Quick and dirty guide how to run Node-RED in FreeBSD jail. It will work without jail too.


  1. Create a jail using your favorite method and login to it as root.
  2. Install packages
     pkg install node16 npm sudo
  3. Create a user to run Node-RED. I’m creating just a normal user, if you not using jail you should invent better way to handle Node-RED. In my case all Node-RED related stuff will sits under home directory of that user, use it for your advantages.
     nodered:/root@[17:08] # adduser
     Username: nodered
     Full name: Node The Red
     Uid (Leave empty for default):
     Login group [nodered]:
     Login group is nodered. Invite nodered into other groups? []:
     Login class [default]:
     Shell (sh csh tcsh nologin) [sh]: nologin
     Home directory [/home/nodered]:
     Home directory permissions (Leave empty for default):
     Use password-based authentication? [yes]: no
     Lock out the account after creation? [no]:
     Username   : nodered
     Password   : <disabled>
     Full Name  : Node The Red
     Uid        : 1001
     Class      :
     Groups     : nodered
     Home       : /home/nodered
     Home Mode  :
     Shell      : /usr/sbin/nologin
     Locked     : no
     OK? (yes/no): yes
     adduser: INFO: Successfully added (nodered) to the user database.
     Add another user? (yes/no): no
     nodered:/root@[17:09] #
  4. Install Node-RED. Do not run npm with -g flag as guide on Node-RED site recommends. You do not want to install it globally.
    cd /home/nodered
    sudo -u nodered /bin/sh
    npm install --unsafe-perm node-red
  5. Let’s start it in first time. Ctrl-C it after it stops booting
    npm exec node-red

    It will create /home/nodered/.node-red directory and populate it with some files.

  6. Get you SSL certs and put them in /home/nodered/.certs directory. Files should be owned by “nodered:nodered”
     nodered@nodered ~> touch /home/nodered/.certs/privkey.pem
     nodered@nodered ~> touch /home/nodered/.certs/fullchain.pem
     chmod  og-rwx /home/nodered/.certs/privkey.pem
  7. Generate password hash for admin user
     nodered@nodered ~> npm exec node-red admin hash-pw

    Copy that $2b$ string aside, and do not forgot password

  8. Update config.
    vi .node-red/settings.js
    • If you want to Node-RED to listen on LAN interface instead of loopback - un-comment and change
        uiHost: "10.x.y.z",

      Other option will be keep it listening on loopback and reverse-proxy it from LAN

    • Configure SSL. Un-comment and change
        /** Option 1: static object */
        https: {
          key: require("fs").readFileSync('/home/nodered/.certs/privkey.pem'),
          cert: require("fs").readFileSync('/home/nodered/.certs/fullchain.pem')
        requireHttps: true
    • Configure admin user
        adminAuth: {
            type: "credentials",
            users: [{
                username: "nodered",
                password: "$2b$10$QdmOxOgjumnRfs7A4cQ2H.lwu5ZdcbNgtBPczdt/BpZC02mB3duv2",
                permissions: "*"

      Value for password: is hash generated on step 7

    • I do not remember why it is required but it will not hurt. Uncomment and change
       userDir: '/home/nodered/.node-red',  
    • Remove that pesky startup warning. Uncomment and replace “a-secret-key” with some good long random string
       credentialSecret: "a-secret-key",
  9. Setup startup script.

    Ctrl-D to be back to root prompt

    • Create /usr/local/etc/rc.d if it does not exist
        nodered:/root@[18:52] # mkdir /usr/local/etc/rc.d
    • Create startup script
        nodered:/root@[18:52] # cat > /usr/local/etc/rc.d/nodered

      Populate content

        # $FreeBSD:                 
        # PROVIDE: nodered
        # REQUIRE: LOGIN
        # KEYWORD: shutdown
        # Add the following line to /etc/rc.conf to enable `node-RED':
        . /etc/rc.subr
        command_args="-f -S -H -p /var/run/nodered.pid -u nodered /usr/local/bin/npm exec -- node-red -s /home/nodered/.node-red/settings.js"
        # stop_precmd="kill `cat /var/run/nodered.pid`"
        # read configuration and set defaults
        load_rc_config "$name"
        run_rc_command "$1"
    • make it executable
      chmod a+x /usr/local/etc/rc.d/nodered
  10. Add Node-RED to startup
     vi /etc/rc.conf


  11. Start it
     /usr/local/etc/rc.d/nodered start

    Check /var/log/daemon for startup logs.

  12. Node-RED should be available via HTTPS on IP/Port you specified in step 8. Login to it using username/passwords from step 7
  13. Do not forget to setup backup for /home/nodered or at least for /home/nodered/.node-red