Hilscher Community Forum
secure node-red with a username and password - Printable Version

+- Hilscher Community Forum (https://forum.hilscher.com)
+-- Forum: netPI 3 - Docker featuring Industrial Raspberry Pi 3 platform (https://forum.hilscher.com/forum-1.html)
+--- Forum: Software (https://forum.hilscher.com/forum-5.html)
+--- Thread: secure node-red with a username and password (/thread-788.html)

secure node-red with a username and password - Christian_Rau - December-1st-2021

I have the hilschernetpi / netpi-nodered-fieldbus container running. It works fine. Now I would like to secure node-red with a username and password. Is that possible?

I found the following instructions on the Internet: "The password to be used must be stored as a hash in the settings.js of Node-RED. This is done with the Admin CLI Tools, which must, however, be installed beforehand." The instructions refer to SSH access, which does not exist.
Does anyone have any experience with it and can give me a hint?

RE: secure node-red with a username and password - Armin@netPI - December-1st-2021

The official Node-RED security page is located here: https://nodered.org/docs/user-guide/runtime/securing-node-red. There you can read how to protect it. 
It needs you 
1. to modify * the Node-RED "settings.js" file to enable login feature 
2. to provide a routine that checks the username and password (after the credentials were entered by the user) to give feedback to Node-RED to be allowed to open the editor or not

We on our side offer another similar Docker image here: https://hub.docker.com/r/hilschernetpi/netpi-nodered. It includes next to the fieldbus node - which you are using -  also other useful nodes ... but nevertheless this Node-RED version I am referencing above include a user name and password protection.

The source code of this Node-RED is located here: https://github.com/HilscherAutomation/netPI-nodered. In this repository you find a subfolder "auth" containing two files. These files are both relevant to authenticated against the netPI's (or our other gateway called netFIELD Connect) web user interface. So whenever you use this Node-RED it will ask you for username and password ... which are the same as you are using for the standard web UI. Of course you can do it differently ... but we did it in that way.

The two files are copied during the container build in the same folder as the node-red "settings.js" is located. When the container is started the first time its initial file started https://github.com/HilscherAutomation/netPI-nodered/blob/master/init.d/entrypoint.sh in turn modifies the settings.js file in the section "adminAuth" to let it load either the one or the other authentication file depening on the hardware (netPI or netFIELD Connect) during Node-RED start.


RE: secure node-red with a username and password - Christian_Rau - December-3rd-2021

Thank you for a detailed answer. I just switched to the new container. It still works fine. Smile

RE: secure node-red with a username and password - Armin@netPI - December-3rd-2021

Well I would not call is "new" container ... it is nearly as old as the netpi-nodered-fieldbus container. :-)