I seem to be missing something. (No bug rush, but....)
I have (since):
restarted NR on the main machine. (Not rebooted)
this machine has been powered down and back up.
I can go the NR page of the other machine, edit etc. No passwords or log in.
This is an extract of my settings.js file:
// Securing Node-RED
// -----------------
// To password protect the Node-RED editor and admin API, the following
// property can be used. See http://nodered.org/docs/security.html for details.
adminAuth: {
type: "credentials",
users: [{
username: "me",
password: "(has code here",
permissions: "*"
}]
},
// To password protect the node-defined HTTP endpoints (httpNodeRoot), or
// the static content (httpStatic), the following properties can be used.
Which settings file did you edit? What was the full path to it?
You say you restarted the main machine node-red... I assume that's the machine you edited the settings file of?
You then say you go to the NR page of the other machine. Is that a different node-red instance then? Have you edited it's settings file? Or do you mean you open the main machines node-red in the browser running on the other machine?
I edited the settings.js file on it.
Path: /home/pi/.node-red/settings.js
I changed the file to have what I originally showed in it, rather than the original.
I then restarted NR on TIMEPI.
Re-post here for clarity.
// Securing Node-RED
// -----------------
// To password protect the Node-RED editor and admin API, the following
// property can be used. See http://nodered.org/docs/security.html for details.
adminAuth: {
type: "credentials",
users: [{
username: "me",
password: "(hash code here",
permissions: "*"
}]
},
// To password protect the node-defined HTTP endpoints (httpNodeRoot), or
// the static content (httpStatic), the following properties can be used.
Then:
This machine: (NUC)
I loaded FF (browser) and went to TIMEPI's NR home page. http://192.168.0.99:1880/ui/#/3
It loads.
Can you run node-red-log on TIMEPI to see the startup log, which includes the full path of the settings file NR is using. Always worth double checking it's using the settings file you are editing.
Just for the sake of it. This is what I have from the command:
pi@TimePi:~/.node-red $ node-red-log > output.txt
^Cpi@TimePi:~/.node-red $ lf
lib/ node_modules/ public/ flows_TimePi_cred.json flows_TimePi.json output.txt package.json package-lock.json settings.js
pi@TimePi:~/.node-red $ cat output.txt
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi : TTY=unknown ; PWD=/home/pi ; USER=root ; COMMAND=/sbin/iwlist wlan0 scan
pam_unix(sudo:session): session opened for user root by (uid=0)
pam_unix(sudo:session): session closed for user root
pi@TimePi:~/.node-red $
Ok, it may just be easier to restart node-red to see the startup log.
Run: node-red-stop then node-red-start.
It will log to the console. Once it has started, and you've capture the bit of the log regarding settings file, hit ctrl-c . Node-red will continue running in the background, but it'll stop logging to the terminal you are in.
pi@TimePi:~/.node-red $ node-red-start
Start Node-RED
Once Node-RED has started, point a browser at http://192.168.0.99:1880
On Pi Node-RED works better with the Firefox or Chrome browser
Use node-red-stop to stop Node-RED
Use node-red-start to start Node-RED again
Use node-red-log to view the recent log output
Use sudo systemctl enable nodered.service to autostart Node-RED at every boot
Use sudo systemctl disable nodered.service to disable autostart on boot
To find more nodes and example flows - go to http://flows.nodered.org
Starting as a systemd service.
Started Node-RED graphical event wiring tool.
6 Oct 09:34:08 - [info]
Welcome to Node-RED
===================
6 Oct 09:34:09 - [info] Node-RED version: v0.19.4
6 Oct 09:34:09 - [info] Node.js version: v8.12.0
6 Oct 09:34:09 - [info] Linux 4.9.52+ arm LE
6 Oct 09:34:15 - [info] Loading palette nodes
6 Oct 09:34:45 - [info] Dashboard version 2.9.6 started at /ui
6 Oct 09:34:49 - [info] Settings file : /home/pi/.node-red/settings.js
6 Oct 09:34:49 - [info] HTTP Static : /home/pi/.node-red/public
6 Oct 09:34:49 - [info] Context store : 'default' [module=memory]
6 Oct 09:34:49 - [info] User directory : /home/pi/.node-red
6 Oct 09:34:49 - [warn] Projects disabled : set editorTheme.projects.enabled=true to enable
6 Oct 09:34:49 - [info] Flows file : /home/pi/.node-red/flows_TimePi.json
6 Oct 09:34:51 - [info] Server now running at http://127.0.0.1:1880/
6 Oct 09:34:51 - [warn]
---------------------------------------------------------------------
Your flow credentials file is encrypted using a system-generated key.
If the system-generated key is lost for any reason, your credentials
file will not be recoverable, you will have to delete it and re-enter
your credentials.
You should set your own key using the 'credentialSecret' option in
your settings file. Node-RED will then re-encrypt your credentials
file using your chosen key the next time you deploy a change.
---------------------------------------------------------------------
6 Oct 09:34:59 - [info] Starting flows
6 Oct 09:35:11 - [info] [udp out:1095c327.4fb3f5] udp ready: 192.168.0.21:6723
6 Oct 09:35:16 - [info] Started flows
I have exactly the same problem. On my Raspi I have had NR installed and on my MacBook I have builded up my project by flow's
once by a new start of the Raspi/NR I see this message/WARN about the "credential file is ... "
long time I didn't know what I have to do!
now the project is finished and running as well
I want to clear this matter and I could find this discussion above, a long and very complicated procedure I think...
I'm really afraid now to do any thing - because I don't know what will be happens afterward - is my project still available or lost or inaccessible ???
it is for me a little bit strange, then after the Installation and the first start, no points about USER / PASSWORD
about the whole procedure above, I'm twice as afraid !!!
also all the informations in the doc's sounds very complicated - or isn't?
Do you mean the message about the credentials file being encrypted using a system generated key, or have you got a problem trying to get user/admin logon working, which is quite different?
@maxmueller50 the discussion in this thread is about securing the Node-RED editor from unauthorised access. That is an important thing to do if your Node-RED instance is exposed on a network where any you don't know can access it.
But that is a separate concern to the encryption warning you are getting when starting Node-RED.
The warning you are getting is telling you that your credentials file is encrypted to keep any passwords your flows use safe. But it is encrypted using a system-generate key. If the system loses that key for any reason, it will not be able to decrypt your credentials file.
The message does tell you what to do:
You should set your own key using the 'credentialSecret' option in your settings file. Node-RED will then re-encrypt your credentials file using your chosen key the next time you deploy a change
So the steps to take are:
edit your settings file. You should find a commented out setting for credentialSecret. Uncomment it by removing the // at the beginning of the line and change the key to some value you want to use.
restart Node-RED
Deploy a change - any change you want. Node-RED will re-encrypt your credentials file using the key you've chosen.
Just to follow up on the use of your own private key.....
Ok, so you make it.
But you will need to keep a copy of either the key or the password so if the file is corrupt, and you "restore" things with the now locally made key, you can get to it.
A key/lock is only good if you have a backup of the file as well......
Which is fine, but again as I read it, even if "you" re-encrypt the file using your chosen key......
You need to keep a backup of either the password on the key. Because if the file is corrupted, or what ever and you need to put things back..... You need to be able to use the key.
Sorry, Nick.....
That should be "on a network where anyone one you don't know can access it" - right? (Missed the "one".)
We're only talking about the credentialSecret property here. The whole reason to provide your own rather than rely on the system generated one is so you can set it to a value you knownso you can restore it if needed. For example, if you copied the flows to another machine - you would copy across the credentialSecret as well.
