Securing node-red with budibase

so I am wanting the same thing , i got this from my thread

TotallyInformationRegular

11h

No such thing. Silly answers certainly, but not questions :grinning:

There are lots of things you can do.

If you have an existing web server that you can configure, you can set it up to act as a reverse proxy for Dashboard and add security that way. That is by far the way I personally prefer to do it rather than trying to mess with Node-RED configurations. I've shared some information on doing that both with Caddy and NGINX. In fact, the uibuilder tech docs have 3 pages on security including one specifically about using NGINX. How to use NGINX as a reverse proxy with TLS and identity authentication (totallyinformation.github.io) .

If you can't do that, things get rather more complex I think. But you cannot use an existing web page to do the security and then simply hand off to Dashboard. If you could do that, it would make the web a very insecure place.

You could have logon/logoff pages that then redirected to Dashboard but you are back tot he same issue. You need Node-RED's ExpressJS server to recognise and validate the authentication and that requires some middleware.

So by far the easiest, safest and probably the most secure option is to use a reverse proxy. Either the existing web server you talk about or, a new one configured specifically to proxy one or more bits of Node-RED. Notably the Editor and Dashboard (with their websockets, not just the pages) and maybe that excellent tool that some nice gentleman wrote for creating data-driven web UI's with Node-RED - I think it might be called ... hmm, let me think ... Oh, uibuilder, that's it!