sudo apt-get update
sudo apt-get upgrade
Install NODE.js and npm
sudo apt-get install nodejs-legacy
node -v
sudo apt-get install npm
npm -v
optional to upgrade npm:
sudo npm install -g npm
Install node RED
sudo npm install -g --unsafe-perm node-red node-red-admin
If need external access add port forward at 1880
sudo ufw allow 1880
reference:
http://nodered.org/docs/getting-started/installation.html
https://www.digitalocean.com/community/tutorials/how-to-connect-your-internet-of-things-with-node-red-on-ubuntu-16-04
Secure node red access
sudo gedit .node-red/settings.js
uncomment:
adminAuth:{
type: "credentials",
users: [{
username: "admin",
password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
permissions: "*"
}]
},
generate hash pw with:
node-red-admin hash-pw
Reference :
http://nodered.org/docs/security.html
Secure dash UI access
sudo gedit .node-red/settings.js
uncomment:
httpNodeAuth: {user:"user",pass:"$$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."},
generate hash pw with:
node-red-admin hash-pw
reference:
https://github.com/node-red/node-red-dashboard/blob/master/README.md
http://nodered.org/docs/security.html
SSL & Let’s encrypt on ddns acount
port forward on your router to your local ip computer where you run node-red: refer to your router user manual
install light web server if you don’t have one installed (need only to setup let’encrypt cert) NB: you can use also ngix proxy solution see below)
sudo apt-get install lighttpd
sudo lighttpd-enable-mod userdir
sudo service lighttpd reload
certboot install:
sudo apt-get install letsencrypt
var/www/html/ with the proper dir of your installed server and yoursite.ddns.net with your site
sudo letsencrypt certonly --webroot -w /var/www/html/ -d yoursite.ddns.net
result must be somethin like this:
admin@yourcomputer ~ $ sudo letsencrypt certonly --webroot -w /var/www/html/ -d yoursite.ddns.net
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/yoursite.ddns.net/fullchain.pem.
Your cert will expire on 2017-05-06. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
the cert are stored at:
su
cd /etc/letsencrypt/live/yoursite.ddns.net/
ls -l
result:
lrwxrwxrwx 1 root root 50 Feb 5 20:05 cert.pem -> ../../archive/yoursite.ddns.net/cert1.pem
lrwxrwxrwx 1 root root 51 Feb 5 20:05 chain.pem -> ../../archive/yoursite.ddns.net/chain1.pem
lrwxrwxrwx 1 root root 55 Feb 5 20:05 fullchain.pem -> ../../archive/yoursite.ddns.net/fullchain1.pem
lrwxrwxrwx 1 root root 53 Feb 5 20:05 privkey.pem -> ../../archive/yoursite.ddns.net/privkey1.pem
cd ../../archive/yoursite.ddns.net/
or
cd /etc/letsencrypt/archieve/yoursite.ddns.net/
copy cert1.pem privkey1.pem to your .node-red directory
on settings.js uncomment
...
},
https: {
key: fs.readFileSync('privkey1.pem'),
cert: fs.readFileSync('cert1.pem')
},
...
and
var fs = require(‘fs’);
add cron to renew your cert:
test if renew work
letsencrypt renew --dry-run --agree-tos
add in cron (see reference)
letsencrypt renew
reference:
Securing Node-RED
http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener
https://certbot.eff.org/#ubuntuxenial-other
https://help.ubuntu.com/community/lighttpd
http://www.howtogeek.com/101288/how-to-schedule-tasks-on-linux-an-introduction-to-crontab-files/
Proxy with NGInX
( if need to uninstall lighttpd this also stop service)
sudo apt-get purge --auto-remove lighttpd
sudo apt-get clean
check if lighthttp is stoped
service --status-all
reboot
install NGInX
sudo apt-get update
sudo apt-get install nginx
Reference:
https://www.digitalocean.com/community/tutorials/how-to-connect-your-internet-of-things-with-node-red-on-ubuntu-16-04
https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04