This article is a sequel of our Node-Red series of tutorials and focuses on Securing of Node-Red with a password. We can restrict access to node red with one or multiple user accounts.
Add a user account:
- Navigate to the .node-red folder where Node-Red is installed.
- Normally the location is /IP_ADDRESS/Pi Home/pi/.node-red.
- Open the settings.js file and edit the adminAuth property by navigating down the file.
//adminAuth: {
// type: "credentials",
// users: [{
// username: "admin",
// password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
// permissions: "*"
// }]
//},
- Remove the // comment characters.
adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
permissions: "*"
}]
},
- Change username as desired.
- SSH the device using PuTTY.
- Generate hash using the command;
- For Node-RED 1.1.0 or later
node-red admin hash-pw. - For older versions of Node-RED
node-red-admin hash-pw.
- For Node-RED 1.1.0 or later
- Copy the hash from PuTTY and paste it against password in adminAuth property.
- Save the file.
- Restart the Node-Red
sudo systemctl restart nodered. - Now Node-Red will ask for the username and password as expected.
