I see no difference in authentication


#1

I'm running node-red in a RPI3 and I have followed the https://nodered.org/docs/security#generating-the-password-hash tutorial, modified the setting.js file and still, I see no difference when accessing the website. I'm not asked for any authentication at all.

What could the problem be? I have enabled the AdminAuth, httpNodeAuth and httpStaticAuth. I have never seen this problem addressed anywhere else.

Thank you,

Elpiedras


#2

Most often, when your changes to the settings file are not taking effect, it means you have edited the wrong file. There is one delivered with the installed code, which is then copied into your user directory (typically ~/.node-red) when the server first runs.

To make sure you have changed the correct file, check the first dozen lines of your console log, where the absolute path to the settings.js file is printed for you. Stop the server, modify that file, and restart -- hopefully that fixes the problem.


#3

Absolutely right, that was exactly my problem, the setting.js file was in a hidden folder.

Fixed and now it works. What an accuracy with the little info I have given.

Thank you very much!


#4

Oh, good -- BTW, that "hidden" folder is actually the main folder for your node-red runtime, unless you are using the -u <userdir> option on the command line... So any changes to the way node-red runs (root paths, port numbers, authorization) would be done is the same file, ~/.node-red/settings.js.

That is also where your package.json, flows_xxx.json, and flows_xxx_creds.json files will be. The package file lists all the dependent nodes that have been installed, and the flows files hold your actual flows (strangely enough). So it's important to have a backup system in place, especially if you are not using the Projects feature (saves your flows in a git repo).