Run Docker Node-RED with mounted "data" and "node-red" folders

Current version: https://blog.digitaloak.it/en/posts/docker-run-node-red-with-mounted-data-and-node-red-folders/

Create docker network if it doesn't exist

docker network create --driver bridge digitaloak --subnet 172.30.0.0/16

1. Run Node-RED container, copy folders, remove and run it again with mounted folders

   docker run -d -ti \
   --name node-red \
   --restart always \
   -p 8080:1880 \
   nodered/node-red:latest
   sleep 5
   docker cp -a -L node-red:/data /home/ec2-user/environment 
   docker cp -a -L node-red:/usr/src/node-red /home/ec2-user/environment 
   docker rm -f node-red 
   docker run -ti -d \
   --name node-red \
   --hostname node-red \
   --mount type=bind,source=/home/ec2-user/environment/data,target=/data \
   --mount type=bind,source=/home/ec2-user/environment/node-red,target=/usr/src/node-red \
   --restart always \
   --net digitaloak \
   --ip 172.30.0.11 \
   -p 8080:1880 \
   nodered/node-red:latest
   

2. Change container user UID and GID (to 501 if you are running Amazon Linux)

   docker exec -ti -u root node-red bash
   echo http://dl-2.alpinelinux.org/alpine/latest-stable/community/ >> /etc/apk/repositories 
   apk --no-cache add shadow 
   usermod -u 501 node-red 
   groupmod -g 501 node-red 
   find / -user 1000 -exec chown -h node-red {} \;
   find / -group 1000 -exec chgrp -h node-red {} \;
   exit
   

3. Restart Node-RED container

   docker restart node-red
   

If you running it via Cloud9, you can "Preview Running Application" to open NR in browser.

Secure with self-signed certificate

If you are using NR via Cloud9 "Preview Running Application", communication is secured but if you enabled it to be available outside, you may want to enable SSL.

1. Create folder /data/ssl inside NR container (in C9 it will be ~/environment/data/ssl)

   mkdir ~/environment/data/ssl
   cd ~/environment/data/ssl
   

2. Generate private key, CSR (fill interactive form) and certificate

   openssl genrsa -out pkey.pem 2048
   openssl req -new -sha256 -key pkey.pem -out csr.pem
   

   openssl x509 -req -in csr.pem -signkey pkey.pem -out cert.pem
   

3. Enable SSL in config /data/settings.js inside NR containers (in c9 it will be ~/environment/data/settings.js).
   Uncomment and make changes as below:

       https: function() {
           // This function should return the options object, or a Promise
           // that resolves to the options object
           return {
               key: require("fs").readFileSync('/data/ssl/pkey.pem'),
               cert: require("fs").readFileSync('/data/ssl/cert.pem')
           }
       },
   

       requireHttps: true,
   

4. Restart con tainer

   docker restart node-red
   

Now communication is secured.
If you running it via C9, "Preview Running Application" will not work, I don't know why but if you decided to secure it, you probably using NR from outside, so you can access it via EC2 public domain name using "https" protocol and port "8080" (or other you have opened).

Enable Authentication

Secure access to your NR instance.

1. Uncomment adminAuth section in config /data/settings.js inside NR containers (in c9 it will be ~/environment/data/settings.js).

       adminAuth: {
           type: "credentials",
           users: [{
               username: "admin",
               password: "$2b$08$MOZq3wGebVKU.AFpVGBO7.8PSWy9GG.VUgNXR8f8EEdQccFQw5gHS",
               permissions: "*"
           }]
       },
   

2. Enter into container

   docker exec -ti node-red bash
   

3. Generate password for admin

   /usr/src/node-red/node_modules/.bin/node-red admin hash-pw
   

4. Replace password (command output) for admin
5. Exit from container

   exit
   

6. Restart container

   docker restart node-red
   

You can set permissions to:

• * - full access
• read - read only access

More to read here: https://nodered.org/docs/user-guide/runtime/securing-node-red

Enable Projects (git support)

You can track changes by enabling Projects feature.

1. Edit /data/settings.js inside container (in C9 /home/ec2-user/environment/data/settings.js), change value for "editorTheme" > "projects" > "enabled" from "false" to "true".

       editorTheme: {
           projects: {
               // To enable the Projects feature, set this value to true
               enabled: true
           }
       }
   

2. Restart container

   docker restart node-red
   

Video (steps visualisation)

Video is also available on d.tube

Forum

• https://support.digitaloak.it/index.php?/forums/topic-details/https-blog-digitaloak-it-en-posts-docker-run-node-red-with-mounted-data-and-node-red-folders-

Thanks to

• Steve's Internet Guide for an article: http://www.steves-internet-guide.com/securing-node-red-ssl/

In article Create development environment for container-based applications using AWS Cloud9 (Node-RED example you can read more about running Node-RED.