Protecting the dashboard using username and password interface

3,401 views
Skip to first unread message

GraphSam

unread,
Feb 11, 2017, 4:21:39 PM2/11/17
to Node-RED UI

Hello,

Excellent Node-RED UI dashboard by really professional and it covers most of IoT requirements.  

I would like to know if there's any step-by-step guide to protect the included UI widgets in the dashboard using username and password?

Thanks in advance!

Nick O'Leary

unread,
Feb 11, 2017, 4:24:49 PM2/11/17
to GraphSam, Node-RED UI
Hi,

please search the mailing list (ideally, the main Node-RED mailing list as that is more active) - this question is addressed quite often.

Nick

--
You received this message because you are subscribed to the Google Groups "Node-RED UI" group.
To unsubscribe from this group and stop receiving emails from it, send an email to node-red-contrib-ui+unsub...@googlegroups.com.
To post to this group, send email to node-red-contrib-ui@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red-contrib-ui/97f64e80-0e12-44cc-bb45-97a2c0e47e84%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Peter Scargill

unread,
Feb 12, 2017, 12:45:25 PM2/12/17
to Node-RED UI
There certainly is a way to protect the overall UI with username and passwords, unaware of any way to protect individual items. I have noted in here however that the current method of username and password, sometimes, for some systems (in my case mobile) asks for passwords rather too often. It would seem by the lack of comments that is not a problem that everyone faces - either that or no-one is using the UI on mobile - OR not bothering with passwords. 

Paul Reed

unread,
Feb 12, 2017, 2:26:36 PM2/12/17
to Node-RED UI
Yes Pete - it does ask far too often!
I started off with a nice long very secure password, but due to the frequency of having to use it, it's got shorter and shorter!!

Paul

Peter Scargill

unread,
Feb 15, 2017, 9:00:25 AM2/15/17
to Node-RED UI
I know it doesn't sound nice but I'm kind of glad you're having that problem - as it happens to me - and I know of another fellow having the problem......I'm sure there are many more who've just assumed they are doing something wrong and not said anything - the login at the UI end is not at all ideal...

I have a little feedback loop to ensure I get a flashing light on the phone end - that actually reflects the fact that I'm online - when the password insists on coming up - the loop actually cancels the login and starts it again so it is impossible to fill in the username and password - I have to go into Node-Red and temporarily cut the feedback loop  - not exactly end user stuff...


Pete.

Nick O'Leary

unread,
Feb 15, 2017, 9:01:45 AM2/15/17
to Peter Scargill, Node-RED UI

--
You received this message because you are subscribed to the Google Groups "Node-RED UI" group.
To unsubscribe from this group and stop receiving emails from it, send an email to node-red-contrib-ui+unsub...@googlegroups.com.
To post to this group, send email to node-red-contrib-ui@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red-contrib-ui/af0055f9-31f8-4e76-8c54-bc0126fa97e3%40googlegroups.com.

Peter Scargill

unread,
Feb 15, 2017, 9:11:55 AM2/15/17
to Node-RED UI
Issue raised


On Sunday, 12 February 2017 20:26:36 UTC+1, Paul Reed wrote:

Andres Cotes

unread,
Apr 12, 2017, 1:16:41 AM4/12/17
to Node-RED UI
lo logre con nginx 

server {
          listen 80;
          server_name su-dominio.com;
          access_log /var/log/nginx/access.log;

    location / {
                proxy_pass http://localhost:1880;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
               }

 }
    location /dashboard/ {

                            auth_basic "Admin Login";
                            auth_basic_user_file /etc/nginx/pma_pass;
                            proxy_pass http://localhost:1880/dashboard/;
                            proxy_http_version 1.1;
                            proxy_set_header Upgrade $http_upgrade;
                            proxy_set_header Connection "upgrade";
     }

   
    

Julian Knight

unread,
Apr 12, 2017, 3:09:54 AM4/12/17
to Node-RED UI
Useful, thanks for sharing that - however, a reminder that using a password without requiring https is not a good idea since the password will be sent over the wire in clear text.

Claudio Francesconi

unread,
May 21, 2017, 4:55:19 AM5/21/17
to Node-RED UI
Yeah
I just activated the httpnodeauth and the UI is asking me credentials almost every time in my iPhone. Is there a solution for that?

Paul Reed

unread,
May 21, 2017, 5:09:08 AM5/21/17
to Node-RED UI
This is a well reported complaint about dashboard security and which the development team are aware, and which is well documented in previous posts.
That's why my dashboard is unsecured at the moment, as I seem to be constantly having to log in, same as you.

Hopefully will get sorted soon.

Claudio Francesconi

unread,
May 21, 2017, 5:11:17 AM5/21/17
to Node-RED UI
i see.
i just noticed that
on iOS if you save the page to home screen.. when you recall it it seems to work without auth

Peter Scargill

unread,
May 21, 2017, 7:08:38 AM5/21/17
to Node-RED UI
Oh excellent that is my biggest (just about only) gripe with Dashboard....
Reply all
Reply to author
Forward
0 new messages