Enable HTTPS + User& pass for websockets in

#1

Good morning

I’m trying to enable https for evident reasons… I have modified settings.js and uncommented lines as follows:

var fs = require(“fs”);
https: {
key: fs.readFileSync(‘privatekey.pem’),
cert: fs.readFileSync(‘certificate.pem’)
},
requireHttps: true

but when doing that node-red is not starting anymore and have error as follows:

pi@raspberrypi:~/.node-red $ node-red
Error loading settings file: /home/pi/.node-red/settings.js
/home/pi/.node-red/settings.js:200
functionGlobalContext: {
^^^^^^^^^^^^^^^^^^^^^

SyntaxError: Unexpected identifier
at createScript (vm.js:56:10)
at Object.runInThisContext (vm.js:97:10)
at Module._compile (module.js:549:28)
at Object.Module._extensions…js (module.js:586:10)
at Module.load (module.js:494:32)
at tryModuleLoad (module.js:453:12)
at Function.Module._load (module.js:445:3)
at Module.require (module.js:504:17)
at require (internal/module.js:20:19)
at Object. (/usr/lib/node_modules/node-red/red.js:115:20)

What else should I do?

From other side and looking also around security stuff…

have created a hash passw and set all info and uncomented lines:

httpNodeAuth & httpStaticAuth:

On a browser is working find, ask me for user and pass to acces the dashboard, however doing like this I can not get websockets anymore, I have tried sending the websockets to user@pass:domain… but this des not works.

Any ideas how I can work on those topics to make my system more safe while keeping functionalities?

Thanks in advance

0 Likes

#2

It is best if you wrap your code in backticks or mark it as preformatted using the edit menu, have a look at the info on using markdown in Discourse for details.

Having said that, although you’ve only supplied a snipped from your settings.js file, you’ve created a syntax error in it. Most likely from missing a comma.

You may find it useful to install a programmers editor with “linting” configured for JavaScript since that will highlight such errors for you - alternatively, paste the whole code into a function node and the build in Node-RED code editor will highlight the error.

0 Likes

#3

Whats about the websockets? How can I make it work when I add user & pass?

0 Likes

#4

When TLS/SSL is working, your websockets will change from ws: to wss: automatically.

Applying authentication and/or authorisation to websockets is a whole different subject on its own.

0 Likes

#5

Then I guess moving to TLS will give me more headaches than advantages… I don’t see clearly how will be able to handle websockets.

From other side regarding https should find the way to solve i’m actually upgrading the full system after adding some new sources once done will keep checking hat can I do with my settings.js however I have compared with a previous version and don’t find the error.

Will post something later seems upgrade will take a while.

Regards

0 Likes

#6

You should probably do some googling as this has been discussed before. There is some info in the docs and some on my blog.

HTTPS will not give you any headaches other than certificate renewal which can be automated via let’s encrypt or even handed off to a free Cloudflare service. But “all” it does is encrypt the traffic between a client and the server. This is still vital if you are exposing your service to the Internet. But of course, it doesn’t automatically provide authentication or authorisation.

To do authentication and authorisation, you need to have a secured login (https again) with a token, you need to then check the token when using websockets - which is the harder part.

You’ve not explained what you are trying to achieve so it is rather hard to help you in detail. There are potential alternatives when working over the Internet. Such as using a secure messaging interface such as Telegram. But this doesn’t meet everyone’s requirements.

0 Likes

#7

The point is I’m using google home with IFTT to send commands to node red via websocked, but If I enable secure connection or user/pass then I don’t know how I still can handle this.

I have being reinstalling all from 0 with a blank new image to add motioneye and clean up and will google it a bit on the coming days to see what is possible to make it more safe while not compromising functionalities.

I have telegram, this could be also an option, from IFTT to telegram, however websockets is running really fine.

Regards

0 Likes

#8

Right so you trigger a Google Home keyword that IFTTT handles.

Well, you don’t need or want websockets for that. You need to create a Maker channel on IFTTT. This has its own security configuration such as an API token. All the details are in the IFTTT Maker channel docs.

All you need is a secure web endpoint. HTTPS is sufficient for this since authentication and authorisation is done via the IFTTT API settings.

You will need a fixed IP address or a Dynamic DNS configuration for the Node-RED end and you will want to configure Let’s Encrypt. Plenty of online instructions for that. This gives you a validated certificate rather than a self-certified one.

If you have something else that is requiring websockets over the Internet, let me know.

0 Likes

#9

Hi sorry to wake up such an old topic but I just had your problem,
There is a "," missing after "requireHttps: true" in the source code
That solve the problem

0 Likes

#10

Perfect, ty I will give it a try

0 Likes

#11

Please raise an issue against the node so we can track and fix this thanks

0 Likes