Node-red behind reverse proxy with http-proxy-middleware

General
1

Hi.

I'm trying to put Node-red and Grafana behind a reverse proxy with nodejs express and http-proxy-middleware. My situation:

I have a 4G router that sits between a linux machine running Node-red and Grafana and the WAN net.
I portforward :8080 -> LAN_IP:9000.

Grafana listens on: 3000. http
Node-red listens on: 1882. http

My proxymiddleware.js file:

const express = require('express')
const { createProxyMiddleware } = require('http-proxy-middleware')

const applicationPort = 9000

const app = express()

// redirect for grafana
app.use('/grafana/', createProxyMiddleware({
    target: 'http://localhost:3000',
    changeOrigin: true
}))

// redirect for node-red dashboard
app.use('/dashboard/', createProxyMiddleware({
    target: 'http://localhost:1882',
    changeOrigin: true
}))

// redirect for node-red editor
app.use('/editor/', createProxyMiddleware({
   target: 'http://localhost:1882',
   changeOrigin: true,
   pathRewrite: {
        '^/editor': ''
    }
}));

app.listen(applicationPort, () => {
    console.log(`Reverse proxy listening on ${applicationPort}`)
})

Grafana.ini file:
root_url = %(protocol)s://%(domain)s:%(http_port)s/grafana/
server_from_sub_path = true

Node-red settings.js file:
httpAdminRoot: '/editor'
httpNodeRoot: '/dashboard'

This works like a charm with Grafana.
WAN:IP:8080/grafana

But with Node-red
WAN_IP:8080/editor or /dashboard
I get this error:
Error occurred while trying to proxy: WAN_IP:8080/

I'm specifically targeting 'http://localhost:1882'. Why is it complaining about WAN_IP?
Am I doing this wrong? Some online resources and AI told me to do it this way.

I have tried any number of different configurations of this.

Best regards
Steffen

2

Couple of things.

  1. You need to tell Node-RED to trust your proxy.
  2. You need to proxy websockets not just HTTP for Node-RED.
  3. Not sure why you would try to use a Node.js/ExpressJS tool for the proxy? Using something like NGINX, Caddy or HAProxy would be far more efficient and would let you do other things as well. They would also easily proxy websockets as well as properly cache static resources for efficiency.
  4. YOU DO NOT APPEAR TO HAVE USED TLS to encrypt the WAN side of things. As such, you are in real danger of being compromised and having your machine used by an attacker.

If you haven't correctly set up HTTPS and put a login on the editor, you will likely need to reset the machine.

1 Like