I'm encountering an issue with Node-RED's UI when accessed through an Apache reverse proxy with SSL/TLS encryption configured. Here's the setup:
Node-RED is running locally on http://localhost:1880. Apache is used as a reverse proxy to forward requests from a public domain (https://iot.example.com) to Node-RED. SSL/TLS encryption is configured in Apache to handle incoming HTTPS requests. The problem arises when accessing Node-RED's UI through the public domain (https://iot.example.com). Although the UI loads initially, it frequently displays a "Lost connection to server, reconnecting" message, followed by attempts to reconnect.
Upon reviewing Apache's error logs regarding the issue, I noted the following logs:
[Tue Mar 12 01:46:59.958983 2024] [socache_shmcb:debug] [pid 9299] mod_socache_shmcb.c(508): AH00831: socache_shmcb_store (0x21 -> subcache 1)
[Tue Mar 12 01:46:59.959094 2024] [socache_shmcb:debug] [pid 9299] mod_socache_shmcb.c(862): AH00847: insert happened at idx=0, data=(0:32)
[Tue Mar 12 01:46:59.959114 2024] [socache_shmcb:debug] [pid 9299] mod_socache_shmcb.c(865): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/212
[Tue Mar 12 01:46:59.959132 2024] [socache_shmcb:debug] [pid 9299] mod_socache_shmcb.c(530): AH00834: leaving socache_shmcb_store successfully
[Tue Mar 12 01:46:59.960120 2024] [ssl:debug] [pid 9299] ssl_engine_kernel.c(415): [client 74.12.48.208:2255] AH02034: Initial (No.1) HTTPS request received for child 2 (server iot.example.com:443)
[Tue Mar 12 01:46:59.960214 2024] [authz_core:debug] [pid 9299] mod_authz_core.c(843): [client 74.12.48.208:2255] AH01628: authorization result: granted (no directives)
[Tue Mar 12 01:46:59.960309 2024] [proxy:debug] [pid 9299] mod_proxy.c(1503): [client 74.12.48.208:2255] AH01143: Running scheme http handler (attempt 0)
[Tue Mar 12 01:46:59.960333 2024] [proxy:debug] [pid 9299] proxy_util.c(2531): AH00942: http: has acquired connection for (localhost)
[Tue Mar 12 01:46:59.960355 2024] [proxy:debug] [pid 9299] proxy_util.c(2587): [client 74.12.48.208:2255] AH00944: connecting http://localhost:1880/comms to localhost:1880
[Tue Mar 12 01:46:59.960376 2024] [proxy:debug] [pid 9299] proxy_util.c(2810): [client 74.12.48.208:2255] AH00947: connected /comms to localhost:1880
[Tue Mar 12 01:46:59.960726 2024] [proxy:debug] [pid 9299] proxy_util.c(3111): AH00951: http: backend socket is disconnected.
[Tue Mar 12 01:46:59.961074 2024] [proxy:debug] [pid 9299] proxy_util.c(3267): (111)Connection refused: AH00957: http: attempt to connect to [::1]:1880 (localhost) failed
[Tue Mar 12 01:46:59.962089 2024] [proxy:debug] [pid 9299] proxy_util.c(3276): AH02824: http: connection established with 127.0.0.1:1880 (localhost)
[Tue Mar 12 01:46:59.962192 2024] [proxy:debug] [pid 9299] proxy_util.c(3462): AH00962: http: connection complete to [::1]:1880 (localhost)
[Tue Mar 12 01:46:59.965368 2024] [proxy:debug] [pid 9299] proxy_util.c(2546): AH00943: http: has released connection for (localhost)
[Tue Mar 12 01:47:00.007071 2024] [ssl:info] [pid 9299] SSL Library Error: error:0A000126:SSL routines::unexpected eof while reading
[Tue Mar 12 01:47:00.007147 2024] [ssl:info] [pid 9299] [client 74.12.48.208:2255] AH01998: Connection closed to child 2 with abortive shutdown (server iot.example.com:443)
I've ensured that Node-RED is running and accessible on http://localhost:1880, and the Apache server is properly configured to handle SSL/TLS connections. Additionally, there are no firewall restrictions blocking communication between Apache and Node-RED.
Here is the relevant apache config file using proxy:
<VirtualHost *:443>
ServerName iot.example.com
ServerAdmin [email protected]
DocumentRoot /var/www/html/IoT
SSLProxyEngine On
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /comms wss://localhost:1880/comms/ disablereuse=On
ProxyPass / http://localhost:1880/
ProxyPassReverse /comms wss://localhost:1880/comms/
ProxyPassReverse / http://localhost:1880/
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
ErrorLog ${APACHE_LOG_DIR}/IoT.log
CustomLog ${APACHE_LOG_DIR}/IoT_access.log combined
SSLEngine on
SSLCertificateFile /root/.acme.sh/iot.example.com_ecc/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/safwanshaib.com_ecc/iot.example.com.key
</VirtualHost>
node-red settings.js file:
module.exports = {
flowFile: 'flows.json',
flowFilePretty: true,
uiPort: process.env.PORT || 1880,
diagnostics: {
enabled: true,
ui: true,
},
runtimeState: {
enabled: false,
ui: false,
},
logging: {
console: {
level: "info",
metrics: false,
audit: false
}
},
exportGlobalContextKeys: false,
externalModules: {
},
editorTheme: {
palette: {
},
projects: {
enabled: false,
workflow: {
mode: "manual"
}
},
codeEditor: {
lib: "monaco",
options: {
}
},
markdownEditor: {
mermaid: {
enabled: true
}
},
},
functionExternalModules: true,
functionTimeout: 0,
functionGlobalContext: {
},
ui: {
httpRoot: '/',
httpAdminRoot: '/',
},
debugMaxLength: 1000,
mqttReconnectTime: 15000,
serialReconnectTime: 15000,
}
I tried updating and upgrading sys packages including Node.js with no luck with the connection error.
What could be causing this issue, and how can I troubleshoot and resolve it? Any insights or suggestions would be greatly appreciated.
You should not be using wss:// to connect to the local node-red as it is not using HTTPS/TLS
ProxyPass /comms ws://localhost:1880/comms disablereuse=On
ProxyPass / http://localhost:1880/
ProxyPassReverse /comms ws://localhost:1880/comms
ProxyPassReverse / http://localhost:1880/
You should also remove the trailing / from the comms path