Configuring an Apache reverse SSL proxy for node-red

I haven't really got anywhere else to share this and all the help pages online are for much older versions of node-red than current.

This is not for an emonpi (yet) but for my Ubuntu hosted emoncms server.

I wanted to host node-red on the same URL as emoncms but also wanted SSL/TLS only connections. The problem with node-red (and node.js in general) is the websocket.

This presented a challenge as I have never had to deal with websockets via SSL before. The solution is, fundamentally:

Assuming node-red is set-up to SSL and present itself on a URL starting with https://localhost:1880/nodered, which require some changes to settings.js:

     httpRoot: '/nodered',

Then you need to enable your Apache setup to use mod_proxy and all the dependencies (common enough and OS dependent, so google that bit)

Then, in the VirtualHost blcok for the SSL site:

​    <VirtualHost _default_:443>
        SSLProxyEngine On
        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass /nodered/comms wss://localhost:1880/nodered/comms
        ProxyPass /nodered https://localhost:1880/nodered
        ProxyPassReverse /nodered/comms wss://localhost:1880/nodered/comms
        ProxyPassReverse /nodered https://localhost:1880/nodered​

The difference to other on-line guides I have found, is what used to be /debug and /debug/ws is now rooted under /comms but there is no mention of this on-line.

The above assumes node-red is running on the same host, hence the use of locahost. The other thing that took ages was that secure websockets needs a wss: at the start of the URL, not ws: