Securing node-red with budibase

I just integrated my node-red to budibase in the same docker-compose, but I would like to add security to my node-red with some users created in budibase.

For those who do not control budibase, they have a simple user api, but i dnt know if it's what I'm looking for...

I don't have much experience with security in node-red, only the usual credentials in settings.js

I would not currently know if node-red can be secured with a database ... or what is the best way to add users for the http in that I create

(omg im so bad explaining myself)

In summary, I want some users to be able to see the apps that I create in budibase, but if they are not logged in they cannot access node-red directly from the browser

Someone did some like that?

so I am wanting the same thing , i got this from my thread

TotallyInformationRegular

11h

No such thing. Silly answers certainly, but not questions :grinning:

There are lots of things you can do.

If you have an existing web server that you can configure, you can set it up to act as a reverse proxy for Dashboard and add security that way. That is by far the way I personally prefer to do it rather than trying to mess with Node-RED configurations. I've shared some information on doing that both with Caddy and NGINX. In fact, the uibuilder tech docs have 3 pages on security including one specifically about using NGINX. How to use NGINX as a reverse proxy with TLS and identity authentication (totallyinformation.github.io) .

If you can't do that, things get rather more complex I think. But you cannot use an existing web page to do the security and then simply hand off to Dashboard. If you could do that, it would make the web a very insecure place.

You could have logon/logoff pages that then redirected to Dashboard but you are back tot he same issue. You need Node-RED's ExpressJS server to recognise and validate the authentication and that requires some middleware.

So by far the easiest, safest and probably the most secure option is to use a reverse proxy. Either the existing web server you talk about or, a new one configured specifically to proxy one or more bits of Node-RED. Notably the Editor and Dashboard (with their websockets, not just the pages) and maybe that excellent tool that some nice gentleman wrote for creating data-driven web UI's with Node-RED - I think it might be called ... hmm, let me think ... Oh, uibuilder, that's it!

I just started reading it. so I cant walk you through it but it is better then no login