Node-red Server should run a command on a Client PC

I have a Node-red server and I need to somehow trigger a command on a Desktop (no node-red, no npm).
I would prefer a systemd service that wait for a signal from the server and run a specific command every time it receives it. (No need to hand over a value).

Any Idea how to do that?

I believe that you cannot do that without installing something on the PC. The browser cannot run commands on the PC, it would be a massive security hole if that were possible.
Probably the easiest way is to install node-red.

I don't wish to run commands from a browser. I'm looking for a way to somehow ping the Client PC. And the Desktop PC listen for that ping and run the command. there should not be any browser involved.

Something like:

  1. My Node-red Server on 192.168.0.2 send a string 'abcdefghijklmnopqrstuvwxyz' to Desktop PC at 192.168.0.3
  2. Desktop pc run a systemd service that listen for the string 'abcdefghijklmnopqrstuvwxyz' and if it receive it on any network device it start a command.

Is there no possibility of running node-red on the desktop PC? That would make this very simple.

Otherwise, you are going to have to hunt down an application that can run as a service that listens for pre-configured "something" on an "unyet-named-protocol" & node-red has to transmit to a computer that may or may not be running this listening service.

In short, something will need installing (possibly do-able with a shell script) but we dont know what to really recommend as there are many things at play. For example how secure must this be? There are lots of ITTT type http hook applications - for example this one: GitHub - adnanh/webhook: webhook is a lightweight incoming webhook server to run shell commands - but as already stated, running node-red on the desktop would greatly simplify this.

If you have a suitable Windows machine (server or desktop) on which to run Node-RED (doesn't have to be the target machine, could be a VM or separate device), then you may be able to run remote wmic or PowerShell commands.

You can get PowerShell core on Linux but I don't think that allows calling the remote services.

Otherwise, as the others have said, you must have something running on the target device that is capable of running commands. For example, do you have any remote management tools such as Intune?

You could even create a small executable that would create an HTTP listener with which you could interact. However, this can be incredibly insecure and dangerous if not done right.

Even running Node-RED on the device and allowing external connectivity to run local commands is incredibly dangerous. If this is a corporate/enterprise device, make sure you have the blessing of your IT and security teams.

The other way to do it is for the client devices to run a small mqtt app that connect out to the server and subscribes to commands. At least that way it is an outbound connection and so is more secure than an open listening port.

1 Like

Assuming you've secured your MQTT server sufficiently of course. :slight_smile:

Of course (I was stupidly assuming that was the same machine as Node-RED and was secured -always bad to assume :frowning: )

1 Like

Every thing is inside my LAN.
The MQTT way seems a cool Idea.

How could I setup an MQTT client on my Computer? I only need the possibility to trigger something. As simple as possible.

Did you check out the package I linked to?

You can apt install it & have it execute any command you wish based on http requests. No custom application, no broker, simple install.

To trigger it, your node-red flow would be
inject → http request. Thats it.

Sorry I had to say, I do not wish installing node-red on the Labtop, which I also use on Public WLAN. (I read too much about insecure node.js ). I wish to use node-red only on my LAN on the RPI.

Also, the Idea that a desktop works as a MQTT client seems nice. May I'm not in the correct board here, because I need advice to set up a MQTT client without node-red.

This is the package Steve was asking if you had looked at.

The link I provided is to create a simple webhook that executes something. It doesn't need node-red.

And btw, node/node-red is as secure or insecure as you make it. That goes for a standalone application, whatever it is.

Sorry @Steve-Mcl I assumed a miss understanding and didn't click on the Link. You are right. That Link contains exactly what I need. I will give GitHub - adnanh/webhook: webhook is a lightweight incoming webhook server to run shell commands a try.
Thanks!

Your statement about secure/insecure is correct, that's the thinking from where I assume I'm not able to make it secure.

@Steve-Mcl that solution works surprisingly easy! Thanks!

Just remember my & Dave's previous comments. If you let anything be externally accessible and let it run things on your local computer, you are at serious risk. Make sure you lock everything down.

That webhook library has NO SECURITY of its own other than allowing the use of HTTPS - which you absolutely need to configure. So also set your Windows firewall to only allow an inbound connection on port 443 from ONLY YOUR NODE-RED SERVER.

That is a bare minimum you should do. Better would be to use a local IIS install with a login, TLS and the firewall config.

That is not entirely true (see next comment) and also not it's design goal. It would ordinarily be placed behind a firewall or other security device or application.

However it does have rule matching including payload verification (payload-hmac-sha512 + secret) and ip-whitelist.

IIS can just as easily be hacked and bypassed if ill configured.

Yes, security config is always hard. IIS is pretty decent when connected to AD or AAD, can't say I've ever really tested it with a desktop PC though.

Thanks for your concerns.

  • I do not set up webhooks that could hand over random vars. All actions I set up has to be predefined available.
  • I do not plan to transfer Data over Internet. Only over LAN.
  • Currently, I do not use TLS because I do not know how to set up TLS. All tools I currently Use does TLS fully automatic. That would be a whole other adventure.
  • For the record I use Ubuntu-Linux not Windows

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.