Hassio with SSL and Node Red

anon35356645 · January 3, 2018, 4:13pm

it will take me another 3-4 yars before I understand all that buzz

NotoriousBDG · January 3, 2018, 4:21pm

Here is a great blog post that may help.

anon35356645 · January 3, 2018, 4:24pm

my doubts are more on http https letsencrypt, nginx, caddy, port 8123 443, forward router base_url, ssl, tls … I find it extremely confusing

NotoriousBDG · January 3, 2018, 6:11pm

Oh, I thought you were asking about Node-RED since that’s what this topic is about. Since that’s not related to the Node-RED addon, you might be better off creating a new topic.

anon35356645 · January 3, 2018, 9:37pm

can you make the addon work for Intel?

NotoriousBDG · January 3, 2018, 9:57pm

It already works on 64-bit Intel processors…

GGexe · January 26, 2018, 4:21pm

Hey quick question regarding this configuration, under domain name in ngix
do you use this as your config?

domain : “https://xxxxduckdns.org”

NotoriousBDG · January 26, 2018, 4:42pm

Just your domain name by itself.

{
  "domain": "xxxx.duckdns.org",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

budlyte · March 27, 2018, 10:34pm

I would like to through this out concerning connections from inside and outside you router. I have hassio and node red installed on a pi3. I also set up duckdns which allows me to access hassio from outside my home. I opened port 8123 (pin hole) on my router for hassio with dusckdns. node red was not accessible until i also opened port 1880. Ok so I started working with nod red and set up the server in node red as https://myaddress.duckdns.org:8123 (address of my hassio). Set up some basic node red flows and all works great. Was looking around for some help so I imported some node red flows from the web. Import works great but the server that was set up for the imported flows was http://localhost:8123 (forgot to mention I have a password set up for my hassio). Once deployed, open the debug window and get a continuous error that node red can’t connect to the server on http://localhost:8123 because the password was rejected. Deleting the imported flow doesn’t stop the loop. The only way I found to stop the loop was to delete all of the server definitions and re-deploy my original duckdns server on each node in all of the flows. Deleting the one bad flow or even redefining the server in each node of the imported flow doesn’t work.

You have to delete to bad server and re-set the imported flows to your correct server before deploy or you get the continuous loop.

mconnolly · April 15, 2018, 3:07pm

I noticed the same exact behavior after importing some flows yesterday. Thanks for posting the workaround, this is really helpful. I got so frustrated yesterday that I nuked my entire node-red install and started over again from scratch.

Prathik_Gopal · May 13, 2018, 3:02pm

For all having difficulties setting up nodered using HASSIO with Duckdns addon/SSL certs.
Port forward 1880>1880 and set the following. For me the above blog post by @NotoriousBDG was tremendously helpful to understand setup.

Here’s my Nodered addon config

{
  "ssl": true,
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "users": [
    {
      "username": "admin",
      "password": "password",
      "permissions": "*"
    }
  ],
  "http_node_user": [
    {
      "username": "admin",
      "password": "password"
    }
  ],
  "projects": true
}

I have used the complete name and HA password on the node server config which solved the issue with
Cannot GET /homeassistant/entities
27%20PM

> Correction as pointed out below, no port forwarding is needed and the config works even with no password, use this as the server address http://hassio/homeassistant

NotoriousBDG · May 13, 2018, 3:26pm

There is no need to port forward when using SSL anymore. You can just use a hostname of http://hassio/homeassistant in Node-RED with no password, which makes it use the internal API proxy in hassio. That will allow your system to work even if you’re using SSL with a router that doesn’t support NAT loopback.

Prathik_Gopal · May 13, 2018, 3:31pm

@NotoriousBDG - just tried and i confirm that it works without password too. thanks for the awesome addon

metalloid14 · May 20, 2018, 11:34pm

Hi all,

I’ve installed the Node-RED Addon for Hassio and it seems that something went wrong - or, in other words, something I DID got things to go wrong…

On my first attempt, I was not using SSL in the config, so I used the standard config. All seemed to work, so I head up and added the Home Assistant addon to Node-Red on “Manage Palette”.
Again all went ok, and a few minutes later I had the home assistant nodes in the left colunm. Great!!

So, to try it out, I added a call service node to the flow area, edited it and added a new server, with the url of my home assistant, using my hassio ip address and port 8123, along with my password. After that, added an input to triger the call service, and deployed. Nothing seemed to happen. So I looked in the debug tab, and saw the same info, over and over again:

5/20/2018, 10:01:28 PM Home Assistant msg : string[157] "Home assistant connection failed with error: Connection to home assistant could not be established with config: http://192.168.1.11:8123/ "

Something went wrong. So I tried to fix it, and edited the server, to the local hassio url name. Nope, the msg stayed the same.

Hmm… remove all and try again.
Went and did it all again: removed the addon from Home Assistant and added it again after rebooting my Pi.
But, surprise surprise, when I opened again Node-Red, the same flow was there, the one that I added in the first place, before I removed the addon from Home Assistant. And the same msg in the debug tab.

Oh well, so let’s try it another way.
I’ve finally added comunication encription to my Home Assistant server - something I wanted to do for a long time, but never did - and after all finished and working! , I’ve changed the configuration in HA on the Node-RED addon to use SSL, and chaged the server to a new one on Node-RED. Nope, even changing the url to my duckdns url, the same msg appears in the debug tab, so it seems it never updates the server url - or at least, if there’s an error, it tries forever to connect to the bad url…
And I’ve also realized that I added the https url with an error (twice in a row! Wake-up, man!! ) on Node-RED - basically I’ve added the URL with the 8123 port… so now I’ve got two error msgs in the debug tab:

5/20/2018, 11:47:28 PM Home Assistant msg : string[157] "Home assistant connection failed with error: Connection to home assistant could not be established with config: http://192.168.1.11:8123/ "
5/20/2018, 11:47:29 PM HA msg : string[168] "Home assistant connection failed with error: Connection to home assistant could not be established with config: https://urlofmypi.duckdns.org:8123 "

After that, I’ve added another server, now with the right url - no port at the end. And everything is working, finally! But… the old connection errors still exist! Just a quick look at the debug tab and there they are, consecutive tries with 2 second interval. The same two messages, over and over again.

So, my question is: how can I stop these old connections? I tried to disable the nodes, but Node-RED says they’re in use - the server and the api-call-service. And I think those are the ones I have to stop, in order to remove these error messages.

Any thoughts are appreciated!

Thanks!

NotoriousBDG · May 21, 2018, 12:30pm

I recommend using http://hassio/homeassistant instead as mentioned a couple posts up. Another benefit that I didn’t mention before is that it will continue to work even if your internet is down. By using your duckdns address, you’ll likely lose connectivity between Node-RED and Home Assistant when your internet is down.

Click on Configuration nodes in the hamburger menu, double-click on the bad ones, then click Delete. If they show that they’re in use, you’ll need to update all of the nodes in your flows to use the correct config node before you can delete it.

If you want to nuke everything and start over, stop the addon, delete (or rename) /share/node-red, then start the addon.

metalloid14 · June 3, 2018, 10:51am

Only the nuke worked Thanks for your help!

folrewef · April 29, 2019, 10:56am

Hi,

I run hassio on rpi. I am on. version 92.0 (but the problem has been there for some time even before moving to ingress).

When restarting I get a bunch o connection errors:

19-04-29 10:37:04 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize
19-04-29 10:37:04 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered
19-04-29 10:37:04 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused].

Typically I get 7 or more errors. Eventually the error disappears:

19-04-29 10:46:10 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize
19-04-29 10:46:10 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered
19-04-29 10:46:10 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request running
19-04-29 10:46:12 INFO (MainThread) [hassio.homeassistant] Detect a running Home Assistant instance

The main problem is delay to the restart time with approximately 2 minutes.

My config for the add-on is:

{
  "credential_secret": "redacted",
  "dark_mode": false,
  "http_node": {
    "username": "",
    "password": ""
  },
  "http_static": {
    "username": "",
    "password": ""
  },
  "ssl": true,
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "require_ssl": true,
  "system_packages": [],
  "npm_packages": [],
  "init_commands": [],
  "log_level": "info"
}

What can be the problem? Does @NotoriousBDG know?

Thanks for any help