In the article NodeRed – Setting up user login it has already been pointed out that it is very important to secure access to your NodeRed configuration interface. In particular as you access your NodeRed configuration over the Internet, make sure that you really only have access to it.
In addition to setting up a user login, it is also important and useful to encrypt the connection between your browser and the NodeRed server.
How you can do this is described in the following article.
Hints for our lovely english readers: Basically, many of the articles on Nerdiy.de are translations from the original german articles. Therefore, it may happen here and there that some illustrations are not available in english and that some translations are weird/strange/full of mistakes or generally totaly wrong. So if you find some obvious (or also not obvious) mistakes don't hesitate to leave us a hint about that in the comment section.
Also please don't get confused, that instead of a "dot" often a "comma" is used as decimal separator. 🙂
- 1 Safety instructions
- 2 Affiliate links / advertising links
- 3 Requirements
- 4 Log in via SSH on the RaspberryPi
- 5 Create a folder for the certificates
- 6 Switch to the created folder
- 7 Generate certificate files
- 8 Enter the path to the certificate files in the NodeRed configuration file
- 9 Restart NodeRed
- 10 Call NodeRed configuration page
I know the following hints are always a bit annoying and seem unnecessary. But unfortunately, many people who knew it "better" from carelessness lost their eyes, fingers or other things or hurt themselves. In comparison, a loss of data is almost not worth mentioning, but even these can be really annoying. Therefore, please take five minutes to read the safety instructions. Even the coolest project is worth no injury or other annoyance. https://www.nerdiy.de/en/sicherheitshinweise/
The links to online shops listed here are so-called affiliate links. If you click on such an affiliate link and shop via this link, Nerdiy.de receives a commission from the online shop or provider concerned. The price doesn't change for you. If you do your purchases via these links, you will support Nerdiy.de in being able to offer further useful projects in the future. 🙂
Of course NodeRed should already be installed so that you can take over this configuration.
How to prepare this and a RaspberryPi and then install NodeRed on it is described in the following articles.
In the following list you will find all the parts you need to implement this article.
Log in via SSH on the RaspberryPi
To get started, you first need to log in to RasPi with SSH on Putty. How to do it is described in the article
Create a folder for the certificates
To save the certificate files at a central location, it is recommended to create a folder in the NodeRed directory. If your “.node-red” folder is in your home directory – which should be the case if you have NodeRed installed with the installation script – you can create a new folder with the following command.
After executing this command a new folder called “certificates” should have been created in your “.node-red” folder.
Switch to the created folder
To save the certificate files at the newly created folder, you should now switch to it with the following command.
Generate certificate files
In order for the encryption to work, you need to create a few certificate files. With the following request you create a keyfile.
openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out server.crt
Enter the path to the certificate files in the NodeRed configuration file
Now you have to tell your NodeRed installation that the connection should be encrypted. For that you need to specify where your just created certificate files are.
This information must be entered in the configuration file of NodeRed. Open your NodeRed configuration file with the following command:
sudo nano /home/pi/.node-red/settings.js
This function block also contains the paths to your certificate files you have to specify. To do this, copy the following text into the function block.
key: fs.readFileSync('/home/pi/.node-red/certificates/key.pem'), cert: fs.readFileSync('/home/pi/.node-red/certificates/server.crt')
So that the registered changes will be taken over, you have to restart NodeRed. This is done with the following command.
sudo service nodered restart
Call NodeRed configuration page
After rebooting NodeRed, you will see that your NodeRed installation is no longer available under the old URL. This is because your NodeRed-instance is now only accessible via “https://”. The screenshots below shows the way how you can connect to it via the browser Google Chrome. For other browsers this way is similar.
In order to access your NodeRed configuration page again, you must prefix the URL to your NodeRed configuration page with “https://”.
Most browsers now warn against the fact that the certificate with which your connection is encrypted is self-signed and therefore not validated by a third party. This is actually a problem on regular websites because it may indicate that the supposedly secure connection is not really secure. In this case it is ok, because we have just created the certificate.
To bypass the warning, click on “Advanced” …
… and then on “Weiter zu …”(German for “Continue to…”). Now you will be redirected to the usual configuration page of your NodeRed installation.
I hope everything worked as described. If not or you have any other questions or suggestions, please let me know in the comments. Also, ideas for new projects are always welcome. 🙂
P.S. Many of these projects - especially the hardware projects - cost a lot of time and money. Of course I do this because I enjoy it, but if you appreciate it that I share these information with you, I would be happy about a small donation to the coffee box. 🙂