After seeing some of the stuff my colleague Martin has done with Node-RED (NR), I wanted to switch to oit, despite my KISS strategy, and NR just introduces another device to mange.

But, starting it on Docker on my Home Laptop (also used forĀ Home Assistant on Docker andĀ Plex Media Server):

mkdir /opt/node-red
docker run -d --restart unless-stopped --network=host -v /opt/node-red:/data --name nodered nodered/node-red

And it was running. I saw some wierd stuff in the start, until i pressed "Deploy" the first time, after that every thing has just bee working.

NR has (as far as I know currently, any users or admin/management in front of it by default, and I wanted to be able to use it from pretty much everywhere... so I created a dual stack of Reverse Proxies:

Setting the browser to it hirs my Confluence Server and the Apache2 on it proxies it to http://cantina,, and the Apache2 on it proxies it to sparrow:1880 (the Docker container)

On both Apache2 I have IP Restrictions:



        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
        ErrorLog ${APACHE_LOG_DIR}/
        CustomLog ${APACHE_LOG_DIR}/ combined

		RewriteEngine on
        RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
        RewriteCond %{HTTP:Connection} Upgrade$ [NC]
        RewriteRule .*/(.*) "ws://$1" [P,L]

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass /
        ProxyPassReverse /

        <Proxy *>
        Order deny,allow
        Deny from all
        Allow from
        Allow from yyy.yyy.yyy.yyy

<VirtualHost *:1890>
        ServerAdmin webmaster@localhost

		RewriteEngine on
        RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
        RewriteCond %{HTTP:Connection} Upgrade$ [NC]
        RewriteRule .*/(.*) "ws://localhost:1880/$1" [P,L]

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass / http://localhost:1880/
        ProxyPassReverse / http://localhost:1880/

        <Proxy *>
        Order deny,allow
        Deny from all   
        Allow from #
        Allow from 10            # Local Lan 


With this setup I can use it from and yyy.yyy.yyy.yyy that represents some well known adresses like work and fiber.