Node-RED
"Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways."
Install
$ sudo apt update
$ sudo su -c "curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -"
$ curl -sL https://deb.nodesource.com/setup_18.x | sudo -E bash -
$ sudo apt-get install -y nodejs build-essential
$ sudo npm install -g --unsafe-perm node-red
$ sudo npm install -g --unsafe-perm pm2
$ sudo npm install bcryptjs
$ pm2 start node-red
$ pm2 save
$ pm2 startup
# Your startup path may differ than mine, please adjust accordingly based on startup output.
$ sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u adminotaur --hp /home/adminotaur
$ sudo systemctl enable pm2-adminotaur.service
$ sudo ufw allow 1880
$ mkdir /home/$USER/.node-red/keys
$ openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout /home/$USER/.node-red/keys/private-ssl.key -out /home/$USER/.node-red/keys/private-ssl.crt -subj "/C=US/ST=Any/L=Anytown/O=decyphertek-io/OU=adminotaur/CN=decyphertek"
$ curl 'https://raw.githubusercontent.com/decyphertek-io/configs/main/settings.js' >> /home/adminotaur/.node-red/settings.js
$ sudo systemctl daemon-reload
$ sudo reboot
# http://<your-instance-ip>:1880/
# Change username & password
# Default username - admin
# Example username - adminotaur
# See Example below.
Secure Node Red - Enabling HTTPS Access and Setting Password
$ node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" your-password-here
# add password hash to settings.js
$ vim /home/$USER/.node-red/settings.js
/** Option 1: static object */
https: {
key: require("fs").readFileSync('/home/$USER/.node-red/keys/privkey.pem'),
cert: require("fs").readFileSync('/home/$USER/.node-red/keys/cert.pem')
},
/** The following property can be used to cause insecure HTTP connections to
* be redirected to HTTPS.
*/
requireHttps: true,
/* The `pass` field is a bcrypt hash of the password.
* See http://nodered.org/docs/security.html#generating-the-password-hash
*/
httpNodeAuth: {user:"adminotaur",pass:"password-hash"},
httpStaticAuth: {user:"adminotaur",pass:"password-hash"},
# Secure Node Red - Editor & Admin API security
adminAuth: {
type: "credentials",
users: [
{
username: "adminotaur",
password: "password-hash",
permissions: "*"
},
{
username: "username",
password: "password-hash",
permissions: "read"
}
]
}
References
https://nodered.org/docs/getting-started/aws#running-on-aws-ec2-with-ubuntu
https://nodered.org/docs/user-guide/runtime/securing-node-red
https://nodered.org/docs/user-guide/runtime/securing-node-red#enabling-https-access
https://nodered.org/docs/user-guide/runtime/securing-node-red#editor--admin-api-security
https://nodered.org/docs/user-guide/runtime/securing-node-red#http-node-security
https://flows.nodered.org/node/node-red-contrib-bcrypt