How to set Node-red SSL with Letsencrypt Certificate on Ubuntu GCP
Generate a certificate with certbot command
ถ้ามี Certificate ที่ใช้กับ Domain นั้นอยู่ก็ข้ามไป Copy file ได้เลย To generate the certificate run the following command.
Copy the certificate files to the .node-red folder
This will cause a breaking change every 3 months when the certificate renews, so you will need a cron job for this.
cd ~/.node-red
mkdir ssl
sudo cp /etc/letsencrypt/live/nodered.example.com/privkey.pem /home/$USER/.node-red/ssl/privkey.pem
sudo cp /etc/letsencrypt/live/nodered.example.com/fullchain.pem /home/$USER/.node-red/ssl/fullchain.pem
sudo chmod 644 ~/.node-red/ssl/privkey.pem
Add the certificate to settings.js
With the certificates obtained edit ~/.node-red/settings.js
and make the following changes:
Uncomment the following line
# From //var fs = require("fs) # To var fs = require("fs)
Enable HTTPS by un-commenting and updating the https block
# From
//https: {
// key: fs.readFileSync('privatekey.pem'),
// cert: fs.readFileSync('certificate.pem')
//},
// The following property can be used to cause insecure HTTP connections to
// be redirected to HTTPS.
//requireHttps: true,
# To
https: {
key: fs.readFileSync('.node-red/ssl/privkey.pem'),
cert: fs.readFileSync('.node-red/ssl/fullchain.pem')
},
// The following property can be used to cause insecure HTTP connections to
// be redirected to HTTPS.
requireHttps: true,
Restart the nodered
service to make the change active
sudo service nodered restart
Now you won’t be able to access http://ip:1880 or http://hostname:1880. Accessing https://hostname:1880 should present the login screen.
Source: https://blog.agood.cloud/posts/2019/12/10/node-red-secure-installation/