Is there a sensible way to secure a publicly-exposed Webhook or Web Socket node using inbuilt tools or add-ons without using a third party service (eg: Webhook Relay), or is a local secure proxy (eg: Nginx) the way to go?
Any good writeups for setting things up?
Thanks.
I generally recommend using a proxy as the main part of such a solution. It is mostly easier and safer to correctly configure.
However, a 3rd-party intermediate service such as Cloudflare zero-trust can be better if your security skills are limited.
Just note that security websocket connections properly is somewhat more involved than securing HTTPS connections. This is because it isn't easy to have time limited sessions. Once the initial HTTPS handshake has finished and the user connection upgrades to WSS, you no longer have access to custom headers which is where you normally handle secure tokens for tracking sessions. So you may need to add the data to each message. If using Socket.IO rather than simple websockets, it has some additional features that let you include additional security data in the connection data.
I would 100% recommend using a cloudflare tunnel for your use-case as @TotallyInformation suggests. It's free, it's easy to setup and deals with http and ws perfectly well.
This is an old video showing how to expose node-red dashboard, although today is easier to configure the whole thing using cloudflare's UI:
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy