newkle3r
3.8 KiB
Deployment guide
Target layout (example)
| Service | Host | Port |
|---|---|---|
| Nextcloud | https://cloud.example.com |
443 |
| Node-RED | same VM, 192.168.1.26 |
1880 |
Node-RED must be reachable from users’ browsers (for the iframe) and from itself (for API calls to Nextcloud).
1. Deploy Node-RED (Docker)
On the Ubuntu VM:
cd /home/ncadmin/nextcloud-node-red # or your clone path
git pull # get latest nodes + entrypoint
docker compose build --no-cache
docker compose up -d
Or without Compose:
docker build --no-cache -t nextcloud-node-red:latest .
docker rm -f nextcloud-node-red 2>/dev/null || true
docker run -d \
--name nextcloud-node-red \
--network host \
-v node-red-data:/data \
--restart unless-stopped \
nextcloud-node-red:latest
Verify:
docker logs -n 30 nextcloud-node-red
# Expect: [entrypoint] Installing nextcloud nodes...
# User directory : /data
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:1880/
# Expect: 200
Nextcloud URL in config nodes
Inside Node-RED, set Nextcloud URL to something the container can resolve:
| Scenario | URL |
|---|---|
| Nextcloud on same VM, host networking | https://127.0.0.1 or https://cloud.example.com |
| Nextcloud on another host | https://192.168.1.x or public hostname |
Test from inside the container:
docker exec nextcloud-node-red wget -qO- --no-check-certificate \
https://cloud.example.com/status.php
2. Deploy Nextcloud app
sudo cp -r nodered-embed /var/www/nextcloud/apps/
sudo chown -R www-data:www-data /var/www/nextcloud/apps/nodered-embed
sudo -u www-data php /var/www/nextcloud/occ app:enable nodered_embed
Configure in Settings → Administration → Node-RED Embed:
- Node-RED URL:
http://192.168.1.26:1880(use the address clients use; not127.0.0.1unless only local admins use it)
3. Reverse proxy (optional)
If Node-RED is behind nginx/Apache with TLS:
- Ensure the proxy does not send
X-Frame-Options: DENY(blocks iframe embed). - Point Nextcloud admin URL to the public HTTPS URL, e.g.
https://nodered.example.com.
If Nextcloud is behind a proxy, CSP host extraction uses the hostname from nodered_url — use the same hostname users load in the iframe.
4. Firewall
Allow 1880/tcp (or your mapped port) from Nextcloud users’ networks if they open the embed from LAN/VPN.
5. Updating custom nodes
After changing files under nodes/nextcloud-ocs/:
docker builder prune -af # optional, avoids stale COPY cache
docker build --no-cache -t nextcloud-node-red:latest .
docker restart nextcloud-node-red
Confirm version:
docker exec nextcloud-node-red cat \
/data/node_modules/node-red-contrib-nextcloud-ocs/package.json | grep version
When to delete the volume
Delete node-red-data only if:
- Palette shows wrong/old nodes after rebuild, or
- Entrypoint copy failed with permission errors from old root-owned files
Warning: removes all flows and credentials.
docker rm -f nextcloud-node-red
docker volume rm node-red-data
docker compose up -d
6. Backup
Back up the Docker volume:
docker run --rm -v node-red-data:/data -v $(pwd):/backup alpine \
tar czf /backup/node-red-data-backup.tar.gz -C /data .
Restore by extracting into a new volume before first start.
7. Production checklist
- Set
credentialSecretin Node-RED settings (/data/settings.js) - Use app passwords with minimal needed scopes
- TLS on Nextcloud; consider TLS on Node-RED if exposed beyond LAN
- Restrict who can access Node-RED (firewall / VPN / admin-only NC group)
- Enable Nextcloud app only for trusted admins if flows can access sensitive data