I’m building a Dashboard (FlowFuse dashboard 2.0) to control my game servers and a few other things. At some point soon, I want to make parts of it accessible over the internet (to friends), so I’ll be looking into enabling HTTPS in NR and using Let’s Encrypt for SSL.
Is there a way to add a login screen to the dashboard so random people can’t mess with it? Ideally, I want to add “Login with Discord” later, but for now, I just want a simple username and password setup.
I can make a basic login page in the dashboard that redirects to other pages after login, but my main concern is doing it securely, mainly stopping people from bypassing the login by visiting a direct link, and making sure logged in users don’t get logged out randomly (as long as their browser keeps the cookie/info they stay logged in).
I’ve seen similar posts about this, but I’m really just looking for a good starting point: What should I look into? Are there any specific Node-RED palettes or external tools/software you’d recommend for handling logins securely?
You will need to check out how to use a Discord login, not sure how easy that is. But in general, something like Cloudflare Zero Trust would fit the bill. CF ZT will provide the authentication aspects and it acts as a cloud proxy between your users and your Dashboard page.
Brave's Leo AI had this to say - I've not tested it.
To authenticate using Discord on Cloudflare Zero Trust, you can follow these steps:
Edit your Cloudflare Access subdomain into config.json under redirectURL . This should be the same URL you added to Discord.
Publish the Worker with npx wrangler publish! .
Go to the Cloudflare Zero Trust dashboard and navigate to Settings > Authentication.
Select "Add new" under Login methods and choose OpenID Connect.
Fill in the necessary fields:
Name: Whatever you want, e.g., Discord
App ID: Your Discord application ID
Client secret: Your Discord application OAuth2 secret
Auth URL: https://discord-oidc.YOURNAME.workers.dev/authorize/email or swap out /email for /guilds to include the Guilds scope
OIDC Claims: Email is included automatically without being set here. It would be recommended to add id here, as the user's unique Discord user ID. preferred_username will map to the user's username and discriminator if they have one.
After setting up the Discord authentication, you can use custom OIDC claims to control user access based on specific attributes.4
To use this in a policy, simply enable it as an Identity provider in your Access application and then create a rule using OIDC Claims and the relevant claim above.
I already use Tailscale to access my Nas and other server pc remotely, very handy, But I need to share it with a few friends and don't want to add them to my tailscale
Thanks for that Info, I will have to give it a good read when I get the chance. Im curious as to how the cloudflare part works (the domain I want to use is with cloudflare). Im curious as to how it authenticates users via login. Im guessing I need to read the page you sent and that will tell me alot
Yup. You can have up to 50 users on the free tier. You can hand off authentication to 3rd-parties as well such as GitHub, etc using OAuth modern authentication. Not hard to do.