Community Blog Deploy IoT Applications with Node-RED on Alibaba

Deploy IoT Applications with Node-RED on Alibaba

In this tutorial, you will learn how to set up and deploy Node-RED and its supporting components on a secured Alibaba Cloud ECS instance.

By Alex Mungai Muchiri, Alibaba Cloud Community Blog author

Developed by the larger IBM community, Node-RED provides for a simplified method of wiring IoT components, web services, and APIs. There are many ways in which Node-RED can be useful when dealing with IoT applications on Alibaba Cloud. Node-RED has a browser editor that enables the interfacing of components using nodes that are accessible using a single click. In other words, you need not worry about all the wiring processes required since you can easily get components to communicate with each other with ease. The open source editor is configured into distinct nodes that serve unique requirements such as monitoring your flows, debug mode or monitoring of GPIO pins of Raspberry Pi as well as R/W operations.

The tool is presented as a switchboard to the end user, with simple drag and drop functionalities. Other competing products include IFTTT and Yahoo Pipes, but which have limited flexibility. Node-RED is also supported by an extensive open community that has been contributing many useful features and products.

The aim of this tutorial is to set up and deploy Node-RED along with the supporting components of Node.js and NPM on a secured Alibaba Cloud ECS instance. For a practical demonstration, we will also install an SSL certificate on our ECS server.


The following is what you need to follow through with this tutorial:

  • One Alibaba Cloud ECS instance that is installed with Ubuntu 16.04. For this, youc should also have a firewall and a non-root sudo user named ali.
  • A NGINX server to run on your ECS instance, and the related firewall configurations to allow traffic on ports 80 and 443 for Nginx.
  • A live domain working on your server.
  • An SSL certificate configured for your domain above. For this tutorial, we'll be using Let's Encrypt for this tutorial. You may even go further and set up renewals with a cron job.


Follow all of the steps outlined below to set up and deploy Node-RED on Alibaba Cloud.

Install Node.js and NPM

It is very easy to install Node.js in Ubuntu 16.04 owing to its inclusion in the default repository. First, run the command below to clone Node-RED from GitHub:

Sudo git clone https://github.com/node-red/node-red.git 

Next, run the Sudo cd node-red command, the sudo apt install nodejs command, and finally, run the sudo npm install command below to install NPM/

Alright, all the dependencies are in place. You can run the command below to check what version we just installed in our system.

node -v

The output should indicate a version number for the installed package:


Note: The Node Package Manager (npm) is very crucial for this process because we shall use it in the installation and management of some of the software packages in use as well as installing Node-RED.

Run the command below to see if NPM was installed from the output information:

npm -v

All seems good thus far, we can now proceed with the actual installation of Node-RED in the next step.

Set up Node-RED

The node package manager provides for a very effective method of installing Node-Red. We will use the method to add node-red to the system path like so:

sudo npm install -g --unsafe-perm node-red 

As a rule, avoid using npm 1.x for the installation because it is not suitable for the process. To upgrade to version 2, run the command below:

sudo npm install -gnpm@2.x

Note: We need to use sudo since we are running a non-root user on our Ubuntu instance. While it is not directly related since we are using an Alibaba ECS installed with Ubuntu, running the same command on Windows will require running as an administrator and without the sudo command.

If there are any errors encountered during the installation process, the node-gyp command can list them for you. However, most errors encountered are not fatal and mostly due to dependencies issues for packages that have not been built and require a compiler. Nonetheless, Node-RED will still work with the dependencies though some extra modules may require such dependencies.

We have used a -g flag in the installation process above. The reason was that NPM would usually install packages in the current directory, while we require a global installation hence the use of the flag.

We have also used the --unsafe-perm flag to mitigate chances of errors possibly encountered when compiling native modules. Okay, once the process is complete, we can run the command below to test the installation.

sudo ufw allow 1880

The command opens the default port on our firewall. Next, run the command below:


On a terminal window, you should see a message 'Welcome to Node-RED.' Access the main admin interface by typing the following URL on your browser that's http://node-red.URL.com:1880:


Now that it works, shut it down using CTRL+C. We are all set for the launch process in the next step.

Configure Node-RED

Configuring the Security Portion

In this step, we'll improve the security of our Node-RED installation. Node-RED does not have any default security settings and therefore, anyone can easily access the editor and make changes. We will configure password-based access to our Node-RED installation.

First, install node-red-admin by running the command below while running as root user.

npm install -g node-red-admin

Now we can create a password hash that we shall use in the settings.js file:

node-red-admin hash-pw

Enter a password when prompted and then press enter. Copy the hash that will be displayed on the screen. Using your favorite text editor, open Node-RED settings file like so:

nano ~/.node-red/settings.js

Then, paste the generated hash to the adminAuth block in the file so that your file looks similar to the one below:

adminAuth: {
    type: "credentials",
    users: [{
        username: "admin",
        password: "365d38c60c4e98ca5ca6dbc02d396e53",
        permissions: "*"

To add password hashes for httpNodeAuth include the section in the file above

Save the file and exit the editor. Next, run the following command to completely limit any access on the Node-RED server from the outside world.

sudo ufw deny 1880

Restart Node-RED once more and you should now be prompted to input a username and password. Now let us ensure Node-RED runs at server start-up.

Create a Node-RED System Service

In this step, we will configure Node-RED to launch automatically at system boot. For that purpose, we will also need a node-red.service file. The assumption is that you are running Ubuntu 16.04 in your Alibaba ECS instance. Run the below commands to create a service file named node-red.service.

sudo wget https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.service -O /lib/systemd/system/nodered.service
sudo wget https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start -O /usr/bin/node-red-start
sudo wget https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop -O /usr/bin/node-red-stop
sudo chmod +x /usr/bin/node-red-st*
sudo systemctl daemon-reload

The tree commands that we have run will download all necessary files and update the systemd daemon and restart it. You should now be able to use the node-red-start and node-red-stop commands to start and stop Node-RED.

Next, Run the command below to run Node-RED at start-up and when the server crashes:

sudo systemctl enable nodered.service

You can also disable it like so:

sudo systemctl disable nodered.service

Try using the start and atop commands like so:


Now test that this works by running the URL on your browser that's http://node-red.URL.com:1880. If it is up and running, exit using sudo systemctl stop node-red.

Configure the Nginx server

In this step, we'll configure the Nginx server to process all SSL connections on the port 443 of our ECS VPS. Specifically, Nginx acts as a proxy to Node-RED and passes traffic to Node-RED after handling the SSL certificates requirements. For this step, run the command below to create a new config file:

sudo nano /etc/nginx/sites-enabled/node-red.URL.com

Open the file in your favorite editor and paste the code below in it:

server {
    listen 80;
    listen 443 ssl http2;
    server_name node-red.example.com;
    ssl_certificate /etc/SSL/live/node-red.URL.com/fullchain.pem;
    ssl_key /etc/SSL/live/node-red.example.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers On;
    ssl_session_cache shared:SSL:12m;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.example.com https://fonts.googleapis.com https://fonts.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval'";
    add_header X-Content-Type-Options "nosniff";
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";

    location / {
        # redirect any requests to the same URL but on https
        return 301 https://$host$request_uri;        }

        proxy_pass http://localhost:1880;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    location '/.well-known/acme-challenge' {
        root /var/www/html;

Now save the file and exit the editor. Run the command below to reload the server:

sudo systemctl reload nginx

Then, restart node-RED by running the command below:

sudo systemctl start node-red

On your browser, try navigating to http://node-red.URL.com:1880 and you should be redirected to https://node-red.URL.com:1880 and onto the admin interface we have already encountered. Great, we have successfully created an NGINX proxy for Node-RED.

Create Your First Flow

At this point, we have Node-RED running on our machine and you can always verify this by pointing your browser to the address http://ip-address:1880. Okay, let see how to create a flow:

Add an Inject Node

With an Inject node, you should be able to inject messages in flows. Simply drag one to the workspace and on the sidebar, select the Info tab. You should see the newly added node and can make an additional description of its functions.

Add a Debug Node

With a Debug node, the Debug sidebar can display messages, usually the payload but also the whole message.

Connecting the Inject and Debug Nodes

Wiring the two nodes above is as simple as dragging one output port to the other's input port.

Deploy the Nodes

Deploying the nodes to the server is as simple as clicking on the Deploy button.

Adding a Function Node

With a Function node, you can use a JavaScript function to pass messages. It should be wired between the Inject and Debug nodes, in which case, the existing wire should be deleted. Double click on the node to edit it. In the dialog provided, paste the code below:

// Create a Date object from the payload
var date = new Date(msg.payload);
// Change the payload to be a formatted Date string
msg.payload = date.toString();

Click the Deploy button once more.


We have successfully deployed Node-RED on an Alibaba Cloud ECS instance and set up a secure Nginx proxy.

Don't have an Alibaba Cloud account? Sign up for an account and try over 40 products for free worth up to $1200. Get Started with Alibaba Cloud to learn more.

0 0 0
Share on


53 posts | 8 followers

You may also like


53 posts | 8 followers

Related Products

  • IoT Platform

    Provides secure and reliable communication between devices and the IoT Platform which allows you to manage a large number of devices on a single IoT Platform.

    Learn More
  • IoT Solution

    A cloud solution for smart technology providers to quickly build stable, cost-efficient, and reliable ubiquitous platforms

    Learn More
  • Global Internet Access Solution

    Migrate your Internet Data Center’s (IDC) Internet gateway to the cloud securely through Alibaba Cloud’s high-quality Internet bandwidth and premium Mainland China route.

    Learn More
  • Cloud Data Transfer

    Unified billing for Internet data transfers and cross-region data transfers

    Learn More