BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 16:56:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix(proxy): strip Node-RED ingress bases

Browse source 
Keep the two external ingress flows at /in/public and /in/kiosk while allowing Node-RED routes to stay path-local, such as /test1.
This commit is contained in:
Mitchell R 2026-05-11 10:38:32 +02:00
parent 02412169a0
commit 346ddfa3a4
No known key found for this signature in database
3 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CLAUDE.md
View file

@ -68,6 +68,10 @@
- public `/in/public/*` `/s/*` — rate-limited - public `/in/public/*` `/s/*` — rate-limited
- kiosk-key `/api/kiosk/*` `/in/kiosk/*` `/dash/*` (kiosks) - kiosk-key `/api/kiosk/*` `/in/kiosk/*` `/dash/*` (kiosks)
- admin session+TOTP `/admin/*` `/api/admin/*` `/nrdp/*` `/dash/*` (humans) - admin session+TOTP `/admin/*` `/api/admin/*` `/nrdp/*` `/dash/*` (humans)
Node-RED external HTTP-in has exactly two ingress bases: `/in/public/*`
for user webhooks/actions and `/in/kiosk/*` for kiosk-authenticated data.
Angie strips that base before proxying, so a Node-RED route `/test1` is
called as `/in/public/test1` or `/in/kiosk/test1`.
11. **labels** = routing primitive. cams+layouts+kiosks carry labels. 2 binding kinds: 11. **labels** = routing primitive. cams+layouts+kiosks carry labels. 2 binding kinds:
- `consume`: any kiosk w/label may render - `consume`: any kiosk w/label may render
- `operate`: exactly ONE kiosk authoritative (composite PK incl role) - `operate`: exactly ONE kiosk authoritative (composite PK incl role)

9
deploy/README.md
View file

@ -35,6 +35,15 @@ Node-RED is reachable only through:
http://<pi-ip>/nrdp/ http://<pi-ip>/nrdp/
``` ```
Node-RED HTTP-in routes have two public base URLs:
- Public webhook/user actions: `http://<pi-ip>/in/public/<node-red-path>`
- Kiosk-authenticated ingress: `http://<pi-ip>/in/kiosk/<node-red-path>`
For example, a Node-RED `http in` node at `/test1` is called as
`http://<pi-ip>/in/public/test1` for public traffic, or
`http://<pi-ip>/in/kiosk/test1` for kiosk-authenticated traffic.
Do not publish `18080`, `18081`, `18082`, or `1880` on the host. Do not publish `18080`, `18081`, `18082`, or `1880` on the host.
If migrating from an older native install, stop the old host daemons first: If migrating from an older native install, stop the old host daemons first:

4
deploy/angie/betterframe.docker.conf
View file

@ -75,13 +75,13 @@ server {
location /in/public/ { location /in/public/ {
limit_req zone=bf_public burst=20 nodelay; limit_req zone=bf_public burst=20 nodelay;
rewrite ^/in/public/(.*) /public/$1 break; rewrite ^/in/public/(.*) /$1 break;
proxy_pass http://betterframe_nodered; proxy_pass http://betterframe_nodered;
} }
location /in/kiosk/ { location /in/kiosk/ {
auth_request /api/kiosk/_check; auth_request /api/kiosk/_check;
rewrite ^/in/kiosk/(.*) /kiosk/$1 break; rewrite ^/in/kiosk/(.*) /$1 break;
proxy_pass http://betterframe_nodered; proxy_pass http://betterframe_nodered;
} }