Ok, new to Node Red, how to do back Webhook?

Hey guys, first day on NodeRed and it is a bit confusing how to setup a basic webhook.

Can anyone offer up a good guild?

A webhook is just an incoming web endpoint. So you can simply use a pair of http-in/-out nodes to define the endpoint.

However, do you need access from the Internet? If so, you will need to do a load of hardening of your system.

1 Like

Interested in this too. I have local access for the node red, if the http call is from local, what will be the url looks like?

Work though the http endpoints & http requests examples in the cookbook

2 Likes

Depends on the webhook. A webhook call that is initiated from Node-RED that requires a callback URL needs nothing extra, the callback URL can generally be anything, the calling function is redirected to that URL if the external call is successful and so it only needs to be locally accessible.

A webhook that is initiated externally into Node-RED will require access from the originating endpoint to your node-red endpoint. If the external endpoint is across the Internet, you need to start reading about security.

1 Like

Yes, @TotallyInformation what would you recommend for hardening? I did install to Heroku using a per-configured github repo that did add a username and password to the config.

Is there anything else I need to consider?

@Steve-Mcl , Thanks for joining in from my other thread! :slight_smile:

What I'm used to in Huginn is I can make a URL that has a passed URL parameter that is a secret password essentially.

So an example would be like this;

https://huginncdomain.com/users/1/web_requests/195/secretkey

Gentlmen, after looking into this more, one of the problems I was having in Huginn was making a MySQL connection.

It was holding me back from doing some work in Huginn, but what I've noticed is it seems rather easy in Node Red so instead of making a webhook, it would be easier to setup a MySQL Connection to query data and then parse and process.

Have you guys done much of this?

Could you give us some context on what you are trying to achieve ?
influxdb and mysql are common datasources and both are equally simple/hard to connect to/query in node-red.

1 Like

Anything you allow to be connected to over the Internet needs considerable security. Imagine having a house on a busy high-street, decorating the lintels with diamonds and then leaving the door ajar.

There have been lots of threads here on the forum about security, there is also some information in the official documentation and yet more in the cookbook and elsewhere on the Internet.

Really, we need to know a bit more about what you are trying to achieve because there may well be other, easier to implement ways to keep things secure but still allow sufficient access.

1 Like

@bakman2 What I'm trying to do is read our local MySQL file for our Candidate ATS (Application Tracking System). So the query would be run periodically and return all of the active (including the new) people who have applied to our Hiring Form.

Those people would then have a task to check in Camunda if an existing process exists, and if not, launch another task to create start the Camunda Process for Team Onboading.

Does that make sense? If not let me know and I'll try to explain another way.

Basically we are trying to launch a Camunda Workflow process for people who apply for hiring!

@TotallyInformation Yes, I understand. So above is the type of process I want to handle. Essentiall, I'm looking to replace Zapier which is an expensive retail solution. I'm basically typing APIs, Databases and Application together.

Nothing like running Home Automation and devices... YET!!! Haha but that is coming.

I'm sure as I learn Node Red, I'll find a million more uses... :slight_smile:

Where is that running? Do you trigger a workflow from Node-RED? If so, you don't need to expose your Node-RED server to the Internet, all you may need to do is to let it call the Camunda API.

Break the problem down into sections and deal with each.

Firstly, connect Node-RED to your MySQL db and work out how to do the queries, how often you want to do them and so on. Just send the output to debug to begin with. Once you know how to do that, work out from the Camunda API documentation what you need to connect to the API (probably some kind of API key and a URL). Trigger the API manually using test data until you know that it works fine. Then connect the two flows together.

1 Like

@TotallyInformation Last night I setup a Heroku quick install to play, but as we speak I'm installing it on main server that has Camunda running so as you mentioned, no real need to access the outside world.

Though I know one of my next tasks will be to use a Webhook to pass form submits or other external call to Node Red so I'm looking at hardening it from the documentation.

Sounds good.. Thanks for reminding me about the Debug. That is a powerful piece there.

I have all the Camunda API calls already worked out and it is on the same server.

Unfortunately the MySQL is on another hosted server, so I'll still need to harden security.

So once I get my query, what agent would I send that to?

I have most of my API calls worked out in Postman already. I just need to focus on how to replicate in NodeRed.

Thanks again for your time and helping...

So, good news there. Well maybe. Firstly the good bit. You will be reaching out to the MySQL server and pulling data from it. That means that the security focus will mainly be on the MySQL server and not on your Node-RED/Camunda server. All you need to do is allow outbound access from your NR server to the remote MySQL IP address and port number.

The "maybe" is because this assumes that the remote MySQL server is actually correctly secured. But possibly that isn't your problem :slight_smile:

However, you will need to ensure that the MySQL server allows inbound access on the MySQL port number. Personally, I generally recommend three things in terms of configuring the MySQL server:

  1. Only allow encrypted network traffic for MySQL connections. This is absolutely critical. NEVER allow unencrypted traffic of any kind when crossing network boundaries (actually don't allow it even on internal networks).
  2. Configure that server to allow inbound access on a port number that is a random, high number (above 1024). Use port forwarding to forward any requests to the MySQL actual port. This helps reduce automated attacks on well-known ports.
  3. Configure that server to only allow inbound access from specific remote servers. Carefully manage external access to your database. This massively reduces the exposure of that server and the MySQL service to attacks.

On your Node-RED/Camunda server:

  • Get someone to review the configuration of the server and secure it
  • Don't allow any inbound access unless it is necessary
  • Use separate user id's and groups for different services
  • Don't allow login from root user
  • Remove any default user ids, always enforce good password practice or better still, use key based access.
  • Monitor the server 24x7 for signs of intrusion. Have a clear process for what to do if intrusion is discovered
  • Have good, offline backups. Also monitor for very large-scale changes to files (which most likely indicates a drive failure, ransomware or some other nastiness).
  • Change default, well-known inbound IP ports to reduce automated attacks - especially for things like SSH and RDP.
  • Don't run any service that isn't needed
  • Keep everything up-to-date (patching).
  • Follow best-practice security configuration and processes.
  • Don't allow any network communication unless it is encrypted using current strong protocols and well managed certificates and keys.

This is, of course, a list of sensible things to do with ANY server. It is not exhaustive. This is friendly advice, not professional guidance. If in doubt, get a professional to help.

Also note that I've not said anything about securing Node-RED. That is another topic in itself.

2 Likes

Thanks buddy! :slight_smile: Appreciate your time to respond throughly! :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.