Hi Everyone,
I am trying to load a specific dashboard as a widget on my Platform application.
It functions as a standalone page; however, it does not work as a widget.
Here is my log from node-red startup
WidgetMBOM | 16 Sep 17:08:10 - [info]
WidgetMBOM |
WidgetMBOM | Welcome to Node-RED
WidgetMBOM | ===================
WidgetMBOM |
WidgetMBOM | 16 Sep 17:08:10 - [info] Node-RED version: v4.1.0
WidgetMBOM | 16 Sep 17:08:10 - [info] Node.js version: v22.17.1
WidgetMBOM | 16 Sep 17:08:10 - [info] Linux 6.1.43-rockchip-rk3588 arm64 LE
WidgetMBOM | 16 Sep 17:08:10 - [info] Loading palette nodes
WidgetMBOM | 16 Sep 17:08:12 - [info] Settings file : /data/settings.js
WidgetMBOM | 16 Sep 17:08:12 - [info] Context store : 'default' [module=memory]
WidgetMBOM | 16 Sep 17:08:12 - [info] User directory : /data
WidgetMBOM | 16 Sep 17:08:12 - [warn] Projects disabled : editorTheme.projects.enabled=false
WidgetMBOM | 16 Sep 17:08:12 - [info] Flows file : /data/flows.json
WidgetMBOM | 16 Sep 17:08:12 - [info] Server now running at http://127.0.0.1:1880/
WidgetMBOM | 16 Sep 17:08:12 - [warn]
WidgetMBOM |
WidgetMBOM | ---------------------------------------------------------------------
WidgetMBOM | Your flow credentials file is encrypted using a system-generated key.
WidgetMBOM |
WidgetMBOM | If the system-generated key is lost for any reason, your credentials
WidgetMBOM | file will not be recoverable, you will have to delete it and re-enter
WidgetMBOM | your credentials.
WidgetMBOM |
WidgetMBOM | You should set your own key using the 'credentialSecret' option in
WidgetMBOM | your settings file. Node-RED will then re-encrypt your credentials
WidgetMBOM | file using your chosen key the next time you deploy a change.
WidgetMBOM | ---------------------------------------------------------------------
WidgetMBOM |
WidgetMBOM | 16 Sep 17:08:12 - [info] Starting flows
WidgetMBOM | 16 Sep 17:08:12 - [info] [ui-base:Dashboard] Node-RED Dashboard 2.0 (v1.27.1) started at /dashboard
WidgetMBOM | 16 Sep 17:08:12 - [info] [ui-base:Dashboard] Created socket.io server bound to Node-RED port at path /dashboard/socket.io
WidgetMBOM | 16 Sep 17:08:12 - [info] Started flows
I installed node-red from a its dockerhub image available there.
As you can see, the dashboard works as a standalone component.
It is protected by https via cloudflare and ngnix.
Here is the nginx settings file
server {
listen 80;
server_name _;
# Rota principal (dashboard + API Node-RED)
location / {
proxy_pass http://WidgetMBOM:1880;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
# Cabeçalhos de segurança e CORS
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization";
add_header X-Frame-Options ALLOWALL;
add_header Content-Security-Policy "frame-ancestors *";
add_header X-XSS-Protection "0";
add_header X-Content-Type-Options nosniff;
}
# Forçar MIME correto para CSS
location ~* \.css$ {
proxy_pass http://WidgetMBOM:1880;
proxy_set_header Host $host;
proxy_hide_header Content-Type;
default_type text/css;
add_header Content-Type text/css always;
}
# Forçar MIME correto para JS
location ~* \.js$ {
proxy_pass http://WidgetMBOM:1880;
proxy_set_header Host $host;
proxy_hide_header Content-Type;
default_type application/javascript;
add_header Content-Type application/javascript always;
}
# PNG / JPG / GIF / SVG
location ~* \.(png|jpg|jpeg|gif|svg)$ {
proxy_pass http://WidgetMBOM:1880;
proxy_set_header Host $host;
proxy_hide_header Content-Type;
default_type image/$1;
add_header Content-Type image/$1 always;
}
# Fontes WOFF2 / WOFF / TTF
location ~* \.woff2$ {
proxy_pass http://WidgetMBOM:1880;
proxy_set_header Host $host;
proxy_hide_header Content-Type;
default_type font/woff2;
add_header Content-Type font/woff2 always;
}
location ~* \.woff$ {
proxy_pass http://WidgetMBOM:1880;
proxy_set_header Host $host;
proxy_hide_header Content-Type;
default_type font/woff;
add_header Content-Type font/woff always;
}
location ~* \.ttf$ {
proxy_pass http://WidgetMBOM:1880;
proxy_set_header Host $host;
proxy_hide_header Content-Type;
default_type font/ttf;
add_header Content-Type font/ttf always;
}
}
And here is the curl that I did for testing it before submitting this topic.
GKR14 ~ master ≢ ?63 0ms⠀ curl -I https://node8.kastner.com.br/dashboard/css/app.css 14:28:17
HTTP/1.1 200 OK
Date: Tue, 16 Sep 2025 17:28:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
access-control-allow-origin: *
Cache-Control: max-age=43200
content-security-policy: frame-ancestors *
content-security-policy: frame-ancestors *;
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=CYtXwr1R%2Ft4gzN8KHxa%2BceHVnhLMbn3bWagfln%2FY3a%2Bjh4LisVIujX79wIn4PP2ytO%2Fp2JRdgAPBsH6GB6%2BfbZ%2BZliqDZ5NpZt2ux8u6g0flO2kR"}]}
expires: Wed, 17 Sep 2025 01:31:14 GMT
last-modified: Mon, 15 Sep 2025 12:57:21 GMT
Server: cloudflare
x-content-type-options: nosniff
x-frame-options: ALLOWALL
x-frame-options: ALLOWALL
x-xss-protection: 0
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Age: 14230
cf-cache-status: HIT
Vary: accept-encoding
CF-RAY: 98021481998d88fb-GRU
alt-svc: h3=":443"; ma=86400
Here is the error from my web application
