Dear Armin,
i am trying to build a little webservice witch can recive XML data from clients using the "http in"-Node and the POST methode. On my normal Raspberry Pi the flow is doing its job but when it transfer it on my netPi i can not recive any messages.
Code: [{"id":"8a45d1e1.5db92","type":"http response","z":"e69b5c9f.49237","name":"","statusCode":"200","headers":{},"x":560,"y":120,"wires":[]},{"id":"85a4eae3.9ec5a8","type":"debug","z":"e69b5c9f.49237","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","x":550,"y":80,"wires":[]},{"id":"94321f38.1215a","type":"xml","z":"e69b5c9f.49237","name":"xml to obj","property":"payload","attr":"","chr":"","x":280,"y":80,"wires":[["85a4eae3.9ec5a8","7655a6d0.106238"]]},{"id":"7655a6d0.106238","type":"change","z":"e69b5c9f.49237","name":"empty","rules":[{"t":"set","p":"payload","pt":"msg","to":"\"\"","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":430,"y":120,"wires":[["8a45d1e1.5db92"]]},{"id":"1e25b534.f6a0cb","type":"http in","z":"e69b5c9f.49237","name":"","url":"/test","method":"post","upload":false,"swaggerDoc":"","x":120,"y":80,"wires":[["94321f38.1215a"]]}]
Dose that maybe have something to do with a missing certificate?
kind regards,
Daniel
Hello Daniel,
can you please tell me which container you are using?
Thx
Armin
„You never fail until you stop trying.“, Albert Einstein (1879 - 1955)
(June-18th-2020, 12:47 PM)Armin@netPI Wrote: Hello Daniel,
can you please tell me which container you are using?
Thx
Armin
Oh sorry i forgot: hilschernetpi/netpi-nodered
June-18th-2020, 01:33 PM
(This post was last modified: June-18th-2020, 08:40 PM by Armin@netPI.)
Well isn't it true that the "http in"-Node is using the port 80 for HTTP and port 443 for HTTPS to give external applications access from outside to the Node-RED node?
But both ports are already occupied by the netPI web user interface you are using to configure netPI basic settings.
You need to reconfigure these two occupied ports away from 80 and 443 in the menu System > Port Settings.
But after you have done this please keep in mind that the web access to netPI web pages of netPI are not longer accessible at https://<netPI address:443> but at your port you have reconfigured. It happens sometimes you have forgotton that you changed it and are wondering why netPI is apparantly no longer "working" by mistake ... but is still ... under a different port.
Thx
Armin
„You never fail until you stop trying.“, Albert Einstein (1879 - 1955)
The “http in”-Node runs inside the Node-Red instance and is reachable at port 1880 with any kind of / e.g. http://localhost:1880/test (see https://cookbook.nodered.org/http/create...p-endpoint)
I found out that it must be some issue with the HTTPS certificate. I set up the example form the link above and then tried to access it using the program curl.
Below is what I got:
Curl with certificate check
Code: curl -u admin:password https://192.168.75.12:1880/test
curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - Die Zertifikatkette wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt.
Curl without certificate check
Code: curl -u admin:password https://192.168.75.12:1880/test -k
<html>
<head></head>
<body>
<h1>Hello World!</h1>
</body>
</html>
So, my question would be how can i set up the HTTPS certificate for the Node-Red container?
kind regards,
Daniel
June-18th-2020, 09:09 PM
(This post was last modified: February-16th-2021, 06:42 PM by Armin@netPI.)
Ok I see. This was a good hint. I have not been working so far with the HTTP In Node, but now I know what is happening.
The implementation of our containerized Node-RED uses the HTTPS secured method to get accessible securely. In general the Node-RED "settings.js" configuration file located here /root/.node-red/ has a special area where you can configure HTTPS and enable it. The procedure is described for examole on this web page: https://notenoughtech.com/home-automatio...o-nodered/
What I see in the source code of the Node-RED container's build file at https://github.com/HilscherAutomation/ne...Dockerfile is that the lines 98 to 110 are taking care of the settings.js file modification to enable HTTPS handling and also the generation of a self signed certificate and keys.
All relevant files are created in the container folder /root/.node-red/certs. The CA file, the private and the public key. The most relevant file for you is the /root/.node-red/certs/node-cert.pem file. This file is needed on your remote machine to tell it to trust the HTTPS site of this Node-RED instance. It is a text file and you can copy and paste its contents to a cert file on your remove machine and include it in the trusted list of certificates.
I see the following possibilities:
a.) You could use netPIs Docker web UI and click on the running container and use the embedded console function to "jump" into the container and output the /root/.node-red/certs/node-cert.pem file on the screen using the Linux command "cat /root/.node-red/certs/node-cert.pem". Then you can copy the content.
b.) You could fork the container's source code and remove the lines from 98 to 110 and the Node-RED will not more be secured during containers build process. I don't know how familiar you are with building your own container image.
c.) You could call the curl command with the option "-k" to let it trust also untrusted self signed certificates
Thx
„You never fail until you stop trying.“, Albert Einstein (1879 - 1955)
June-18th-2020, 09:27 PM
(This post was last modified: June-18th-2020, 09:44 PM by Armin@netPI.)
I took a chance to extract the node-cert.pem file for you from the latest hilschernetpi/netpi-nodered:1.5.4 image tag
Here it is:
Code: -----BEGIN CERTIFICATE-----
MIIDozCCAosCFHukf3Y7ZwMrCLeuM6ZkGjar+J8GMA0GCSqGSIb3DQEBCwUAMIGN
MQswCQYDVQQGEwJERTEPMA0GA1UECAwGSGVzc2VuMRQwEgYDVQQHDAtIYXR0ZXJz
aGVpbTERMA8GA1UECgwISGlsc2NoZXIxETAPBgNVBAsMCEhpbHNjaGVyMQ4wDAYD
VQQDDAVteW93bjEhMB8GCSqGSIb3DQEJARYSbXlvd25AaGlsc2NoZXIuY29tMB4X
DTIwMDYxMTEwNDM1OFoXDTIwMDcxMTEwNDM1OFowgY0xCzAJBgNVBAYTAkRFMQ8w
DQYDVQQIDAZIZXNzZW4xFDASBgNVBAcMC0hhdHRlcnNoZWltMREwDwYDVQQKDAhI
aWxzY2hlcjERMA8GA1UECwwISGlsc2NoZXIxDjAMBgNVBAMMBW15b3duMSEwHwYJ
KoZIhvcNAQkBFhJteW93bkBoaWxzY2hlci5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDN4/eS16elzg14hQvGIGVFSgta2HO/mcZOSDxDH4PGy6TJ
X7cDKGKuu9BtNCN10RtG2/+nWoRisHz17E1s1HmHRgA4vVd0Q8uK1V1+vR6WmZXl
T2fXSeaRE4bWpJ9K+1YywTPOFsVwIs72jNMRo/eGHiZZhNrHuh19yY4q1nOejSa8
0sC4rcNV3UNUavRZyP8c02Ow+D8IycRhU8zGBJf7trVauM9s8M+2JPV4U8UHExy1
wvMngO6a4/MDyBjxANWOKiJCcsfQCnH/Q81ukb/5UZSzcsB4uK1B5DyNyLpm4Utw
DrFxalOkp7MfxLw+r79mWVpaE+cz1Op3ie4K51mrAgMBAAEwDQYJKoZIhvcNAQEL
BQADggEBAEyuEfIsg8ayviRPSEa56AuZWuAwaoz0SR6kDk70zfGEbw26OK8Ed42P
DBDY7InU4peClh1dmjqUvBAC57mUWrXJVxpwMdGdJ+EEvzqmdGuO0hCW9ENuFQA+
6mD6GbA9loakxsh1vDXu0mSw3YvXmjd5Q6nX9GoEvkhlpo9Lf+qQiyqPUXVcaefa
5YJOJsk10UQSuh8huj20dxWcErStZp6i4876v7tqgdWqJzXsGMdiXCisJvrY3vMQ
z4nr2PnygahkzmEQygEeyRMc7Zehej/dS8Nf1Vj5kXSP1vbvncPPYTSjJAAef5O+
f0oVcUs6K5B0sE021G6GDiq0lOPV3Sc=
-----END CERTIFICATE-----
„You never fail until you stop trying.“, Albert Einstein (1879 - 1955)
And I am sorry I forgot alternative d.)
... you could of course replace all the existing files in the /root/.node-red/certs/ folder with your own files. But this might get a little complicated since the Node-RED container does not include an SSH server you could connect to via a terminal program like putty.
„You never fail until you stop trying.“, Albert Einstein (1879 - 1955)
ok - problem solved. As a quick workaround I just commented out the lines for the HTTPS in the "settings.js" configuration file.
Later i will either send the "node-cert.pem" file to my client or change my certificat.
Thank you so much for your exceptionally fast and reliable help!
kind regards,
Daniel
|