sundays...
Hi. The gateway is not a raspberry pi.It's a multiteck and i m not sure i can install all these. Furthermore MQTT requires port 1883. Doesn't that require port forward as well?
OK based on the drawing that you have done above - you keep interchanging terms - but i assume what you have labelled as Conduit is also gateway (i.e. Gateway for Lora network devices ?) in your terminology ?
In the diagram your router would be responsible for handing out IP addresses - it will hand them out to hardware devices - Node-Red sits way above this level and has nothing to do with asking for an receiving IP addresses. If you have no control over the Conduit/base station to srt a static IP address (seems strange) - then inside the Router you have to setup the DHCP server to hand out a static address to the MAC address of the Base station each time it starts up.
Hi Graig. Yes thats exactly right. The Conduit is the gateway. No let me point out that i have found the following linux terminal commnad that can do what i want:
"ip addr add 192.168.1.21/24 dev eth0"
So i m putting this command in an exec flow inside node red and i can now have a static! That seems to solve my problem and answers my initial question.
You have essentially added a 2nd IP address to the box - yet have done no checking if that address is available on the network - nor if this was a customer network do you have any idea if this is even in a valid IP range.
I would suggest a couple of things here
You should not be doing this networking work yourself if you are serious about selling this solution - just based on the questions you have asked it is fairly obvious you are at the software layer and have had limited exposure to networking and security
You should investigate what Operating System the Conduit is running and look at a remote access solution (such as Teamviewer) or VNC so that you can get Remote Access/Control of the box regardless of the IP address (Teamviewer in particular is good for this as it runs on centralised servers and registers with them for the remote access)