Node Red Server

This document is about setting up my new Node-Red server, which this time is not a Raspberry Pi, but a refurbished micro PC: DELL Optiplex 7040 DM (i3-6100T, 8GB DDR4 RAM, 256GB SSD, no ODD). I decided to install Debian on this machines because I have limited Linux experience. Since Raspbian is based on Debian that will be the least steep learning curve for me switching between two "different" OS.

I will be installing the following on this machine:

• Debian 11
• Node-Red
• SQLite, phpLiteAdmin (myphpAdmin)
• InfluxDB, Telegraft, Grafana: moved to a separate document

Debian install

Download the latest version of Debian from the this link: https://www.debian.org/distrib/netinst Download the amd64 version, flash the ISO file on a pendrive using for example with Etcher, and boot from the pendrive.

I choose the Simple install not graphical install. There are a lot of questions during the install. There are obvious ones like the root password and another initial user/password, but for anything else I just selected the default settings. There was a question about components to install in which I added SSH server and Web Server. During the setup process you set up a non-root user which is like the pi user on raspberry pi. I am using this user to install Node-Red and other software and for this reason which user needs to be able to sudo. For me the 2nd process in this article worked.

I am not sure what I have done wrong, but SSH did not work after install. I followed step 1-3 from this article.

Also I executed the following command that disabled, sleep, hibernation and suspend mode on my server, as it was going into sleep mode:

sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

Node-Red Install

Installing Node-Red is very easy, we can just use the bash script same as used to update Node-Red. I know normally we run the bash script without sudo, but I had to use sudo this time. I have to admit I don't know why. Also Debian does not include curl, so install curl first, it is explained in the linked article above.

Since we are at Node-Red 2.x, there is admin init to set up the initial settings.

node-red admin init

And to make sure Node-Red starts at system boot, I also executed this:

sudo systemctl enable nodered.service

The admin init takes care of a lot of things in the settings.js but I wanted to make a few more changes. This is found in the /home/xxx/.node-red/ folder.

I am using httpStatic folder a lot, and I wanted to use it here as well. This is a question in the admin init as well, but this is how you enable in the settings.js. Of course xxx is your userid.

    httpStatic: '/home/xxx/node-red-static/',

And I also wanted to change the default context storage, so default is the memory storage, but file storage is also possible:

    contextStorage: {
      default: "memoryOnly",
      memoryOnly: { module: 'memory' },
      file: { module: 'localfilesystem' }
    }

Don't forget to add ',' at the end if this is not at the end of settings.

And with this Node-Red setup is complete and it will run now.

Install Canvas

There is one specific node I really like to use which is chart-image. This generates charts and saves them in PNG that I can send over Telegram or email, and that needs a few bits to install. First of all some prerequisite libraries:

sudo apt-get install build-essential libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev

Than the actual canvas:

npm install canvas

And finally I can add the node in Node-Red Palette Manager: node-red-contrib-chart-image.

SQLite and myphpAdmin

My plan is to use InfluxDB and Grafana, but I still want to use SQLite for light database storage and also for all my existing flows. And I made an issue here, I installed myphpAdmin, and only after I realized that I need phpLiteAdmin. phpLiteAdmin is designed for SQLite databased, myphpAdmin is for more "traditional" databases. Still, I left this in the document, you decide which one you need.

So first install SQLite:

sudo apt install sqlite3

And also create a folder for the database files: /home/xxx/sqlite/

Now we need Apache2 web server with php support for the phpLightAdmin. Apache2 is already installed with Debian, so I need to add php. I just followed this article.

sudo service apache2 restart

If you want to make sure that everything is working you can find a sample php file in this article. It was all working for me at this point.

Now we can install phpmyAdmin to manage the SQLite databases. I followed this article for that.

It looks like something has changes in mymsqli, but I managed to install with the below command and after restarting apache2 the phpmyAdmin screen loaded:

sudo apt-get install php-mysql
sudo systemctl restart apache2

I also prepared the /home/xxx/sqlite so it is accessible by root:

cd /home/xxx/
sudo chmod 777 sqlite
sudo chmod 777 sqlite/* (not needed if no subdirs)
sudo chown root:root sqlite
sudo chown root:root sqlite/* (not needed if no subdirs)

And finally install the SQlite node in Node-Red: node-red-node-sqlite.

phpLiteAdmin

Does not work:

sudo apt-get update
sudo apt-get install phpliteadmin
sudo service apache2 restart

It looks like the current version of phpliteadmin does not work correctly with php8. It is not yet fixed in the current release, but I was able to fix this with dev version. This is documented in this issue. So I downloaded the dev version and overwritten the installed files in /usr/share/phpliteadmin.

cd /usr/share/phpliteadmin/
sudo wget https://www.phpliteadmin.org/phpliteadmin-dev.zip
sudo unzip phpliteadmin-dev.zip

And maybe it is also related to the php version, but I also had to make a small change in: /etc/apache2/conf-enabled/phpliteadmin.conf file. I have removed the <IfModule... and </IfModule> section around the Alias line. And after that restart apache2 with sudo service apache2 restart.

Finally edit the /user/share/phpliteadmin/phpliteadmin.config.php file. I uncommented the password and set a password for the liteadmin and also set the /home/xxx/sqlite folder that I have created to store my SQLite files.

MQTT

Obviously we need MQTT to talk to local devices. These lines will install the MQTT server. When you issue the last command you should see the MQTT Broker service as active (running).

sudo apt install mosquitto mosquitto-clients
sudo systemctl enable mosquitto
sudo systemctl status mosquitto

Now, let's configure the MQTT broker, edit /etc/mosquitto/mosquitto.conf and add the following two lines at the end of the file:

listener 1883
allow_anonymous false
password_file /etc/mosquitto/pwfile

Now, we need to set up the password file

cd /etc/mosquitto/
sudo nano pwfile

Just press Ctrl+O and Ctrl+X to save the empty file. And now save a MQTT user and password into the password file. XXX is the username and YYY is the password:

sudo mosquitto_passwd -b /etc/mosquitto/pwfile XXX YYY

And finally we need to restart mosquitto to it re-reads the new configuration. Execute the first command which will return a number and replace PID with that number is the second command:

pgrep mosquitto
sudo kill -9 PID

Let's Encrypt SSL Certificate

I have requested a Let's encrypt SSL Certificate for my previous server, and even though I am not using it right now, I would like to keep this renewed. So I installed it here. First install certbot:

sudo apt-get install certbot

When I ran the next step (according to the documentation), it failed, but I managed to get it working by installing this:

sudo apt-get install python3-certbot-apache

And finally, install the certificate on Apache:

sudo certbot --apache

This will ask for your email address and the domain for this server. This assumes that you have a DDNS account registered, and for example your router is getting this DDNS account updated with your IP. Also don't forget to open port 80 on your router, because the setup script will wait for the verification call back from Let's Encrypt to your server. So Apache should be accessible from outside. I usually have port 80 forwarding turned off, and I only turn it on for this (and when certificate renewal is required in the future).

And finally reload Apache:

sudo service apache2 reload

Let's Encrypt certificates expire after 90 days. You can set up a job to do that, but since my Apache is not open from the internet, I just wait for the reminder email and do thee renewal manually.

PiVPN Install

I know my machine is not a RaspberryPI any more, but I got used to PiVPN so I will use it here as well. The installation steps change from different version, so I document what the current intall is doing right now. First run the install:

curl -L https://install.pivpn.io | bash

The installation goes something like that:

• There are screens about using static IP. I assume you have configured your Linux to use static IP already. If not you should do it now.
• Select your user which will run pivpn.
• Wireguard or OpenVPN: OpenVPN
• Installation mode screen: No
• Default openvpn Port: do not leave it on the default port, pick a random port for yourself. And you will need to open this port on your router to point to your server.
• DNS provider: it is up to you, I picked Custom and added the DNS server from my ISP.
• Public IP or DNS: DNS Entry and provide your DDNS name on the next screen
• Enabled unattended upgrades: I said yes, just be aware that will reboot your server from time-to-time.

At this point the installation is complete and the script recommends to reboot the computer. Before I do that, I edited the server.conf file which in /etc/openvpn folder. In my version I added the following between the push "block-outside-dns" and client-to-client lines:

# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
# push "redirect-gateway def1"
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# Local subnet
push "route 192.168.1.0 255.255.255.0"

So here, the default push "redirect-gateway def1" line is commented and some other routing lines added. What is important that for me the server address is 10.8.0.0 (defined above in the file), hence the 10.8.0.1 and 10.8.0.0 references. Also my home network is in 192.168.1.x which is what is in my last line. So if your subnet is in a different range, adjust the last line accordingly.

And now you can generate your clients by issuing:

pivpn add

Here you can create a client for your laptop, phone. For each you give a name and password. This will generate an ovpn file for each, and place it in the /home/xxx/ovpns folder. You can download these files to your laptop and phone, and when you install the OpenVPN Connect app for Windows or Android, you can set up the VPN connection by browsing this file and providing your password.

Homer Dashboard

I stumbled upon this video from Wolfgang on what he has on his home server. There is a tons of content on this video, most of them I don't even understand. But I picked up this Homer dashboard which I found very useful. I already have tons of services running on my server, so it would be nice add them to a dashboard.

You can find Homer here. The great think about this, that this is a simple HTML, Javascript, Node.js. And it runs under Apache as well which I have already installed. I just downloaded and unzipped it straight in my Apache www root folder:

cd /var/www/html
wget https://github.com/bastienwirtz/homer/releases/latest/download/homer.zip
unzip homer.zip

To get started you can download my config.yml file and copy into the assets/ folder.

You can find all further details in this video:

Zigbee2MQTT

Before we start, here is a tip: for this we will use a USB Zigbee coordinator, and configure the USB name. This is usually something like /dev/tty0. But if you have multiple USB devices, sometimes they change tty0 or tty1 and all of sudden stuff stop working after a reboot. So issue this in the terminal:

ls /dev/serial/by-id

And this will show all the ID of USB devices. So instead of /dev/tty0 you can refer to them by /dev/serial/by-id/xxxxx.

For this you need a Zigbee coordinator. I use Sonoff Zigbee 3.0 Dongle Plus. Just plug it into the USB port of your server running Node-Red.

Install the Zigbee2MQTT program, I just followed the instructions here.

Once it is done, edit the configuration file:

nano /opt/zigbee2mqtt/data/configuration.yaml

This is how the front of mine looks like:

homeassistant: false
permit_join: false
mqtt:
  base_topic: zigbee2mqtt
  server: mqtt://localhost
  user: xxx
  password: xxx
serial:
  port: >-
    /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_00803149c119ec11a60074e5f01c6>
frontend:
  port: 8085

I don't use Home Assistant, hence the first line is false. I also disable devices automatically joining, hence set that to false. In the MQTT section fill the username and password for yours. Next in the serial section I added the ID of my Zigbee coordinator using the method mentioned above. Also I added this frontend port section. You can pick a different port if you want to.

Do not forget to carry out the rest of the steps in the installation instructions.

Do not forget to remember this link for later: update Zigbee2MQTT. You will need this if you have some new zigbee devices which are not supported your version and you need to update to the latest.