Setting up a secure connection

I've only been experimenting with Node-red for a couple of days. I'm warned that my connection is unsecured and so I've read the documentation that deals with enabling HTTPS access. Quoting from the documentation:

As a minimum, the options should include:

key - Private key in PEM format, provided as a String or Buffer
cert - Cert chain in PEM format, provided as a String or Buffer

From here on it all becomes a dark art with a never-ending list of options.

How can I simply secure my Internet connection?

If you aren't sure, experimenting isn't a particularly safe thing to do.

If you need to access Node-RED from outside your local network. The easiest thing to do is to use something like NGROK or a full VPN. Just beware that the default configuration of NGROK is not secure. There is a post I did quite a while back on the forum that describes how to get a secure NGROK connection.

If you don't need full remote access, even better is to set up a Telegram bot and use that as a simple interface.

If you explain more about what you actually want to do, people could probably help with more specific advice.

Thank you for your reply.

When Node_red is started the warning "unsecured connection" is displayed on the address line of the browser. I assume that this means that my Raspberry Pi is susceptible to attack from the outside.

My question is, how do I fix this, or do I need to?

You don't need to worry unless you have opened up node red to the internet (by forwarding port 1883 in your router for example). If you are just accessing it within your home network then there is no problem. I am surprised that the browser would warn you in that case though. Exactly what are you putting in the browser address bar? Which browser is it?
Also exactly how is the browser warning you?

Some browsers are now starting to warn if you do anything with just http and not https

2 Likes

Thank you Colin and dceejay for your replies.

I'm using the Raspberry Pi default browser, Chromium if I remember correctly. I'm entering the address that Node-Red suggests when it starts. The warning is, or was, on the address bar.

It's all a bit academic at the moment since I can no longer get Node-Red to start.

In that case, and you haven't opened node-red up to the internet in your router, then don't worry about it. It is just the browser being a bit paranoid. Unless, that is, you are worried about others who have access to your wifi trying to hack into your system.

2 Likes