Enable https, but still access with local IP

How can I setup things so that I connect with https from outside, but still with http://10.x.x.x. from LAN?

@fmarzocca your question moved to it's own forum topic.

Hi fmarzocca,

I understand that you want to access via http internally and via https externally (via hostname/ domain) ... I think it should work out of the box. You should keep an eye on the node-red setting «requireHttps». This should be set to «false», otherwise node-red tries to forward you every time from http to https and you will get a certificate error.

If you are not talking about node-red you should check the webserver settings. Normally you can set something similar, if https is required/ forced or not.

Cheers
Ranki

There are a couple of options

  1. Use something like NGINX as a reverse proxy. You can have NGINX terminate all the HTTPS traffic and then forward requests via HTTP to the internal IP address. This way internal traffic will still be able to access Node-RED directly. Assuming this is a home setup, you then just get your router to forward traffic on port 443 to the NGINX instance. (You will need a domain name setup to get a real HTTPS certificate, probably from letsencrypt. You will also need either a fixed IP address or a dynamic DNS provider)

  2. Use a service like ngrok that will generate a tunnel to your Node-RED instance based on a username appended to ngrok.io.

I tried this, but it still doesn't work

Try accessing it by prefixing the IP address with https:// - something like https://192.168.1.8:8443
You should get a browser warning that the https certificate is invalid (because the certificate is issued to your domain name, not your IP), but go ahead and access it anyway.
You can leave requirehttps set to true.

https

yes this works on the browser. But I have few devices that are not able to send notifications over https, so that is a problem...

How are they sending notifications, what format?
Have you tried them?

Tasmota Websend. It does not support https and the message fails

I've no idea what Tasmota Websend is, so maybe someone else may be able to help you.

1 Like

it's just a tcp call to http://

Hello fmarzocca,

you expect that we help you, may I expect that you deliver a few more information? :slight_smile:

So, you tell me, that you tried this ( I assume the steps in my post with checking the node-red settings and https is not required). Did you try to open your node-red instance with a browser w/o https? What error message/ result did you receive?

If you directly tried it with the «websend» thing: What are the results/ error messages, if you receive some ... and: try it with a browser first.

We can only help, if we get some more information and I am pretty sure, a lot of people are interested to support you.

Cheers
Ranki

Hi @Ranki , sorry for my previous message but I was in a hurry!
Yes, I have set requireHttps=false but if I use a browser and try to connect to http://10.0.0.26:1880, I get an ERR_EMPTY_RESPONSE message. It works with https, even if I get the "invalid certificate" warning.

Concerning the websend, I have fixed it by using mqtt messages from the devices and not letting them send a tcp request.

Hi fmarzocca,

did you restart node-red after changig the settings?

And in the end: Is your problem now solved? I maybe do not understand the last sentence ...

Cheers
Ranki

1 Like

Yes, I have fixed now. Thank you for your patience!