HowTo: Node Red – User Login Setup

After installing NodeRed for the first time, you can usually access the NodeRed configuration interface without much hassle. This is handy because you can start directly with the configuration.

Unfortunately, it is dangerous too. Because if anyone on the network can access the NodeRed configuration interface, it means that anyone on the network can execute commands on the system.

Here you should make access as difficult as possible. Especially once you unlock access to the NodeRed configuration over the Internet, this is a must. Otherwise your own RaspberryPi will probably not work very fast not only for your own NodeRed server but also for the next bot network.

An important step in making access to NodeRed more difficult is to set up a user login for the configuration interface. How you set this up is explained in the following article.

The article NodeRed - Encrypt connection also describes how you can encrypt the connection to your NodeRed configuration. Connection encryption is another important security benefit, especially if you want to access your NodeRed configuration over the Internet.

Hints for our lovely english readers: Basically, many of the articles on Nerdiy.de are translations from the original german articles. Therefore, it may happen here and there that some illustrations are not available in english and that some translations are weird/strange/full of mistakes or generally totaly wrong. So if you find some obvious (or also not obvious) mistakes don't hesitate to leave us a hint about that in the comment section. 
Also please don't get confused, that instead of a "dot" often a "comma" is used as decimal separator. 🙂


Safety instructions

I know the following hints are always a bit annoying and seem unnecessary. But unfortunately, many people who knew it "better" from carelessness lost their eyes, fingers or other things or hurt themselves. In comparison, a loss of data is almost not worth mentioning, but even these can be really annoying. Therefore, please take five minutes to read the safety instructions. Even the coolest project is worth no injury or other annoyance. https://www.nerdiy.de/en/sicherheitshinweise/

Affiliate links / advertising links

The links to online stores listed here are so-called affiliate links. If you click on such an affiliate link and store via this link, Nerdiy.de receives a commission from the online store or provider concerned. The price doesn't change for you. If you do your purchases via these links, you will support Nerdiy.de in being able to offer further useful projects in the future. 🙂


Requirements

Helpful Articles:
Of course NodeRed should already be installed so that you can take over this configuration. In addition, the Sonoff RF Bridge should already be prepared.
How to prepare this and a RaspberryPi and then install NodeRed on it is described in the following articles.

RaspberryPi - Setting up for Nerdiys!
RaspberryPi - The first configuration
RaspberryPi - Controlling the RaspberryPi via SSH
NodeRed - Installing NodeRed on the RaspberryPi

Required tools:
-none-

Required material:

In the following list you will find all the parts you need to implement this article.


Log in via SSH on the RaspberryPi

To get started, you first need to log in to RasPi with SSH on Putty. How to do it is described in the article

After entering your username and password you can start to enter the first commands.

Update package management

The package management in Linux is a "central point" over which various software packages can be installed. For this to work reliably, the lists and sources of package management should be updated before installing any new packages.

To start the package management update you have to enter the following command.
sudo apt-get update && sudo apt-get upgrade
Depending on how long your last update of the package management is, this process may take some time. First, the lists are updated in which the individual repositories are referenced.
Then the packages themselves are updated. As this additional memory is occupied, you will be asked again for your consent. You have to confirm this with a "J"(in German) or a "Y" and "Enter".
When the update is complete, you will see a small summary of the duration and scope of the update.

Password generate hash value

The password for your user interface will be entered later in the configuration file of your NodeRed installation. Since it is a security risk to save passwords as plain text (ie unencrypted) in configuration files, in this case a hash value of your password is generated and entered in the configuration file. The hash value does not directly indicate the password.

So that you can generate the hash value, it is recommended to install the "node-red-admin" tools.
The command is:

sudo npm install -g node-red-admin
The installation of the "node-red-admin" tools takes about 30 seconds.

After the installation is complete you can call the hash value generator with the following command:

sudo node-red-admin hash-pw
When the query comes up then give your password one of which you want to create a hash value and confirm this with "Enter".
The resulting hash value will be displayed. Copy this best into a text file so you have this available for the next few steps.

Enter the user name and hash value in the config file

Now you open the configuration file of your NodeRed installation

sudo nano /home/pi/.node-red/settings.js

Navigate in the configuration file with the arrow keys until …
… you arrived at this part.
There you unfold the slashes in front of the lines shown.
In the "username" section, you can now enter any user name between the quotation marks. In this case this was left with "admin". In the "password" section, you must now enter the previously created hash value. To do this, you remove the existing hash value and copy your own created in the same place.
This is what the area should look like after you have entered your hash value.
To save and close the configuration file, press “CTRL + X” …
... and confirm the demand with "Y" and "Enter".

Restart NodeRed

So that the changes are now also adopted, you have to restart your NodeRed installation once. This is done with the following command:

sudo service node red restart

After a restart you will be asked for a username and password when calling up your NodeRed configuration page.

Have fun with the project

I hope everything worked as described. If not or you have any other questions or suggestions, please let me know in the comments. Also, ideas for new projects are always welcome. 🙂

P.S. Many of these projects - especially the hardware projects - cost a lot of time and money. Of course I do this because I enjoy it, but if you appreciate that I share this information with you, I would be happy about a small donation to the coffee box. 🙂

Buy Me a Coffee at ko-fi.com   

2 comments

    1. Hi Mathias,
      you mean you installed NodeRed as a docker container?
      The same should actually work there. You probably connected the NodeRed user data to the file system of your host via a share, right?
      Then you should also be able to edit the settings.js and Co. 🙂
      Best regards
      Fabian

Kommentar hinterlassen

Your email address will not be published. Erforderliche Felder sind mit * markiert