The first step was to set up basic authentication on the proxied URL that I was using to access Node-RED. This turned out to be quite straigtforward following the instructions at LinuxServer.io. I used the linked tool to create a .htaccess file and a .htpasswd file. Don't worry about the requested path as you only need the contents of the .passwd file as this tool is used to hash the passwords. The resultant passwords is added to /config/.htpasswd (I had to create this file).
I ended up with the following default.conf file in Apache (saved in /config/apache/site-confs):
SetEnv proxy-initial-not-pooled 1
<VirtualHost *:80>
ServerName www.mydomain.online
ServerAlias www.mydomain.online
DocumentRoot /config/www/
<Directory "/config/www/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName skills.mydomain.online
ServerAlias skills.mydomain.online
<Location /echo>
AuthUserFile /config/.htpasswd
AuthType Basic
AuthName "Skills"
Require user username
ProxyPass http://192.168.XXX.XXX:XXXX/echo
ProxyPassReverse http://192.168.XXX.XXX:XXXXecho
</Location>
</VirtualHost>
This allows me access the Node-RED with a URL similar to this;
http://username:somepassword@skills.mydomain.online/echo
Next step was to add certificates to allow this work on https://
Some reserach revealed that Amazon developer is somewaht fussy when it comes to which certs it will support. For example, startSSL certs don't work so I gave up on securing a free cert and decided it was worth paying the $15 for something that would work. Based on a post from Wolf Paulus, I went with SSLmate. This turned out to be very starightforward. Sign up for an account and follow the directions to generate the cert right from inside the Apache docker. (I used cat /etc/*-release to figure out it was running Ubuntu 14.04. Once I had that info, it was easy to follow the instructions to install the SSLmate software and generate the certs.)
The next step was to configure the secure section of the Apache default.conf file to apply the certs to the reverse proxy;
<VirtualHost *:443>
ServerName skills.mydomain.online
SSLEngine on
SSLCertificateFile "/etc/sslmate/skills.mydomain.online.crt"
SSLCertificateKeyFile "/etc/sslmate/skills.mydomain.online.key"
SSLCertificateChainFIle "/etc/sslmate/skills.mydomain.online.chain.crt"
<Location /echo>
AuthUserFile /config/.htpasswd
AuthType Basic
AuthName "Skills"
Require user Alexa
ProxyPass http://192.168.XXX.XXX:XXXX/echo
ProxyPassReverse http://192.168.XXX.XXX:XXXX/echo
</Location>
</VirtualHost>
Now, the Node-RED logic can be accesed only with
https://username:somepassword@skills.mydomain.online/echo
Finally, I could configure my Alexa Skill on Amazon Developer to have direct access to my endpoint rather than going through a custom lamda function;
No comments:
Post a Comment