Node Red Dashboard - Password Protection

[Jörg Wende]

Hi,

thank you for the dashboard nodes - it is a great help to scetch a UI very fast ....

But how would I protect the UI ?

Cheers

J.

[Paul Reed]

Hi Jorg

To password protect the dashboard, enable the section in your node-red 'settings.js' which starts with;

To password protect the node-defined HTTP endpoints

Paul

[Claudio Francesconi]

i uncommented and changed the httpNodeAuth part in the settings.js

but anonymous user can still visit the page

what's my mistake?

[Paul Reed]

Have you restarted the NR server?

[Claudio Francesconi]

yes

[Luis GCU]

hello,

you have to restart  node red so the change have effect. 

[Claudio Francesconi]

yes i did it many times

and i did the changes in the pictures

[Claudio Francesconi]

this is my config file

https://pastebin.com/4XEARNQ2

[Nick O'Leary]

HI Claudio,

which settings file did you edit?

When Node-RED starts, it logs the exact settings file it is using. Have you confirmed you're editing the right file? This is a common reason for adminAuth not working as expected.

Nick

On 19 May 2017 at 09:59, Claudio Francesconi <claudiofr...@gmail.com> wrote:

this is my config file

https://pastebin.com/4XEARNQ2

--
http://nodered.org
 
Join us on Slack to continue the conversation: http://nodered.org/slack
---
You received this message because you are subscribed to the Google Groups "Node-RED" group.
To unsubscribe from this group and stop receiving emails from it, send an email to node-red+unsubscribe@googlegroups.com.
To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.
To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/bf02530c-7136-4974-8101-054ec10e2405%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Claudio Francesconi]

yes sir

following the log i edited the right setting:  in  /home/pi/.node-red/settings.js 

actually the adminAuth is working (for the editor interface) the problem is the UI which is exposed to all the anonymous users..

any idea?

[Nick O'Leary]

Ah sorry, too many threads of conversation - I got mixed up.

Good that adminAuth works. Not sure why httpNodeAuth wouldn't be working for the dashboard - it certain works here. One thought is that the dashboard does quite aggressive caching in the browser - it may have the dashboard cached locally so it doesn't hit the protected end-point. Try clearing the browser cache.

Nick

--

http://nodered.org
 
Join us on Slack to continue the conversation: http://nodered.org/slack
---
You received this message because you are subscribed to the Google Groups "Node-RED" group.
To unsubscribe from this group and stop receiving emails from it, send an email to node-red+unsubscribe@googlegroups.com.
To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/17a5235b-1160-4e22-bd27-bfc647ff56bd%40googlegroups.com.

[Luis GCU]

That make sense .. and I believe it happend to me once.. try to acces node-red ui from other computer or phone in your LAN.
Regards

[Claudio Francesconi]

unfortunately it's not the problem about cache

Il giorno venerdì 19 maggio 2017 16:57:15 UTC+2, Nick O'Leary ha scritto:

Ah sorry, too many threads of conversation - I got mixed up.

Good that adminAuth works. Not sure why httpNodeAuth wouldn't be working for the dashboard - it certain works here. One thought is that the dashboard does quite aggressive caching in the browser - it may have the dashboard cached locally so it doesn't hit the protected end-point. Try clearing the browser cache.

Nick

On 19 May 2017 at 15:52, Claudio Francesconi <claudiofr...@gmail.com> wrote:

yes sir

following the log i edited the right setting:  in  /home/pi/.node-red/settings.js 

actually the adminAuth is working (for the editor interface) the problem is the UI which is exposed to all the anonymous users..

any idea?

Il giorno venerdì 19 maggio 2017 11:01:10 UTC+2, Nick O'Leary ha scritto:

HI Claudio,

which settings file did you edit?

When Node-RED starts, it logs the exact settings file it is using. Have you confirmed you're editing the right file? This is a common reason for adminAuth not working as expected.

Nick

 

--

http://nodered.org
 
Join us on Slack to continue the conversation: http://nodered.org/slack
---
You received this message because you are subscribed to the Google Groups "Node-RED" group.

To unsubscribe from this group and stop receiving emails from it, send an email to node-red+u...@googlegroups.com.

To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.

[Claudio Francesconi]

HEY GUYS

i apologise to everybody

IT WAS THE CACHE :)

the problem is that google chrome is a crap and doesnt actually erase the cache

 

[Hamid Zaker]

[hate...@gmail.com]

Hi Nick,

Is there anyway to protect the specific tab/page on UI-Dahsboard?

for example I have several tab/page running, but I need to give one of this pages to customer for monitoring purposes.

is there  any way to set a password or hide other tab/page on Dashboard?

Thanks. 

On Friday, May 19, 2017 at 2:01:10 AM UTC-7, Nick O'Leary wrote:

HI Claudio,

which settings file did you edit?

When Node-RED starts, it logs the exact settings file it is using. Have you confirmed you're editing the right file? This is a common reason for adminAuth not working as expected.

Nick

On 19 May 2017 at 09:59, Claudio Francesconi <claudiofr...@gmail.com> wrote:

this is my config file

https://pastebin.com/4XEARNQ2

--
http://nodered.org
 
Join us on Slack to continue the conversation: http://nodered.org/slack
---
You received this message because you are subscribed to the Google Groups "Node-RED" group.

To unsubscribe from this group and stop receiving emails from it, send an email to node-red+u...@googlegroups.com.

To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.

[Julian Knight]

That's not how Dashboard works. Basically Dashboard is an AnglularJS single-page web app. The apparent tabs are not really different pages. As the "paging" happens on the client (browser) end, it is hard, if not impossible to protect a single tab.

The best approach is to create a separate page (not using Dashboard) for the customer which you can secure independently. Or to run more than one instance of Node-RED with the second instance being dedicated to displaying the customer information.

[hate...@gmail.com]

Thank you Julian for your reply,

I am not sure that which way could be better in terms of saving more hardware resource, but I think making another instance of Node-RED might be easier.

would you happen to know how I can make another instance of Node-RED?

[Julian Knight]

Well a second instance is certainly a fair overhead on a Pi but not much on larger machines.

By far the easiest way to handle multiple instances also happens to be my preferred way of running NR in production.

Create a folder for each instance that must be accessible to the user that will run them.

In each folder, use "npm init" to create a package.json, then do "npm install node-red --save". 

Create a sub-folder to hold your settings.

You then need to create a startup javascript file and add a script entry to package.json so that "npm start" will start node-red for testing. Don't forget to pass the required parameters to give the custom settings folder.

{
    "name"         : "my-node-red-project",
    "version"      : "0.0.1",
    "dependencies": {
        "node-red": "~0.13.4",
    },
    "scripts": {
      "start": "node node_modules/node-red/red.js --userDir ./data"
    },
}

Now you can repeat for as many instances as you like and as long as you set a unique port for each, you can run them in parallel. Of course, each instance has its own version of node-red and so you can test different versions or run different flows or both.