• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
secure node-red with a username and password
I have the hilschernetpi / netpi-nodered-fieldbus container running. It works fine. Now I would like to secure node-red with a username and password. Is that possible?

I found the following instructions on the Internet: "The password to be used must be stored as a hash in the settings.js of Node-RED. This is done with the Admin CLI Tools, which must, however, be installed beforehand." The instructions refer to SSH access, which does not exist.
Does anyone have any experience with it and can give me a hint?
The official Node-RED security page is located here: https://nodered.org/docs/user-guide/runt...g-node-red. There you can read how to protect it. 
It needs you 
1. to modify * the Node-RED "settings.js" file to enable login feature 
2. to provide a routine that checks the username and password (after the credentials were entered by the user) to give feedback to Node-RED to be allowed to open the editor or not

We on our side offer another similar Docker image here: https://hub.docker.com/r/hilschernetpi/netpi-nodered. It includes next to the fieldbus node - which you are using -  also other useful nodes ... but nevertheless this Node-RED version I am referencing above include a user name and password protection.

The source code of this Node-RED is located here: https://github.com/HilscherAutomation/netPI-nodered. In this repository you find a subfolder "auth" containing two files. These files are both relevant to authenticated against the netPI's (or our other gateway called netFIELD Connect) web user interface. So whenever you use this Node-RED it will ask you for username and password ... which are the same as you are using for the standard web UI. Of course you can do it differently ... but we did it in that way.

The two files are copied during the container build in the same folder as the node-red "settings.js" is located. When the container is started the first time its initial file started https://github.com/HilscherAutomation/ne...rypoint.sh in turn modifies the settings.js file in the section "adminAuth" to let it load either the one or the other authentication file depening on the hardware (netPI or netFIELD Connect) during Node-RED start.

You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

Thank you for a detailed answer. I just switched to the new container. It still works fine. Smile
Well I would not call is "new" container ... it is nearly as old as the netpi-nodered-fieldbus container. :-)
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)


Possibly Related Threads…
Thread Author Replies Views Last Post
  Node Red configuration LucioFiam 3 1,890 November-30th-2022, 05:14 PM
Last Post: Armin@netPI
  Reset Password s.stucchi 5 3,120 March-21st-2022, 04:38 PM
Last Post: s.stucchi
  cifx0 and Node-Red fabio1975 5 3,385 November-22nd-2021, 01:13 PM
Last Post: Armin@netPI
  Node red web UI issue DSongra 3 3,370 July-22nd-2021, 02:47 PM
Last Post: Armin@netPI
  Node-RED 'projects' possible on netPI? JG_KIT 2 2,494 July-20th-2021, 01:11 PM
Last Post: JG_KIT
  Node-RED: OpcUa Client node tad 4 4,746 June-9th-2021, 08:51 AM
Last Post: tad
  Portainer password reset r.nilles 1 2,680 January-25th-2021, 11:12 AM
Last Post: Armin@netPI
  Accessing a modbus device connected to RTE port from Node-RED tad 10 8,406 October-2nd-2020, 07:21 AM
Last Post: Armin@netPI
  5 x NL 50-Mpi and Node Red like colector data? Jotarod 4 4,149 September-14th-2020, 01:59 PM
Last Post: Armin@netPI
  Node-Red "http in"-Node not working DWxPro 8 8,069 June-19th-2020, 01:12 AM
Last Post: DWxPro

Forum Jump:

Users browsing this thread: 1 Guest(s)