Hi all,
I have just created a login/user for my dashboard. Basically I want to have it, but it is very annoying to be used from my mobile (iPhone).
Opening up the dashboard in my Safari Browser takes 10seconds until the login screen appears - here I have to enter the login/password each and every time.
Is it possible to login automatically ? Something like user:pass/loginpage ? Or to create a shortcut on my mobile with auto-login ?
BR
Gawan
I assume you are using Dashboard v1? If so, that uses AngularJS v1 which is quite ancient and rather bloated so may not perform well on a mobile browser.
I also assume you are doing this over the internet?
If so, you MUST make sure you have https connectivity set up BEFORE sending any userid/password data. Trying to bypass a login somehow from your mobile would be rather counter-productive to any security and therefore is not recommended. Instead, you should use some kind of modern authentication service to control access to Node-RED (typically OAuth). The easiest way to do that is not in node-red itself but via a trusted 3rd-party such as Cloudflare's Zero Trust service (free for up to 50 users).
no, I am using the dashboard version 3.6.2 together with nod-red 3.1.3
Unfortunately I have absolutely no idea how to add another layer of security.
Is cloudflare something I have to register and give them my credentials to my node-red so that they can "secure" it for me ?
Somewhat unfortunately, there are now 2 things, both called Dashboard so people are referring to them as Dashboard 1 and Dashboard 2. That is separate to their actual version numbers I'm afraid.
As you are using v3.6.2, that has to be Dashboard 1. Not at all confusing is it! 
Back to the other questions though. Over the Internet? I assume yes.
Do you have HTTPS configured? THIS IS REALLY IMPORTANT. Because if not, you really need to disconnect the Dashboard from the Internet now. Whatever ID and password you may have already used must be considered compromised as well.
Making something accessible over the Internet is not a task to be taken lightly as you will see from the plethora of compromised systems we've heard about on the forum recently. There are people out there actively targetting poorly secured, Internet-facing, Node-RED systems.
If you really need to do this and don't have the skills to roll your own proper protection, the best approach by far is to use a trusted cloud service as an intermediary.
So yes, Cloudflare Zero Trust (and similar tools) are cloud based and yes, you have to have a login to the service and define user logins on their servers. While you might think this less secure that having everything on your own server, in this case it is not. They spend millions of $$ per year ensuring their security and yours.
The types of service I am recommending are security proxies. You leave your private server behind closed walls and run a small service on the server which reaches outward to the Cloudflare service. This is important because there is no inbound "hole" in your router for someone to exploit. Indeed, there is no direct connection to your internal network or servers at all. You then configure a proxy endpoint that gives controlled access.
Please do take the time to read the security FAQ's section of this forum and the other Node-RED security information.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy