I have got an issue after securing Node-RED by Apache web server with ProxyPass and uiHost:127.0.0.1,
adminAuth.
What I have:
Ubuntu 18.04, Apache, SSL certyficates, Proxypass,ProxyPassReverse to http://localhost:1880/
[Issue]
When I run Node-RED in browser locally: localhost:1880 then evrything works.
Into flows, debug nodes works (debug data are retrived in debug panel), mqtt and mysql shows that they are connected.
But when I run Node-RED in browser on WAN site e.g https://io.company.com/
I could login to Node-RED, I see running flows - database accepts data from mqtt.
The problem is - debug node dosn't work (nothing shows in debug panel), mqtt node dosn't show that there is connected,also mysql node dosn't show that there is connected.
@dceejay - I thank You
I have done some research on the web, and found out some informations about RewriteCon for websocket. I have implemented that solution and now, my Node-RED debug node works in proxy.
I am having trouble dealing with the websocket connection with two Node Red instances: one local and another one on different Raspberry Pi in same private network. I had my local device (the one with Apache running) setup working by following this and this discussion. Here is my Apache Virtual Host configuration for all 443 traffic:
<IfModule mod_ssl.c>
<VirtualHost *:443>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /node1(.*) ws://localhost:1234/node1$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyVia Off
<Proxy *>
Order deny,allow
Require all granted
</Proxy>
# This is the first (local) node-red instance, works well with the Rewrite lines above
ProxyPass /node1 http://localhost:1234/node1
ProxyPassReverse /node1 http://localhost:1234/node1
# This is the second node-red instance running on another Pi, ProxyPass works but websockets do not
ProxyPass /node2 http://192.168.x.x:1234/node2
ProxyPassReverse /node2 http://192.168.x.x:1234/node2
ServerName mydomain.com
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I have learned that I could separate the websockets by custom paths like this:
There is a second server exposed via DNS at my.server2, and I wanted to use this adress for node-red (without :1880). This server is running Debian10 and a clean installation of Apache 2, ssl certificates from Letsencrypt.
Finally I managed to get node-red running without any rewrites.
I set /root/etc/apache2/sites-available/000-default-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName my.server2
SSLProxyEngine on
#ProxyPreserveHost On
ProxyRequests Off
ProxyPass /comms wss://my.server1:1880/comms
ProxyPassReverse /comms wss://my.server1:1880/comms
ProxyPass / https://my.server1:1880/
ProxyPassReverse / https://my.server1:1880/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/my.server2/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.server2/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Hope this can help someone to get things running. wss://my.server1:1880/comms seems to be necessary to get websockets running.
Thank you, this works great! Took me a while to figure it out because not all the required apache modules were loaded. I had to run enable proxy, proxy_http, and proxy_wstunnel. Sharing in case others have the same issue.
Strange enough, i recently had to change my setup to add a second node red server to the setup. You can use
ProxyPass /nodered1/
to use a different path, But for whatever reason, websockets are working only on one of the servers, while the second dores not have any debug messages in node red.
I assume there is some misconfiguration somehow, but it seems this kind of trouble is not uncommon for Apache. Found a similar case on the net. After changing to ngix things seemed to work better...