Hello gentlemen, I generated a certificate signed by myself to use node-red with https, but the site keeps showing the warning as not secure, do you know any way to remove this warning, and leave the site with a secure padlock, and detail I will use this on a LAN network.
Others will come in if I am wrong, but I think that is because you are using a self signed certificate. I think you would be better to use a LetsEncrypt certificate.
So what I'm using now is a non-self-signed certificate, generated with a domain I have, using LetsEncrypt
That should be ok then.
The warning happens in the browser for any TLS secured endpoint where the ROOT certificate is not in its pre-defined trusted root certificate list.
The easiest way to fix it is to use a publicly registered domain and Let's Encrypt.
The harder way is to register your custom root certificate with your browsers.
But I will access the site through the IP of the machine that will run node-red, on a local network.
You can only get the padlock with just an IP address by creating your own full certificate chain and registering you custom root certificate with all browsers that access your system.
There is no other way. You cannot use a public CA against just an IP address, only against a registered domain name.
And how do I create my own certificate chain for my IP, without having a domain???
That is beyond the scope of this forum really. It isn't a Node-RED issue.
It is relatively complex and if you've not done it before, you will need a full tutorial at least. And probably a 2nd tutorial on how to apply the custom root certificate to the correct browser/OS certificate store.
I've not had reason to do it for years now so I'd have to go research it myself.
My setup for using HTTPS on local network where nothing is publicly exposed (except DNS records of course)
- use Cloudflare DNS (most domain registrars allow you to move DNS resolution to other providers - Cloudflare is nice for this cos it offers api)
- install a proxy server. I use: https://nginxproxymanager.com
- in Cloudflare create an A record pointing to IP of above proxy on local network
- then you can create as many CNAME records pointing to above A record in Cloudflare eg. nodered.yourdomain.com, ha.yourdomain.com, ...
- last thing to do is to configure your proxy server that will resolve subdomain to you local IPs and ports. Nginx Proxy Manager is really user friendly, offers UI, HTTPS config and automatic Let's Encrypt renewals
2 Likes
This is similar to what I do except that I use a spare domain name, Register a wildcard cert with Let's Encrypt and use NGINX for proxy and https termination. My edge router has hairpin NAT which means that my registered domain directs to internal addresses from within my LAN, no need for any public DNS entries.
Noting that none of my internal https endpoints are externally exposed at all. So I don't really need https internally but I use it anyway to get rid of the annoying icons and warnings. And for the practice of maintaining Let's Encrypt certs and configuration of NGINX.
I had LE auto-renewals via their Acme script long before NGINX or Caddy supported them. Never found a need to change it. The script is run via CRON on a schedule slightly smaller than the expiry of the certs.
Thank you very much for the information, I will be using node-red on a device with Linux, so I believe I will not be able to use the cloud, but thank you for the knowledge.
Very interesting, I should look into that as my router seems to support that too.
You don't need the cloud for this setup, but don't mind me asking, why bother with https for node-red instance that you will access locally?
My company sold an application this way, but whoever negotiated it didn't understand the subject very well and ended up selling it, resulting in the application being accessed via https even locally, so now I need to find a way to make node-red reliable for several different devices.
A few of us have used Tailscale, using this tutorial - Tutorial - Secure your home automation with Tailscale
Don't know if it would suit your circumstances.
