NodeRED in http

[Quentin DESBOIS]

Hi everyone.

My project is to develop an Android tablet app that send the request (GET or POST) to Multiconnect conduit.
On NodeRED, I created HTTP IN node, but request use HTTPS protocol.

I fail to use https request with Android because the certificate is self-signed. So I try to solve the problem by the other way, which is use NodeRED on http (not https).

I success to use http for manager on port 80, but not with port 1880. As I saw in lighttpd config file, Multiconnect use stunnel for redirection.

Do you have any solution ?

Thank you.

[Jeff Hatch]

Quentin,

The stunnel listen on port 1880 is redirecting to port 1881 localhost for the Node-RED admin login. We have found that the HTTPS login to Node-RED uses up significant memory, so we redirect port 1880 connections to Node-RED to localhost 1881. That way there is support for HTTPS to the Conduit for logging into Node-RED. At this time there is no easy way to change this. You will probably have to use a different port, possibly 8080 or something like that.

Jeff

[Quentin DESBOIS]

Thank you Jeff ! 🙂

So can you tell me what I have to do ?
Which files I need to edit ? stunnel config file ? lighttpd file ? node-red setting.js ?

I’m lost 🙁

[Jeff Hatch]

Quentin,

You can try editing the /etc/stunnel.conf and changing the accept = 1880 to accept = and see if that works (I think it should but haven’t tested it).

Remember, Node-RED, by default, listens to port 1880, but as you may know, that is modifiable by changing the uiPort in either settings.js or in the Node-RED module itself. However, right now on Conduit the settings.js is not modifiable (changes won’t persist because an administrative app.py script overwrites it every time Node-RED starts). In the upcoming release 1.2.x the settings.js will be left alone and the user will be able to modify it and not worry about it being overwritten.

In the future we may also make the listen port for the Node-RED connection configurable.

Jeff

[Quentin DESBOIS]

Ok thanks for response.

I modified :

• /opt/node-red/settings.js : uiPort : 8080
• /etc/stunnel.conf : accept: 8080, connect:127.0.0.1:8081, connect :127.0.0.1:8082
• /var/config/app/install/development/settings.js : uiPort : 8081

But as you said, when i reboot, the last file ‘/var/config/app/install/development/settings.js’ go back to the default parameters with uiPort : 1881 …

Nothing seems to work …

I’m going to try to run a NodeJS service on port 1337 or 3000 instead of using NodeRED. I saw that NPM is not functional in the last firmware version … I hope the upcomming release will be available soon.

[Jeff Hatch]

Quentin,

You should leave the localhost port that Node-RED is listening on as 1881 and just modify the stunnel.conf accept port from 1880 to 8080. Leave stunnel redirecting to 127.0.0.1:1881. This will free up 1880 on the external interface while still using the same port on localhost for Node-RED. That way you won’t have to touch settings.js.

On the npm front, we have a version of AEP 1.1.2 that has npm added back in that you can request. You will need to make a portal request, and we can make that firmware available to you. The only change it has in it from the 1.1.2 firmware is the re-addition of npm.

Jeff

[Quentin DESBOIS]

Jeff,

I try to set 8080 instead of 1880 and leave other parameters 1881 and 1882, but it seems it doesn’t work.

Do I need to set up my firewall ? Each time I change a parameters of firewall port, I can’t connect to SSH after it . So I have to hard reset my Multiconnect.
What is the best solution ?

Yestderay, I try to bypass my issue using NodeJS to run a server on 1337 but I can’t request it from other computer in my local network … problem of firewall ?
(PS: I success to read/download my web page from my multitech (through SSH) with : wget http://localhost:1337/)

Concerning NPM on AEP 1.1.2, I don’t understand … (sorry I’m french ^^). You offered me to get a custom version of the firmware including NPM package ?

Thank you 🙂

[Jeff Hatch]

Quentin,

You are correct that you will need to add an INPUT rule for port 8080. I am not sure how the SSH is getting blocked. Are you trying to access the Conduit through the WAN interface?

I think that the same problem with the firewall rules not permitting port 1337 using a NodeJS server may also be blocking you on the Conduit.

As for NPM, yes we have custom AEP 1.1.2 firmware with only npm added back in. The bitbake recipes changed for the NodeJS package and the npm utility got separated out into it’s own recipe. We did not realize that until too late. If you file a portal case with support.multitech.com and request the AEP 1.1.2 firmware with npm added, we will get you a download of the firmware.

Jeff

[Quentin DESBOIS]

I only use LAN interface. Each time I set up my firewall with HTTP interface, I’m getting blocked with SSH/HTTP. So I do not use firewall interface anymore.

So, to open my port, I write command line :
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1337 -j ACCEPT

The main problem is I need to write it on each boot. Can you explain me how ‘firewall’ command-line program works ? I saw firewall –init command on startup.

For the custom AEP version, Thank you, but finally I success to run my server on 1337 with NodeJS, and I redirect my request HTTP:1337 -> HTTPS:1880.
I will be patient to get the next stable firmware with NPM.

[Jeff Hatch]

Quentin,

The “firewall –init” is a utility that creates a default set of rules that allow incoming connections for SSH and HTTP(s), along with DHCP and DNS. Also, it creates default forward rules to allow RELATED and ESTABLISHED forward connections. All output on the LAN and WAN is pretty much wide open.

There is a default rule that you can enable in the UI that should allow any incoming connection on the LAN on ports 1024 – 65535. You shouldn’t have to create a new rule. If this doesn’t help let me know. I think the best place to add your custom rule would be in the /etc/init.d/firewall script right after the firewall –init line. This modification will get overwritten any time you reflash the firmware.

Jeff

[Quentin DESBOIS]

Ok thank you Jeff,

I will try to set up firewall using the UI, but as you may see on my other post in this forum, I’m a little bit stuck with my multiconnect.

However, as you write and advice me, I have added my rule line in init.d/firewall juste after the firewall –init line. But I didn’t have time to see if it works.

Thank you 🙂

[vqa nguyen]

Hi Quentin, i think i have the same issue. Can you please tell me how to make NodeRED work on http (not https) ? Thank you so much.

[Author]

Posts