Hi Team,
I'm running node-red on linux (Ubuntu) and I haven't been able to figure out how to secure the editor. I've made the changes to the settings.js file according to this article Securing Node-RED : Node-RED , but it won't ask for the credentials once I open node red in my browser. I've tried different browsers (a suggestion on another post) and no luck.
Any ideas?
Thanks.
make sure the it is the correct settings file. during startup you can see whcih settings file is being loaded. i had done similar mistake sometime back.
Hi @smanjunath211 ,
I have, and I can open the settings file and see the changes.
No idea why it's not working.
Have you restarted Node-red?
Can you show us the relevant bit of settings.js?
Obviously falsify the login and password hash before posting.
Hi Team,
Here's the info for the settings file address:
19 Feb 12:20:03 - [info] Node-RED version: v4.0.9
19 Feb 12:20:03 - [info] Node.js version: v20.18.1
19 Feb 12:20:03 - [info] Linux 6.8.0-49-generic x64 LE
19 Feb 12:20:03 - [info] Loading palette nodes
19 Feb 12:20:04 - [info] Settings file : /root/.node-red/settings.js
19 Feb 12:20:04 - [info] Context store : 'default' [module=memory]
19 Feb 12:20:04 - [info] User directory : /root/.node-red
19 Feb 12:20:04 - [warn] Projects disabled : editorTheme.projects.enabled=false
19 Feb 12:20:04 - [info] Flows file : /root/.node-red/flows.json
And here's the settings file piece
adminAuth: {
type: "credentials",
users: [
{
username: "admin",
password: "$2y$0................",
permissions: "*"
}]
},
I tried restarting node red with the node-red-restart command to no luck.
I suspect this is because you are running node-red from a root terminal and not the account your service uses.
Stop node-red (node-red-stop) then Start node-red using node-red-start and see what settings file it reports.
Hi @Steve-Mcl ,
You lost me here "..the account your service uses".
How do I know the account? I have root access to the server.
Since you mentioned " node-red-restart " I assume Node-RED was installed using the installer script.
The installer script setups Node-RED (typically) to NOT run as root (because that can be dangerous) but instead uses the account that installed it.
So just for one moment forget I said that and perform the actions I stated:
node-red-stop will stop the service.
node-red-start will start the service using the account it was configured to use and you will see which user (and which settings file to edit) in the log output.
this assumes you did actually use the official installer script
Hi @Steve-Mcl ,
I'm new to Linux, so I might be confusing the whole thing.
I used the "sudo npm install -g --unsafe-perm node-red" to install node red.
Running the node-red-stops/start/restart is giving me a "command not found" error message.
Is this Ubuntu machine local or a shared portion of a machine in a data centre?
No criticism intended but that is a dangerous combination!
This is a shared portion of a machine and I agree about it being a dangerous combination. Thankfully all we're running is an MQTT Broker and Node Red, which should keep all fires to a minimum.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy
