Non categorizzato

mosquitto install on ubuntu

sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa
sudo apt-get update
sudo apt-get install mosquitto
sudo apt-get install mosquitto-clients


sudo /etc/init.d/mosquitto start



Install Mosquitto MQTT Broker on Ubuntu 16.04 LTS (Xenial Xerus)

config: /etc/mosquitto/mosquitto.conf

sudo gedit /etc/mosquitto/mosquitto.conf

add on mosquitto.conf file:
allow_anonymous false

add user:
generate the pw file with:

sudo mosquitto_passwd -c /etc/mosquitto/pwfile username

add more users

sudo mosquitto_passwd /etc/mosquitto/pwfile guest



activate SSL


MQTT Mosquitto broker with SSL/TLS transport security

Non categorizzato

install node red on ubuntu or variant + setup secure

sudo apt-get update
sudo apt-get upgrade


Install NODE.js and npm

sudo apt-get install nodejs-legacy
node -v
sudo apt-get install npm
npm -v

optional to upgrade npm:

sudo npm install -g npm

Install node RED

sudo npm install -g --unsafe-perm node-red node-red-admin

If need external access add port forward at 1880

sudo ufw allow 1880


Secure node red access

sudo gedit .node-red/settings.js


type: "credentials",
users: [{
username: "admin",
password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
permissions: "*"

generate hash pw with:

node-red-admin hash-pw

Reference :

Secure dash UI access

sudo gedit .node-red/settings.js


httpNodeAuth: {user:"user",pass:"$$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."},

generate hash pw with:

node-red-admin hash-pw


SSL & Let’s encrypt on ddns acount

port forward on your router to your local ip computer where you run node-red: refer to your router user manual

install light web server if you don’t have one installed (need only to setup let’encrypt cert) NB: you can use also ngix proxy solution see below)

sudo apt-get install lighttpd
sudo lighttpd-enable-mod userdir
sudo service lighttpd reload

certboot install:

sudo apt-get install letsencrypt

var/www/html/ with the proper dir of your installed server and with your site

sudo letsencrypt certonly  --webroot -w /var/www/html/ -d

result must be somethin like this:

[email protected] ~ $ sudo letsencrypt certonly --webroot -w /var/www/html/ -d

- Congratulations! Your certificate and chain have been saved at
Your cert will expire on 2017-05-06. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:
Donating to EFF:

the cert are stored at:

cd /etc/letsencrypt/live/
ls -l


lrwxrwxrwx 1 root root 50 Feb  5 20:05 cert.pem -> ../../archive/
lrwxrwxrwx 1 root root 51 Feb  5 20:05 chain.pem -> ../../archive/
lrwxrwxrwx 1 root root 55 Feb  5 20:05 fullchain.pem -> ../../archive/
lrwxrwxrwx 1 root root 53 Feb  5 20:05 privkey.pem -> ../../archive/

cd ../../archive/


cd /etc/letsencrypt/archieve/

copy cert1.pem privkey1.pem to your .node-red directory

on settings.js uncomment

https: {
  key: fs.readFileSync('privkey1.pem'),
  cert: fs.readFileSync('cert1.pem')


var fs = require(‘fs’);

add cron to renew your cert:
test if renew work

letsencrypt renew --dry-run --agree-tos

add in cron (see reference)

letsencrypt renew


Securing Node-RED


Proxy with NGInX

( if need to uninstall lighttpd this also stop service)

sudo apt-get purge --auto-remove lighttpd
sudo apt-get clean

check if lighthttp is stoped

service --status-all


install NGInX

    sudo apt-get update
    sudo apt-get install nginx