View dashboard on internet

evening all

so i have created a dashboard pulling information from sensors i have on LoRa,

is it possible to have this dashboard publish on a live hdmi page for public view if so does anyone have a link to an example

thanks in advance

What is a live hdmi page ? Do you mean via a HDMI cable to a monitor/tv?

lol sorry i really should proof read things i mean html

Also, if you dont use the message reply - I dont get a notification.

Do you mean you want to see your node-red dashboard from outside your network (on the internet - when you are out and about)?

OR

You want to push your values to an existing websites HTML?

thanks

i want to view it outside my network on an internet page

Again, you didnt reply to my message ( so i didnt get a notification)

Then you have a few choices - but this is NOT a simple matter especially if you are not clued up on security.

There are a few ways but you will need to read up on them

Here are 3 off the top of my head (in order of dificulty)...

  1. ngrok - simple to get up and running (there is an contrib node for ngrok)
  2. use a VPN
  3. put nginx or HAproxy infornt of node-red and expose it via your router.

Search the forum for previous threads

Search for

Also, there is an extensive setup FAQ here: Node-red server with nginx reverse proxy howto guide

thankyou very much for your help i am looking into the options you suggested, at a glance i dont think theses will work,

a little more info on what i am trying to accomplish

i am working on an estate where i have many oil tanks that have level sensors connected to LoRa and then onto my dashboard

i want my customer to be able to go onto a web page and be able to view his tanks levels ect, and in the future i will be adding lights that he can turn on and off and even heating.

maybe one of your solutions will work ill keep looking into it
thankyou

If this is a customer setup, I would go with a reverse proxy (NGINX, HAproxy, etc). You will need to set up some kind of user login as well as TLS encryption. As Steve says, this isn't trivial though once you've done it, it isn't that hard. It is, however, a fairly steep learning curve. It is also fairly easy to screw up. I doubt your customer will be happy if some script-kiddy starts turning on/off lights.

If in doubt, get a professional to help. Certainly get a professional to check your work. And get the result penetration tested.

If you've never done user management, I'd probably recommend linking NGINX to an identity provider convenient to the customer (Google, Microsoft, Facebook or whatever).

thankyou for your responce

yes all this is completly new to me before i came i here i was a comms installer and fibre tech but the more time i have spent here the more i am getting involved with like multi media and now monitoring systems so everything i have learned so far has been from utube in a couple weeks,

i have all my sensors showing live data via via the dashboard graghs and now my next stage is to allow the customer to be able to view them before i move onto the next part with light controls ect

Do you want different customers to see different data on the dashboard? If so then the whole problem becomes much more difficult. The standard node red dashboard is not multiuser, all users see basically the same data. If you want to go true multi-user then I think the best option is to go with uibuilder, but then you need to know a lot more about web development.

Or you will need multiple instances of Node-RED.

True, for some that would be a simpler solution. It depends on how many users there are whether that would be a practical solution.

thankyou all for your responses, maybe i out of my depth here and might have to look at a different application.

thanks again

Just remember that any Internet-facing service will have the same issues to overcome. You are seeing it at close hand because Node-RED makes it possible for pretty much anyone to knock together some logic and a nice UI. Normally, you would have had to hire someone to do that for you.

But it can't get round the fact that the Internet has lots of nasty people hanging around - and nasty bots that some of those nasty people have written - looking for opportunities.

So the positive take-away is that you are now more aware of the issues. Dealing with the issues IS, I'm afraid, a steep learning curve, no getting away from that. However, it IS possible to do even with limited knowledge in this area. But you would need to give yourself some extra time.

Good news is that there is a wealth of relavent information in this forum and lots of friendly people here if you do decide to go for it :slight_smile:

I were wondering what security Grafana offers (I know not Node -Red) ?

So I expose the Grafana IP and Port the the net, (xx.xx.xx.xx:3000).

How secure is this?

How much of a risk for Node-Red (xx.xx.xx.xx:1880)?

@Steve-Mcl @TotallyInformation @Colin

Well, it may be OK. And the risks are a little less if you are only using Grafana or Node-RED for outputs not inputs.

As an architect who deals with enterprise systems, I wouldn't let any of our systems go out without suitable penetration testing as a minimum. Regardless of their use or sensitivity. For more sensitive systems, we may require a full IT Healthcheck - something that can take months for the most complex systems.

I generally, for lower value systems and those being created and supported by non-IT specialists, recommend using a reverse proxy with any authentication and authorisation in the proxy as such systems tend to get more focus and testing than security built into more general systems (like Node-RED and Grafana).

At the end of the day, you have to decide your attitude to risk, your customers attitude to risk and any financial issues you might face if something is compromised. You should use that to help you decide whether you need to invest in some security testing.

For home/personal use, obviously the risk decisions are somewhat different.

As someone who has to deal with national and international scale risks and working with systems that can litterally result in lost lives, I naturally tend to be more cautious than many :slight_smile:

Worth remembering that we have seen a bout of hacks on exposed Node-RED ports. I'm not aware of any for Grafana but that may be simply because I've not looked.

Thanks.

I do understand that this is a subject that is very vast, and the threats are multiple (Spoofing, Denial of service, ........)

The instance of Grafana is in AWS so I can white label my clients IP, that should already lower my security risk (not mentioning ensuring a good strength on passwords and ensuring the default passwords are removed).

What are the most common attack seen?

Many threats are dealt with using basic security hygene, at least to the level that you are likely to get.

Obviously the risk (not necessarily the threat) goes up the more valuable the information you are handling (or the more valuable the other systems in your architecture might be).

Denial of Service is the one that is somewhat different as it largely needs network level protection which is a separate subject.

The fact that your service is running in AWS is a good starting point since you already benefit from a bunch of general protection. Microsoft Azure is often even better simply because you will have an integrated Directory and Azure web services will automatically provide directory-based authentication. I think you have to add that separately to AWS?

Putting services behind a web reverse proxy gives you the ability to put authentication at the web service layer and benefit from easily integrated services such as a directory, db or external authenticators. Mutli-factor authentication is often also then available.

The specific attack that we are aware of was against unsecured Editors accessible over the Internet. This lead to a number of instances of people finding flows that they hadn't written.

Of course, if there are unsecured or poorly secured systems out there, there is a very good chance that nobody will ever notice. Even in well-managed enterprises, advanced persistent threats are rarely noticed for at least 12 months. It usually takes an external audit of systems for them to be discovered.

The most basic protection that you must use is to use https (not http) and force anyone connecting, for other than viewing data, to have a user name and password (or something similar). Provided that good passwords are used (and user name is not admin, pi or any other default name) then for private users accessing their node-red dashboard or something similar across the internet that will likely be good enough.

Obviously make sure that you keep your OS and s/w are kept up to date with security updates.

Thanks for the reply @TotallyInformation and @Colin .

"AWS CloudFront can serve that function IIRC" on the Grafana forum it were mentioned I must the AWS CloudFront, I will scratch and see if I can get this going..

I use the min 7, a-z, A-Z, 0-9 and special character format.