Node-red-contrib-remote does not work in a server cloud

Hi Dears,

I'm using node-red-contrib-remote to send a pushnotification to smartphones when there is an event on my dashboard. When I run node-red and dashboard on my personal machine, it works perfectly. But when I run it on my cloud server, when deploying the remote node gets a 'configuration incomplete' error, and the conexion is not established. Any suggestion?

Thanks,

Roberto

If you don't mind me saying so...

I tend to stay WELL AWAY from projects like that.

I feel you're better off using one of.

The above will provide push messaging, without exposing your Node RED to the internet.

Whilst I don't have any meaningful opinion on Remote RED - I just (personally) don't trust those types of services, let alone the owners handle name 'Looking4Cache' :see_no_evil:

Disclaimer : I use Pushover + BulkSMS.

If you need remote access to the Dashboard - look up using a VPN
it is by far.... more secure

Hi Marcus,

Thank you for your considerations. I'm going to think about it, mainly because I'm starting to offer a node-red dashboard in my product that is on a server in the cloud. And also about the alternative to remote.

Best Regards,

Roberto

Pushover and Telegram are the easiest - assuming you can get your users to use those services. They have the advantage of being reasonably (though not totally) secure without any real effort.

SMS should be easy, however, it is not terribly secure these days. Not an issue for most things but something to be aware of.

IFTTT tends to have a delay on it, especially on the free tier. Security average probably.

WhatsApp either also requires an intermediary that you would have to choose to trust or is VERY complex.

I use Telegram because it is pretty easy, reliable, reasonably fast and reasonably secure.

Really, DO NOT expose the Node-RED editor to the Internet except via a secure intermediary such as Cloudflare Zero Trust (which allows 50 users even on the free tier) or maybe NGROK (easier to set up but not necessarily secure by default and rather more limited free tier).

For dashboards, I'd also recommend a secure intermediary. If you've set one up for the Editor, you may as well use the same thing (presumaby with slightly different security settings) for dashboards. Though you could also use your own proxy if you preferred. I don't recommend using your own proxy for the Editor - you could of course, but too easy to make a configuration mistake and expose everything.

1 Like

Hi Julian,

Thank you for the information. Regarding the security of having a dashboard in the cloud, which you warned about dangers, do you think the Flow Fuse website offers security?

Thanks,

Roberto

Possibly start with Security Statement - FlowFuse • FlowFuse

Personally I'm very loath to make or take security recommendations from random folk on forums but YMMV :slight_smile:

I've not really examined FF security. :slight_smile:

It reads well.

Quite right! :grin:

No forum post should be taken as anything but a starting point. Especially in regard to security.

But there is some sound advice in the forum including some FAQ's that come from long experience.

How far you want to go down the security rabbit hole largely depends on the value of the system. I've no doubt that FF provides a decent start but if the system is valuable, you'd want to do your own pen. testing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.