Node red access from outside with HTTP authentication

I have both 1880 and 1880/ui security protected with SSL certification so every time I access either one I need to enter a password and logon ID. My question is how can I provide my credential's via HTTPS?. I am trying to stream video via 'HTTPS://192.168.0.111:81/stream' which doesn't work because of the security.
Cheers.....

Without a LOT more information about how/where you've configured the authentication we can't answer this.

But if I had to guess.

If you have enabled httpNodeAuth to protect your dashboard then this will also apply the same username/password to all HTTP endpoints served by Node-RED (e.g. the HTTP-in node).

This is just the way things are, you can not selectively authenticate just certain endpoints.

Hi, thank you for your reply. I have enabled the httpNodeAuth. I was hoping that I could pass the credentials by adding something like password=XXXXXX and ID=XXXXX in the HTTPS header but from what you are saying, I guess there is no way. I will have to seek another solution. Cheers...

You can always pass the Authorization header and encode the username/password with the Basic Auth scheme.

Hi, sounds very interesting. Could you please point me to instructions on how to achieve this with examples if possible. I am not very familiar with this procedure. Many thanks....

Hello thewaver,

I used also the basic authentification, if your are using the logon in node-red (from my point of view SSL has mostly nothing to do with authentification, like a logon).

https://«username»:«password»@«URL»:«PORT»/ui/

for you it might look like:
https://«username»:«password»@192.168.0.111:81/stream/

Cheers
Ranki

Hi Ranki, thank you for your help. I have tried what you suggested with no luck:

'msg.payload="<p><img src='https://myusername:mypassword@192.168.0.111:81/stream'/></p>";
return msg'

I have checked on an unsecure node red using the same flow but different HTTP header and it works just fine:

msg.payload="<p><img src='http://192.168.0.111:81/stream'/></p>";
return msg;

Cheers Don...

Hello Don,

Please check again as you are using one time «https» and one time «http» only.. And I propose to go step by step:

  1. First validate the URL and source by opening the URL in a browser or via wget (from the server node-red is running)
  2. If the URL is proofed you can start to implement it in other environment (e.g. node-red).

Otherwise you do not know, where the problem is located ...

Cheers
Ranki

Hi Ranki, once again many thanks for your help.

I have a video source at 111 (espcam32) and I can connect directly to this with 'http://192.168.0.111:81/stream' from a browser.

I want to display this video stream in my node red ui which is secured with SSL certification and when I access my node red ui I have to use https://xxx.xxx.xxx.xxx:1880/ui

I might be wrong here, but in order for the video stream to be enabled in my secured node red ui, it has to log into the node red ui using the SSL authentication (HTTPS):

In the function node I have:

msg.payload="<p><img src='https://myusername:mypassword@192.168.0.111:81/stream'/></p>";
return msg;

which connects to a template node:

<div ng-bind-html="msg.payload"></div>

I have tried all of the above in a non secured node red with exactly the same flow but amended the function node as below and it works fine.:

msg.payload="<p><img src='http://192.168.0.111:81/stream'/></p>";
return msg;

Somehow, the SSL security is not allowing the stream to access my SSL secured node red ui

Cheers Don...

Hi Don,

maybe I do not get the exact point; I try to summarize, what I understood:

  1. You have a node-red implementation, which is secured via SSL (https://xxx.xxx.xxx.xxx:1880/ui)
    => no login required.
  2. You have another server/ computer, where a stream will be provided without SSL (http://192.168.0.111:81/stream)
    => also no login required?!

So, I do not see, that any login is required, so you do not need to use the basic authentification, what you asked for ... and the URL does not need anything like : - This is only, if an authorization is required. SSL has mostly nothing todo with authentification; it is more like an identification and trusted/ secure connection between two clients/ servers.

Furthermore I understood:
As long as the node-red instance is not used with SSL (http://xxx.xxx.xxx.xxx:1880/ui instead of https://xxx.xxx.xxx.xxx:1880/ui) you can access the streaming URL. Is this correct?

If it is like this I have only one thing in mind:
Some browser settings might prevent you to show secure and unsecure contents in one site. Sometimes some error message occurs, which will ask you, if you want to allow this. Maybe check your browser, if there are any hints/ messages related to the encryption/ SSL.

A workaround or better solution so to speak would be, that you provide a corresponding SSL certificate also to the server/ client, who is providing the stream and include it with https.

Cheers
Ranki

Hi Ranki,
Thank you for your help, I do appreciate it.
For number 1. I do have to login (user ID and password)
For number 2. no login required
I CAN access the streaming URL using the node red instance without SSL (http://xxx.xxx.xxx.xxx:1880/ui)

I can log into my secure node red instance (https://xxx.xxx.xxx.xxx:1880/ui) and was hoping that passing the login details from the non secure streamer server in the browser header to the secure server would allow login, but as we have proved, this is not the case.

I really don't think that its anything to do with the browsers as I've tried it with both chrome and edge.

It must be the format of passing the login credentials from the non secure server to the secure server. This I cant find with Google.

Cheers Don....

Hi Don,

I bet that this problem is because of the mix of secure and insecure content and in the end it is the browser (everyone of them), who‘s complaining. The login has nothing to do with this problem.

Have a look at the answer in this post. There it is explained as well: ssl - Insecure content in iframe on secure page - Stack Overflow

Therefore you can believe it or not. I think you only have two/ three ways to deal with it:

  1. Use everything not encrypted (w/o SSL)
  2. Setup the streaming server also for SSL.
  3. Maybe add an exception in your browser for this site.

Cheers
Ranki

1 Like