User Rating: 0 / 5

How to set Node-red SSL with Letsencrypt Certificate on Ubuntu GCP

Generate a certificate with certbot command

ถ้ามี Certificate ที่ใช้กับ Domain นั้นอยู่ก็ข้ามไป Copy file ได้เลย To generate the certificate run the following command.

Copy the certificate files to the .node-red folder

This will cause a breaking change every 3 months when the certificate renews, so you will need a cron job for this.

cd ~/.node-red
mkdir ssl
sudo cp /etc/letsencrypt/live/nodered.example.com/privkey.pem /home/$USER/.node-red/ssl/privkey.pem
sudo cp /etc/letsencrypt/live/nodered.example.com/fullchain.pem /home/$USER/.node-red/ssl/fullchain.pem
sudo chmod 644 ~/.node-red/ssl/privkey.pem

Add the certificate to settings.js

With the certificates obtained edit ~/.node-red/settings.js and make the following changes:

Uncomment the following line

# From
//var fs = require("fs)

# To
var fs = require("fs)

Enable HTTPS by un-commenting and updating the https block

# From
    //https: {
    //    key: fs.readFileSync('privatekey.pem'),
    //    cert: fs.readFileSync('certificate.pem')
    //},

    // The following property can be used to cause insecure HTTP connections to
    // be redirected to HTTPS.
    //requireHttps: true,

# To
    https: {
        key: fs.readFileSync('.node-red/ssl/privkey.pem'),
        cert: fs.readFileSync('.node-red/ssl/fullchain.pem')
    },

    // The following property can be used to cause insecure HTTP connections to
    // be redirected to HTTPS.
    requireHttps: true,

Restart the nodered service to make the change active

sudo service nodered restart

Now you won’t be able to access http://ip:1880 or http://hostname:1880. Accessing https://hostname:1880 should present the login screen.

Source: https://blog.agood.cloud/posts/2019/12/10/node-red-secure-installation/