Securing Dashboard on IBM Cloud

I'm trying to create some kind of user authentication to prevent unwanted access to my NodeRED's User Interface. I've searched online and found 2 solutions, that for some reason didn't worked out. Here they are:

1 - Tried to add the httpNodeAuth{user:"user", pass:"password"} key to the bluemix-settings.js but after that my dashboard kept prompting me to type username and password, even after I typed the password defined at pass:"password" field.

2 - Added the user defined Environtment Variables NODE_RED_USERNAME : username and NODE_RED_PASSWORD : password . But nothing has changed.

Those solutions were sugested here:
Thanks for the help, guys!

Hi @alexmacabu - just to clarify, you want to secure the Dashboard created by Node-RED Dashboard, rather then the editor itself?

Those two environment variables are for securing the editor, not the dashboard.

The right way to do it is with httpNodeAuth. When you set that up, did you hash the password before adding it to the file? More details of how to do that here:

I need to secure the Dashboard, the editor is already secured. No I didn't hash the password, maybe that is why it kept prompting me to type the username and password. I've just added the line httpNodeAuth{user:"admin",password:"blah-blah-blah"}.

The thing is...Since I can't access the terminal to create the Hash, how I do this on IBM? :thinking:

You could use any bcrypt hashing utility, such as:

Great idea! So I just have to generate the hash for the desired password and add it here? I must be doing something wrong because I still getting the same username/password prompt

    // Serve up the welcome page
    httpStatic: path.join(__dirname,"public"),
    //GUI password authentication (ALEX)
    httpNodeAuth: {user:"Administrator",pass:"$2y$12$yv1xW/Pe7TN8O3pgDIKXKu7GRXmOn0676hj9FjVMo5I1uH4MOHuKD0yy"},
    functionGlobalContext: { },

Little update on the case: I tried hashes with 4, 8 and 10 rounds, but got the same behavior.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.