Node-RED
Flow-based automation for APIs, MQTT, and devices - with auth made mandatory, not optional.
One-click deploy, from $5/mo on a Miget plan.
Node-RED is the OpenJS Foundation’s flow programming tool: wire webhooks, APIs, MQTT, schedules, and devices together visually, with thousands of community nodes for everything from Modbus to Telegram. Two decades of IoT and integration muscle live in its palette.
This template fixes the deployment footgun upstream leaves open: a public Node-RED editor without auth is arbitrary code execution. The wrapper seeds bcrypt adminAuth into settings.js on first boot and refuses to start without your hash - secure by construction, not by checklist.
Upstream project: Node-RED (OpenJS)
#what you get
- Visual flow editor with thousands of community nodes
- Webhooks, MQTT, HTTP, schedules, function nodes (JS)
- Auth ENFORCED: bcrypt admin seeded at boot, or no boot
- Flows, credentials, and installed nodes persist on one volume
- Apache-2.0, OpenJS-governed
#topology
| Service | Role | Public |
|---|---|---|
| node-red | flow editor + runtime (:5000) | yes (enforced auth) |
#miget sizing
// this stack needs
512 MiB RAM · 2 GB disk · 1 service
Light by default; heavy flows and chatty MQTT raise it. Install nodes from the palette - they persist on the volume.
Hobby - recommended fit
$5/mo
1 vCPU · 512 MiB · 10 GiB disk
Headroom for your own apps: 1 GiB at $7/mo
Professional - production
$22/mo
1 vCPU · 2 GiB · 10 GiB disk
Dedicated resources, production SLOs - plan details
One Miget plan is a fixed pool of compute - the whole stack (managed databases included) deploys inside it, and anything left over runs your other apps. No per-service or per-seat math.
#vs. other PaaS
Estimated monthly cost of running this exact stack (512 MiB RAM, 2 GB disk, 1 container) elsewhere, from published June 2026 rates.
| Platform | Est. monthly | Notes |
|---|---|---|
| Miget ★ | $5 flat | compose stacks first-class: one deploy, dedicated vCPU, managed Postgres/Valkey, volumes and TLS all included in the plan |
| Heroku | ~$25 | no volumes; nothing between 1 GB ($50) and 2.5 GB ($250) dynos - 2 GB containers cost far more than shown |
| DO App Platform | ~$11 | no persistent volumes - stateful containers need managed DBs/Spaces (base $5 Spaces included here) |
| Render | ~$8 | per-service instances (0.5 GB $7, 2 GB $25) - every container is its own paid service |
| Railway | ~$5 | usage-based ($10/GB RAM-mo); vCPU billed separately at $20/vCPU-mo on top |
| Fly.io | ~$3 | cheapest sticker price - but burstable shared CPUs (1/16 core; dedicated vCPUs cost ~2-3×), no compose deploys (one app per container, manual wiring), managed DBs billed extra |
Estimates assume RAM fully allocated at published on-demand rates - and sticker price isn't the whole comparison: the cheaper rows buy burstable shared CPUs, per-service wiring instead of a compose deploy, and managed databases billed separately. Heroku and DO App Platform have no persistent volumes at all - stateful stacks like this one need workarounds there.
#deploy it
On Miget
- Create a Compose Stack in app.miget.com pointing at the templates repository
- Set the stack path to
node-red -
Set the required variable:
NODERED_PASSWORD_HASH, bcrypt (one docker run command in .env.example)
- Deploy. Miget layers
compose.miget.yaml(RAM, privacy, volumes, managed services) automatically
Locally first?
Every template is portable, vanilla Docker Compose - the Miget overrides are ignored locally:
git clone https://github.com/deployable-sh/stacks
cd miget-compose-templates/node-red
docker compose up -dSame files, same behavior. The template README covers connection strings and scaling notes.
#faq
Why does this template enforce auth when upstream does not?
Because the editor executes arbitrary JavaScript by design - on a public domain, an open editor is remote code execution within minutes of being indexed. The wrapper exits loudly without a bcrypt hash; the inconvenience is the feature.
Node-RED or n8n?
Node-RED for device/MQTT/protocol wiring and the engineering-automation crowd; n8n (in this catalogue, queue mode) for SaaS integrations with credential management and a marketplace of app nodes. Genuinely different ecosystems - pick by what you are wiring.
Can flows receive webhooks from the internet?
Yes - HTTP-in nodes listen on your domain alongside the editor. Secure the endpoints your flows expose (the enforced auth covers the editor, not your custom routes - add header checks in flows).
Ship Node-RED today
One compose stack, 512 MiB of RAM, from $5/month flat, and it runs on your laptop with the same files.