Shared system folders in multi user instances?

Sorry, i understand.

Do not install from palete with fred ... because it install dashboard locally.

I install it in /home/wbsys/nodered with npm.

There is a solution to launch all users at the same time ? Because, we must to login at each user to start one instance.
Thank you very much

You can't use fred's Editor to install nodes into the central function. You have to manage them centrally using your wbsys user into /wbsys/nodered/. Then restart fred's instance of node-red and they will appear.

If you do install from fred's editor, the node will only be installed for fred and not for everyone.

Ok thanks.

There is a stop command with red.js like that to start ? It is possible to kill all node-red process at one time ?

No, you will need to either track the PID's or create a script that will find and kill all of the node red processes (presumably using ps).

Hello !

Well, with killall node-red we can stop all node-red instance at a time properly, with a -TERM signal (not -9 forcing).

However, do you know how to start all user instances at a time with one bash ? The problem i encounter, i need to login on each user to launtch my start script, id and password...

Thanks

You can start NR with a parameter to give it a specific userDir. So your wbsys user can start all of them. You might need to play with file/folder permissions though so you may need some trial & error to get it exactly right.

You could also run all the instances from wbsys with userDir folders under the same user and then give web access permissions to each user. Easiest done by using a reverse proxy so that users access the proxy and provide a login. This would be a more controlled way and consistent with running a multi-user web service.

In this reverse proxy case, do you think i need to use a Nginx server or may be possible with a NR instance ?

An NR instance would be no use. You need a proper tool. NGINX, Caddy, Apache, HAproxy, ....

Any of those will do the job.

Ok hum... mounting a server, ok for me but build a loging/password page will cause smart overflow :exploding_head:
I see Wordpress with a plugin "theme my login" for that. Do you know ?
https://blogpascher.com/plugins-wordpress/comment-creer-une-page-de-connexion-sur-wordpress

edit: sorry, this acticle is in french

No, Node-RED and WordPress, though very different, are both platforms. One for delivering compute logic, data transformation, etc and the other for delivering web content.

NGINX and similar are web servers designed to efficiently deliver optimised web services. At their simplest they just deliver static web pages but almost anything can do that. Their arguably more important role is to make web services efficient and secure.

Use nginx to Add Authentication to Any Application | Okta Developer

Ok but with that technic, is it needed to secure endpoint UI interface dashboard with user/pass in the settings.js file ? Minimum is to secure stransaction with HTTPS ?

No, you do it all from NGINX via one of the authentication extensions. Or similarly in some other reverse proxy. You don't need to change Node-RED settings.

You MUST always use HTTP when using user authentication. No matter how you are doing it. If you don't, you are better off not having user auth because you are sending people's login details in clear text.

But with a reverse proxy, you need not set https in Node-RED, only in the proxy. The proxy server handles both the https termination and the user authentication. With the added advantage that, once you've done it - you don't have to do anything new for any web service you run through the proxy. Especially useful when running up multiple Node-RED instances that all need to be secured. One 1 set of key/certificate files needed - for the proxy.

If you later needed to run up a Python based microservice or a static web site or a WordPress site, you could reuse the same proxy/web server with the same key/certificate and even the same user authentication.

Just make sure that your microservices are "bound" to only the localhost so that they don't accept connections from any other server (assuming you are running the proxy on the same server). For Node-RED, this is done using the uiHost property in settings.js. Set it to 127.0.0.1.

You may also want to get Node-RED's web server to trust your proxy. To do that, again in settings.js, set the httpServerOptions property so:

    httpServerOptions: {
        // http://expressjs.com/en/api.html#trust.proxy.options.table
        'trust proxy': true,  // true/false; or subnet(s) to trust; or custom function returning true/false. default=false
    },

Thank you for you reply.

But i think, it begins to much complicated for me.

Even if i understand the principle,I have searched all of this day about frontend technics with tuto as you said. The must would be to create login with register function, but point to the good endpoint user etc ...
I did not find any more precise examples.

I will cancel this nice solution, it's out of my knowledges...

I'm working in paralell with a node-red admin interface to create user, mixing with bash and modify settings.js dynamicaly, and i can do it.

I do with what i have :grimacing:

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.