Node-RED, Apache,Proxypass - no debug data


#1

Hey All,

Issue: debug node dosn't work - no debug data

I have got an issue after securing Node-RED by Apache web server with ProxyPass and uiHost:127.0.0.1,
adminAuth.

  1. What I have:

[Issue]
When I run Node-RED in browser locally: localhost:1880 then evrything works.
Into flows, debug nodes works (debug data are retrived in debug panel), mqtt and mysql shows that they are connected.
But when I run Node-RED in browser on WAN site e.g https://io.company.com/
I could login to Node-RED, I see running flows - database accepts data from mqtt.
The problem is - debug node dosn't work (nothing shows in debug panel), mqtt node dosn't show that there is connected,also mysql node dosn't show that there is connected.

Did I omit something in the configuration?

Best regards.
Bronto


#2

the websocket connection back to the editor (debug) also needs to be allowed through your proxy.


#3

@dceejay - I thank You
I have done some research on the web, and found out some informations about RewriteCon for websocket. I have implemented that solution and now, my Node-RED debug node works in proxy.

Best regards
Bronto


#4

@bronto any chance you could post a sanatized version of your Apache config? It would be useful as a reference.


#5

OK - I could, no problem.

  1. There's a popout on that forum which tells us about security of Node-red.

Shortly - OS Ubuntu, Node-Red runs by tux user.
Tux home directory: /home/tux/.node-red/settings.js.
Three important parameters

uiPort:process.env.PORT || 3005,
uiHost:"127.0.0.1",
httpAdminRoot:'/nodered',

And now

  1. Apache virtual host setup (SSL by letsencrypt)
ServerName example.com ServerAdmin you@example.com DocumentRoot /var/www/html/example.com
RewriteEngine On
RewriteCond %{HTTP:Upgrade}   =websocket    [NC]
    RewriteRule /nodered(.*)              ws://localhost:3005/nodered$1 [P,L]

ProxyPreserveHost On
ProxyRequests Off
ProxyVia Off

<Proxy *>
    Order deny,allow
    Require all granted
</Proxy>

ProxyPass 		/nodered		http://localhost:3005/nodered
ProxyPassReverse	/nodered		http://localhost:3005/nodered

ErrorLog ${APACHE_LOG_DIR}/error-example.com.log
CustomLog ${APACHE_LOG_DIR}/access-example.com.log combined

SSLCertificateFile       /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Above configuration works for me.

Best regards
Bronto


#6

Awesome, thanks @bronto !

I currently have my http end points all proxied via Apache, but it would be nice to proxy the admin interface as well!