Configuring an Apache reverse SSL proxy for node-red
Submitted by Peter Galbavy on Fri, 08/04/2016 - 12:43
I haven't really got anywhere else to share this and all the help pages online are for much older versions of node-red than current.
This is not for an emonpi (yet) but for my Ubuntu hosted emoncms server.
I wanted to host node-red on the same URL as emoncms but also wanted SSL/TLS only connections. The problem with node-red (and node.js in general) is the websocket.
This presented a challenge as I have never had to deal with websockets via SSL before. The solution is, fundamentally:
Assuming node-red is set-up to SSL and present itself on a URL starting with https://localhost:1880/nodered, which require some changes to settings.js:
httpRoot: '/nodered',
Then you need to enable your Apache setup to use mod_proxy and all the dependencies (common enough and OS dependent, so google that bit)
Then, in the VirtualHost blcok for the SSL site:
<VirtualHost _default_:443>
...
SSLProxyEngine On
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /nodered/comms wss://localhost:1880/nodered/comms
ProxyPass /nodered https://localhost:1880/nodered
ProxyPassReverse /nodered/comms wss://localhost:1880/nodered/comms
ProxyPassReverse /nodered https://localhost:1880/nodered
...
The difference to other on-line guides I have found, is what used to be /debug and /debug/ws is now rooted under /comms but there is no mention of this on-line.
The above assumes node-red is running on the same host, hence the use of locahost. The other thing that took ages was that secure websockets needs a wss: at the start of the URL, not ws:
Configuring an Apache reverse SSL proxy for node-red
Submitted by Peter Galbavy on Fri, 08/04/2016 - 12:43I haven't really got anywhere else to share this and all the help pages online are for much older versions of node-red than current.
This is not for an emonpi (yet) but for my Ubuntu hosted emoncms server.
I wanted to host node-red on the same URL as emoncms but also wanted SSL/TLS only connections. The problem with node-red (and node.js in general) is the websocket.
This presented a challenge as I have never had to deal with websockets via SSL before. The solution is, fundamentally:
Assuming node-red is set-up to SSL and present itself on a URL starting with https://localhost:1880/nodered, which require some changes to settings.js:
httpRoot: '/nodered',Then you need to enable your Apache setup to use mod_proxy and all the dependencies (common enough and OS dependent, so google that bit)
Then, in the VirtualHost blcok for the SSL site:
<VirtualHost _default_:443> ... SSLProxyEngine On ProxyPreserveHost On ProxyRequests Off ProxyPass /nodered/comms wss://localhost:1880/nodered/comms ProxyPass /nodered https://localhost:1880/nodered ProxyPassReverse /nodered/comms wss://localhost:1880/nodered/comms ProxyPassReverse /nodered https://localhost:1880/nodered ...The difference to other on-line guides I have found, is what used to be /debug and /debug/ws is now rooted under /comms but there is no mention of this on-line.
The above assumes node-red is running on the same host, hence the use of locahost. The other thing that took ages was that secure websockets needs a wss: at the start of the URL, not ws: