Hi,
I have my node-red secured with mutual TLS authentication, upon navigating to https://mydomain.com:1880 I am requested to present a user certificate and all works as expected. However, if I first navigate to the node-red powered dashboard at https://mydomain:1880/ui there is no prompt to request the user certificate and the screen remains blank, no errors are displayed. If I navigate to node-red control UI first (it asks for user cert), and then navigate to the dashboard URL it works fine.
The same effect is observable for https in node , so I suspect the issue is more generic, probably not "dashboard" specific problem.
My guess is that https nodes do not respect the settings.js requestCert: true
Hi Martin, it's good to see you here in the node-RED forum, it's been a while since I've heard from you (although I don't spend much time doing emoncms work now).
I hope you are going to sprinkle some of your programming magic here.
This seems to imply that the requestCert setting is also being applied to the Socket.IO connection but the socket.io client isn't configured to provide it?
As you may know, a websocket connection firstly happens over http (https in this case) and is then "upgraded" to ws(s).
Hi Martin,
Would like to help you, but I don't have enough knowledge about the Node-RED architecture...
For example for the HttpIn node, I "think" this flow is being followed at startup:
Your https settings are passed to the https module, so from now I would expect these settings would be applied to both the flow editor and the dashboard?
The runtime (available as the RED variable) is initialized. It seems to me that two new Express servers are started? But not sure...
The runtime is started, so all nodes of your flows are loaded (also your Http-in nodes).
The Http-in node starts listening to requests on the Express called RED.httpNode, which is the nodeApp variable in the runtime (index.js).
Hopefully anybody can explain this a bit more in detail to us, so we can start brainstorming about why your https settings are not applied to the Http-In nodes...
At the moment it is not clear to me how the https module and all the express modules are related to each other...
Thanks for the pointers.
I spent the last couple hours in futile attempts to fix it using the above suggestions but obviously fiddling with node-red internals is too much of a challenge at this point.
A simple workaround: creating a "dash.html" in "~/.node-red/node_modules/node-red-dashboard/dist" that only contains a meta tag redirect to https://mydomain:1880/ui and pointing my browser to https://mydomain:1880/ui/dash.html causes Chrome to require me to present a client certificate and the dashboard loads. Not a complete "Feng Shui", but it does the job until the issue is fixed eventually.
OK I have tried to follow along - and have pushed a small fix to the dashboard master branch on github for you all to try - it attempts to set the socket to use secure:true when using https protocol (which it should have done automatically - but...)