Best way to password protect uibuilder

orrinen · 14 December 2023 16:17

Till now i have used cloudflared, but has its limitations.
What other good options is there to secure ui builder webpage ?
Would securing it using http node auth be good?

TotallyInformation · 14 December 2023 18:20

Hi. I don't personally recommend using the http nodes.

The "best" method will depend a lot on your needs of course. One way would be to use your own auth setup using a reverse proxy like NGINX.

Perhaps you could expand a little on your requirements and maybe indicate what you find limiting with Cloudflare Zero Trust?

marcus-j-davies · 14 December 2023 18:22

Voice of reason here.

Don't put it on the internet

TotallyInformation · 14 December 2023 18:25

Though a bit like saying: "I have this car, what's the best way to stop it getting scratched? A: Don't drive it on the roads."!

The Zero Trust service (and similar tools) are like seat belts (and lights, brakes, crumple zones and passing your driving test) for cars.

orrinen · 14 December 2023 21:13

What i need is just basic password protection. No more than that required. I belive enabling httpnode auth in settings.js would be sufficient. I think NGINX is not necessary, as it provides alot i dont need.

bakman2 · 15 December 2023 04:57

"You think you don't need" - the point of nginx together with ssl and some other form of authentication/authorization is to actually secure it. node-red directly to the internet with just basic auth on http-in is not secure - do not do this.

nginx is not easy, but there are "helpers" available like npm (nginx proxy manager) that can help with the security/certificate setup and lets you easily manage all kinds of endpoints.

orrinen · 15 December 2023 19:30

I already have ssl/tls encryption through cloudflare tunnel. If enabling http node auth in settings.js is good enough as password protection than i make use of that.

TotallyInformation · 16 December 2023 00:01

So isn't the 50 free user accounts available with CF ZT enough for you?

orrinen · 16 December 2023 03:17

For now it is. But for the future if i would need more than 50, then authentication with node-red would be my next option. (Enable httpnodeAuth)

TotallyInformation · 16 December 2023 13:36

OK, fair enough. I've never really done anything serious with that option so I'd welcome any feedback or instructions you can share when you get to it, I can then share them in the docs.

system · 14 February 2024 13:37

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Set login page with session and access control in uibuilder General node-red-contrib-uibuilder	2	436	25 November 2022
UIBuilder - Authentication & login page example General node-red-contrib-uibuilder	3	375	14 April 2023
UIbuilder behind NGINX reverse proxy General node-red-contrib-uibuilder , security	5	3078	17 March 2021
Uibuilder: Security Proposal Developing Nodes node-red-contrib-uibuilder	17	2129	14 May 2020
/ui protection using httpNodeAuth in settings.js Dashboard	4	482	3 November 2020

Best way to password protect uibuilder

Related Topics