• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
secure node-red with a username and password
#1
I have the hilschernetpi / netpi-nodered-fieldbus container running. It works fine. Now I would like to secure node-red with a username and password. Is that possible?

I found the following instructions on the Internet: "The password to be used must be stored as a hash in the settings.js of Node-RED. This is done with the Admin CLI Tools, which must, however, be installed beforehand." The instructions refer to SSH access, which does not exist.
Does anyone have any experience with it and can give me a hint?
  Reply
#2
The official Node-RED security page is located here: https://nodered.org/docs/user-guide/runt...g-node-red. There you can read how to protect it. 
It needs you 
1. to modify * the Node-RED "settings.js" file to enable login feature 
2. to provide a routine that checks the username and password (after the credentials were entered by the user) to give feedback to Node-RED to be allowed to open the editor or not

We on our side offer another similar Docker image here: https://hub.docker.com/r/hilschernetpi/netpi-nodered. It includes next to the fieldbus node - which you are using -  also other useful nodes ... but nevertheless this Node-RED version I am referencing above include a user name and password protection.

The source code of this Node-RED is located here: https://github.com/HilscherAutomation/netPI-nodered. In this repository you find a subfolder "auth" containing two files. These files are both relevant to authenticated against the netPI's (or our other gateway called netFIELD Connect) web user interface. So whenever you use this Node-RED it will ask you for username and password ... which are the same as you are using for the standard web UI. Of course you can do it differently ... but we did it in that way.

The two files are copied during the container build in the same folder as the node-red "settings.js" is located. When the container is started the first time its initial file started https://github.com/HilscherAutomation/ne...rypoint.sh in turn modifies the settings.js file in the section "adminAuth" to let it load either the one or the other authentication file depening on the hardware (netPI or netFIELD Connect) during Node-RED start.

Thx
Armin
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply
#3
Thank you for a detailed answer. I just switched to the new container. It still works fine. Smile
  Reply
#4
Well I would not call is "new" container ... it is nearly as old as the netpi-nodered-fieldbus container. :-)
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Node Red configuration LucioFiam 3 1,648 November-30th-2022, 05:14 PM
Last Post: Armin@netPI
  Reset Password s.stucchi 5 2,796 March-21st-2022, 04:38 PM
Last Post: s.stucchi
  cifx0 and Node-Red fabio1975 5 3,104 November-22nd-2021, 01:13 PM
Last Post: Armin@netPI
  Node red web UI issue DSongra 3 3,151 July-22nd-2021, 02:47 PM
Last Post: Armin@netPI
  Node-RED 'projects' possible on netPI? JG_KIT 2 2,305 July-20th-2021, 01:11 PM
Last Post: JG_KIT
  Node-RED: OpcUa Client node tad 4 4,397 June-9th-2021, 08:51 AM
Last Post: tad
  Portainer password reset r.nilles 1 2,519 January-25th-2021, 11:12 AM
Last Post: Armin@netPI
  Accessing a modbus device connected to RTE port from Node-RED tad 10 7,905 October-2nd-2020, 07:21 AM
Last Post: Armin@netPI
  5 x NL 50-Mpi and Node Red like colector data? Jotarod 4 3,886 September-14th-2020, 01:59 PM
Last Post: Armin@netPI
  Node-Red "http in"-Node not working DWxPro 8 7,497 June-19th-2020, 01:12 AM
Last Post: DWxPro

Forum Jump:


Users browsing this thread: 2 Guest(s)