Current version: https://blog.digitaloak.it/en/posts/docker-run-node-red-with-mounted-data-and-node-red-folders/
Create docker network if it doesn't exist
docker network create --driver bridge digitaloak --subnet 172.30.0.0/16
- Run Node-RED container, copy folders, remove and run it again with mounted folders
docker run -d -ti \ --name node-red \ --restart always \ -p 8080:1880 \ nodered/node-red:latest sleep 5 docker cp -a -L node-red:/data /home/ec2-user/environment docker cp -a -L node-red:/usr/src/node-red /home/ec2-user/environment docker rm -f node-red docker run -ti -d \ --name node-red \ --hostname node-red \ --mount type=bind,source=/home/ec2-user/environment/data,target=/data \ --mount type=bind,source=/home/ec2-user/environment/node-red,target=/usr/src/node-red \ --restart always \ --net digitaloak \ --ip 172.30.0.11 \ -p 8080:1880 \ nodered/node-red:latest
- Change container user UID and GID (to 501 if you are running Amazon Linux)
docker exec -ti -u root node-red bash echo http://dl-2.alpinelinux.org/alpine/latest-stable/community/ >> /etc/apk/repositories apk --no-cache add shadow usermod -u 501 node-red groupmod -g 501 node-red find / -user 1000 -exec chown -h node-red {} \; find / -group 1000 -exec chgrp -h node-red {} \; exit
- Restart Node-RED container
docker restart node-red
If you running it via Cloud9, you can "Preview Running Application" to open NR in browser.
Secure with self-signed certificate
If you are using NR via Cloud9 "Preview Running Application", communication is secured but if you enabled it to be available outside, you may want to enable SSL.
- Create folder /data/ssl inside NR container (in C9 it will be ~/environment/data/ssl)
mkdir ~/environment/data/ssl cd ~/environment/data/ssl
- Generate private key, CSR (fill interactive form) and certificate
openssl genrsa -out pkey.pem 2048 openssl req -new -sha256 -key pkey.pem -out csr.pem
openssl x509 -req -in csr.pem -signkey pkey.pem -out cert.pem
- Enable SSL in config /data/settings.js inside NR containers (in c9 it will be ~/environment/data/settings.js).
Uncomment and make changes as below:https: function() { // This function should return the options object, or a Promise // that resolves to the options object return { key: require("fs").readFileSync('/data/ssl/pkey.pem'), cert: require("fs").readFileSync('/data/ssl/cert.pem') } },
requireHttps: true,
- Restart con tainer
docker restart node-red
Now communication is secured.
If you running it via C9, "Preview Running Application" will not work, I don't know why but if you decided to secure it, you probably using NR from outside, so you can access it via EC2 public domain name using "https" protocol and port "8080" (or other you have opened).
Enable Authentication
Secure access to your NR instance.
- Uncomment adminAuth section in config /data/settings.js inside NR containers (in c9 it will be ~/environment/data/settings.js).
adminAuth: { type: "credentials", users: [{ username: "admin", password: "$2b$08$MOZq3wGebVKU.AFpVGBO7.8PSWy9GG.VUgNXR8f8EEdQccFQw5gHS", permissions: "*" }] },
- Enter into container
docker exec -ti node-red bash
- Generate password for admin
/usr/src/node-red/node_modules/.bin/node-red admin hash-pw
- Replace password (command output) for admin
- Exit from container
exit
- Restart container
docker restart node-red
You can set permissions to:
- * - full access
- read - read only access
More to read here: https://nodered.org/docs/user-guide/runtime/securing-node-red
Enable Projects (git support)
You can track changes by enabling Projects feature.
- Edit /data/settings.js inside container (in C9 /home/ec2-user/environment/data/settings.js), change value for "editorTheme" > "projects" > "enabled" from "false" to "true".
editorTheme: { projects: { // To enable the Projects feature, set this value to true enabled: true } }
- Restart container
docker restart node-red
Video (steps visualisation)
Video is also available on d.tube
Forum
Thanks to
- Steve's Internet Guide for an article: http://www.steves-internet-guide.com/securing-node-red-ssl/
In article Create development environment for container-based applications using AWS Cloud9 (Node-RED example you can read more about running Node-RED.