Node-RED AWS issue

Installed Node-RED on an Ubuntu AWS instance, setup security groups (allow access to port 1880).

Node-RED itself works fine and I can send data over the internet.

But if I create a http in node and try open the page I'm getting a "This site can’t be reached" error. I'm accessing it over public IP is there anything else that I need to do? Security groups have been set to allow anything.

Welcome @steveh92

We are going to need more info.

The HTTP IN node will use the same port, so with that in mind, are you setting a response in your flow to a request being made via the HTTP IN node?

can you share the flow?

Hi Marcus!

I've just realized my issue, I didn't put the port in the url :sleeping:

I have a question regarding using a domain name in the future, will this need the port?

The HTTP IN node does not spawn a new express instance, it will use the same instance that Node RED is using, but with a different route (as configured in the configuration of the node).

So using a domain or not - you will need to specify a port on client devices.

That's not to say you can't use some form of tunnel/port forward to hide the true port - but you will need to research your options.

And remember to give this a read. :wink:
Safely accessing Node-RED over the Internet - FAQs - Node-RED Forum (nodered.org)

1 Like

Thanks.

I was going to ask what's to stop people access the node-red editor if they have the IP/Domain.

Because I've locked port 1880 to my IP but that's now going to stop anyone from accessing not just the editor but any flow from running outside. :thinking:

I wont comment too much in security, I'm not qualified enough.

BUT, you can use something like (I'm sure there are others):
node-red-contrib-http-custom-port (node) - Node-RED (nodered.org)

This will fire up its own express instance (therefore a custom port)
So you can still restrict port 1880 to your Lan, and open up the custom port for others - Again keep security top of your priorities (link)

1 Like

I've tested the custom port node you posted.

Does each instance of a HTTP IN node have to have a separate port? When the same port is used for multiple nodes only one of them works.

My idea was to have within this flow, multiple web pages generated using the same port.

I'm not sure - I don't use it I'm afraid (some here may though)

But...
If it works the same way as the native HTTP IN node, you can add params to the route, allowing a sort of prefix to the URL if you will.

/api/:method

Then clients can go to:

  • http://../api/somemethod1
  • http://../api/somemethod2

The node should output a property of msg.req.params.method

where method will be somemethod1 for example.
i used method here - but you can use any name you want

EDIT
The native Node does share the same port - but not likely the case for the custom port version, using params (above) should work around that a little

Thanks Marcus.

Here is my example but it seems to want to go down both paths no matter?

Would you use a change to load the different web pages?

[
{
"id": "d34068484ea2ded8",
"type": "tab",
"label": "Flow 3",
"disabled": false,
"info": "",
"env":
},
{
"id": "e8af32c9f72d4719",
"type": "template",
"z": "d34068484ea2ded8",
"name": "page",
"field": "payload",
"fieldType": "msg",
"format": "handlebars",
"syntax": "mustache",
"template": "\n \n \n

This is the serial number page

\n \n",
"x": 510,
"y": 80,
"wires": [
[
"fc26c32d5cc36a81"
]
]
},
{
"id": "513d0c17666d63e2",
"type": "template",
"z": "d34068484ea2ded8",
"name": "page",
"field": "payload",
"fieldType": "msg",
"format": "handlebars",
"syntax": "mustache",
"template": "\n \n \n

Hello

\n \n",
"x": 510,
"y": 200,
"wires": [
[
"5320de026f91e753"
]
]
},
{
"id": "c189c8813e92c697",
"type": "change",
"z": "d34068484ea2ded8",
"name": "",
"rules": [
{
"t": "set",
"p": "payload.query",
"pt": "msg",
"to": "{}",
"tot": "json"
},
{
"t": "set",
"p": "payload.query.serial",
"pt": "msg",
"to": "req.params.method",
"tot": "msg"
}
],
"action": "",
"property": "",
"from": "",
"to": "",
"reg": false,
"x": 320,
"y": 80,
"wires": [
[
"e8af32c9f72d4719"
]
]
},
{
"id": "ea637c6e844bb005",
"type": "http in",
"z": "d34068484ea2ded8",
"name": "Home",
"url": "/home/:method",
"method": "get",
"upload": false,
"swaggerDoc": "",
"x": 110,
"y": 140,
"wires": [
[
"c189c8813e92c697",
"82625e7b5370882e"
]
]
},
{
"id": "82625e7b5370882e",
"type": "change",
"z": "d34068484ea2ded8",
"name": "",
"rules": [
{
"t": "set",
"p": "payload.query",
"pt": "msg",
"to": "{}",
"tot": "json"
},
{
"t": "set",
"p": "payload.query.hello",
"pt": "msg",
"to": "req.params.method",
"tot": "msg"
}
],
"action": "",
"property": "",
"from": "",
"to": "",
"reg": false,
"x": 320,
"y": 200,
"wires": [
[
"513d0c17666d63e2"
]
]
},
{
"id": "fc26c32d5cc36a81",
"type": "http response",
"z": "d34068484ea2ded8",
"name": "",
"statusCode": "",
"headers": {},
"x": 670,
"y": 80,
"wires":
},
{
"id": "5320de026f91e753",
"type": "http response",
"z": "d34068484ea2ded8",
"name": "",
"statusCode": "",
"headers": {},
"x": 670,
"y": 200,
"wires":
}
]

We can't import that :smile:

can you use back ticks

```
JSON Here
```
1 Like
[
    {
        "id": "d34068484ea2ded8",
        "type": "tab",
        "label": "Flow 3",
        "disabled": false,
        "info": "",
        "env": []
    },
    {
        "id": "e8af32c9f72d4719",
        "type": "template",
        "z": "d34068484ea2ded8",
        "name": "page",
        "field": "payload",
        "fieldType": "msg",
        "format": "handlebars",
        "syntax": "mustache",
        "template": "<html>\n    <head></head>\n    <body>\n        <h1>This is the serial number page</h1>\n    </body>\n</html>",
        "x": 510,
        "y": 80,
        "wires": [
            [
                "fc26c32d5cc36a81"
            ]
        ]
    },
    {
        "id": "513d0c17666d63e2",
        "type": "template",
        "z": "d34068484ea2ded8",
        "name": "page",
        "field": "payload",
        "fieldType": "msg",
        "format": "handlebars",
        "syntax": "mustache",
        "template": "<html>\n    <head></head>\n    <body>\n        <h1>Hello</h1>\n    </body>\n</html>",
        "x": 510,
        "y": 200,
        "wires": [
            [
                "5320de026f91e753"
            ]
        ]
    },
    {
        "id": "c189c8813e92c697",
        "type": "change",
        "z": "d34068484ea2ded8",
        "name": "",
        "rules": [
            {
                "t": "set",
                "p": "payload.query",
                "pt": "msg",
                "to": "{}",
                "tot": "json"
            },
            {
                "t": "set",
                "p": "payload.query.serial",
                "pt": "msg",
                "to": "req.params.method",
                "tot": "msg"
            }
        ],
        "action": "",
        "property": "",
        "from": "",
        "to": "",
        "reg": false,
        "x": 320,
        "y": 80,
        "wires": [
            [
                "e8af32c9f72d4719"
            ]
        ]
    },
    {
        "id": "ea637c6e844bb005",
        "type": "http in",
        "z": "d34068484ea2ded8",
        "name": "Home",
        "url": "/home/:method",
        "method": "get",
        "upload": false,
        "swaggerDoc": "",
        "x": 110,
        "y": 140,
        "wires": [
            [
                "c189c8813e92c697",
                "82625e7b5370882e"
            ]
        ]
    },
    {
        "id": "82625e7b5370882e",
        "type": "change",
        "z": "d34068484ea2ded8",
        "name": "",
        "rules": [
            {
                "t": "set",
                "p": "payload.query",
                "pt": "msg",
                "to": "{}",
                "tot": "json"
            },
            {
                "t": "set",
                "p": "payload.query.hello",
                "pt": "msg",
                "to": "req.params.method",
                "tot": "msg"
            }
        ],
        "action": "",
        "property": "",
        "from": "",
        "to": "",
        "reg": false,
        "x": 320,
        "y": 200,
        "wires": [
            [
                "513d0c17666d63e2"
            ]
        ]
    },
    {
        "id": "fc26c32d5cc36a81",
        "type": "http response",
        "z": "d34068484ea2ded8",
        "name": "",
        "statusCode": "",
        "headers": {},
        "x": 670,
        "y": 80,
        "wires": []
    },
    {
        "id": "5320de026f91e753",
        "type": "http response",
        "z": "d34068484ea2ded8",
        "name": "",
        "statusCode": "",
        "headers": {},
        "x": 670,
        "y": 200,
        "wires": []
    }
]

Ah!

Use a switch Node.

Initially you were rendering 2 responses for both methods, they were not separated

1 Like

Amazing.

I've added the switch to the custom http in node and it works fine with a change node, I've used to find a serial number using a query.

What could I do to handle /home/ as this will just be an error. I've tried to put if the switch is empty to go to another page?

You can append a ? to ignore the missing param
e.g.
/home/:method?
Then the param property method would be undefined

3 Likes

What @E1cid said :point_up_2: it will be undefined if they don’t suppply anything after /home/

EDIT
I think in the switch node you check for undefined using is null - I’m on my phone currently - so may have it wrong

2 Likes

Or use otherwise for no match

1 Like

Cheers for the help guys, everything's working and got the basic steps of this project done.

Thinking about creating a separate area that people can log into. Will I be able to do this on node-red?

Previous solution was using WordPress and a members plugin but its not very flexible and clunky.

1 Like

May be this will help Need to basic auth only some http node - #2 by E1cid

1 Like

The safest approach is to use a proxy server. Restrict the Node-RED service to only accept connections from the proxy. Then tell the proxy to secure the editor and the user-facing connections (http-in/-out, Dashboard, UIBUILDER, etc) separately.

I recommend that you don't even though you may be able to.

It is far safer to have a tool that is designed and battle tested to handle such things separate to your micro-service.