Dashboard 2.0 behind reverse proxy (nginx)

[WoMec]

Hi,

I am trying to set up a reverse proxy with Nginx for the new Node-RED Dashboard 2.0. Previously, with Dashboard 1.0, I was able to access the dashboard easily by configuring Nginx to route requests based on the device's IP address or FQDN.

I would like to achieve the same setup for Dashboard 2.0, but I am facing issues with WebSocket connections. It seems that my Nginx configuration is not handling WebSockets correctly, and the dashboard does not work as expected.

Could you provide guidance on the correct Nginx configuration to ensure WebSocket support for Dashboard 2.0?

Thanks!

[bartbutenaers]

@WoMec
I don't use Nginx myself, but "perhaps" you can find something useful here

[ortegafernando]

Hello @WoMec I have this (I have just migrated to 2.0 this week) in my nginx.conf file (using docker-compose) and I have it working (in future I want to leave location at '/'). (see at bottom)

But THIRD PARTY NODES are NOT working. I get this errores in browser console

https://domain.net/resources/@flowfuse/node-red-dashboard-2-ui-led/ui-led.umd.js net
ERR_ABORTED 404 (Not Found)

@bartbutenaers do uou know if this is a "problem" of all third party nodes or a general "problem" of Dashboard 2.0?

server {
    listen 80;
    listen [::]:80;
    server_name domain.net;

    server_tokens off; #Disable the Nginx version in headers for security

    location /.well-known/acme-challenge/ {
        allow all;
        root /var/www/certbot;
    }

    location / {
        return 301 https://$server_name$request_uri;
    }

    #Logs for Nginx access and errors
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    location ~ /\.ht { deny all; }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on; # Activa HTTP/2 de forma explícita
    server_name domain.net;

    server_tokens off; #Disable the Nginx version in headers for security

    ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem;

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
    ssl_session_tickets off;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;

    # Node-RED
    location /nr/ {
        proxy_pass http://nodered:1880/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        # WebSocket support
        proxy_http_version 1.1;
        proxy_cache_bypass  $http_upgrade;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    #new nodered dashboard 2.0
    location /dash/ {
        proxy_pass http://nodered:1880/dashboard/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Referer "";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache_bypass $http_upgrade;
     }

   #old nodered ui
    location / {
        proxy_pass http://nodered:1880/ui/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    # Grafana Dashboard
    location /graf/ {
        proxy_pass http://grafana:3000/;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
    }

    # Logs for Nginx access and errors
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    location ~ /\.ht { deny all; }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
}

[colinl]

This may be the same problem #1024

[ortegafernando]

In my humble opinion, I think nowadays working with docker and nignx is a must. What do you think? Does it have a easy solution?

[joepavitt]

@ortegafernando how are you installing your third-party nodes? Via the palette manager? or as global installs?

[ortegafernando]

@ortegafernando how are you installing your third-party nodes? Via the palette manager? or as global installs?

@joepavitt By pallete manager. If you need any log or something from me, please ask me

[colinl]

@ortegafernando if you have a look at #1615 I think I have found the problem. If you setup httpAdminRoot to 'nr' and then proxy /nr to http://nodered:1880/nr/ then I think that may provide a workaround. That is if I understand the nginx config correctly.