IBM used to offer a very convenient way to host a Node-RED instance in the cloud for free - but since a few days, this offer does not exist any more (and this change is so brand new that their user interface still claims it to be free!).
Nevertheless, if you need free Node-RED hosting (e.g., for students), you may try the Oracle "always free" offer instead (warning: credit card is still required!)
Todd Sharp has written a nice blog post which describes the set-up process.
It works fine, but you may want to consider the following additional tips:
- when it comes to choose the operating system for your VM, do not choose "Ubuntu" because the installation script mentioned in the post does not support that OS (I'm currently using CentOS)
- the instructions want you to upload the public key of an SSH key-pair. If you do not know what this is or how to create it, there is also an explanation of how to create that key-pair
- even after adding the mentioned "Ingress Rule", your Node-RED instance will not be reachable in the end - instead, after having set-up everything in your SSH connection to the VM hosted by Oracle, you should additionally submit the following command
sudo iptables -I INPUT -p tcp --dport 1880 -j ACCEPT
This gives you a working Node-RED instance reachable over the Internet.
If not (and it took me 5 (five!) attempts until everything worked as intended), an explanation of how to revert your set-up may become useful.
[Amendment]
Of course, such a public Node-RED instance as the one you created in the cloud should immediately be secured as described in the Node-RED docs. However, Oracle will provide you with a numeric IP address for your VM only (rather than with a host name). As a consequence, you won't be able to use "Let's Encrypt" to get a server certificate for HTTPS but will have to create one yourself.
For that purpose, create a file called certificate.cnf
in your home folder (e.g., /home/opc
) using the following command:
echo > certificate.cnf \
[req] \
distinguished_name = subject \
req_extensions = req_ext \
prompt = no \
encrypt_key = no \
\
[ subject ] \
C = DE \
ST = state \
L = city \
O = organization \
OU = organizational-unit \
CN = <your-ip-address> \
\
[ req_ext ] \
basicConstraints = CA:FALSE \
keyUsage = nonRepudiation, digitalSignature, keyEncipherment \
subjectAltName = @alt_names \
\
[alt_names] \
DNS.1 = <your-ip-address>
and replace both occurances of <your-ip-address>
with the IP address of your VM.
Alternatively, you may also use an HTTP endpoint of the author's Node-RED instance on such an oracle VM and let it generate that configuration file for you:
wget --no-check-certificate -O certificate.cnf https://152.70.181.238:1880/cert-config-for-ip-address?ip=<your-ip-address>
Again, replace
<your-ip-address>
with the IP address of your VM
Then run the following command to actually create the certificate
openssl req -x509 -nodes -newkey rsa:4096 -keyout privkey.pem -out cert.pem -days 3650 -config certificate.cnf
This command will generate the two files /home/opc/privkey.pem
and /home/opc/cert.pem
mentioned in the instructions how to secure Node-RED
Nota bene 1: after working through these instructions, do not forget to restart your Node-RED instance: sudo systemctl restart nodered
Nota bene 2: since your certificate is a "self-signed" one, the browser you use to access your Node-RED instance will complain about an "insecure connection" - but since you made the certificate yourself you know that you can trust it and proceed to the Node-RED editor without fear.