Skip to content

Instantly share code, notes, and snippets.

@shantanoo-desai
Created June 9, 2022 21:04
Show Gist options
  • Save shantanoo-desai/0d5fbc51518f6cdd1e04cbeab8d63c13 to your computer and use it in GitHub Desktop.
Save shantanoo-desai/0d5fbc51518f6cdd1e04cbeab8d63c13 to your computer and use it in GitHub Desktop.
Securing node-RED Container with `htpasswd`
# Usage: docker compose up -d
# docker compose logs
# docker compose down
services:
node-red:
image: nodered/node-red:2.2.2-12-minimal
container_name: secure_nodered
env_file:
- ./node-red.env
ports:
- "1880:1880"
volumes:
- ./settings.js:/data/settings.js
NODERED_AUTH_ADMIN='${NODERED_AUTH_ADMIN}'
#!/bin/env bash
# USAGE: chmod +x nodeREDPWgen.sh
# ./nodeREDPWgen.sh testpassword
#
function nodeREDPW {
# 1st argument to this script is plaintext password
echo $1
local NODERED_AUTH_ADMIN=$(htpasswd -nb -B -C 8 admin "$1")
export NODERED_AUTH_ADMIN
# create the env file for docker-compose
touch node-red.env
# let envsubst do its magic of substitution
envsubst '${NODERED_AUTH_ADMIN}' < node-red.tpl.env > node-red.env
unset NODERED_AUTH_ADMIN
}
nodeREDPW $1
module.exports = {
/** The file containing the flows. If not set, defaults to flows_<hostname>.json **/
flowFile: '/data/flows.json',
flowFilePretty: true,
userDir: '/data',
// https://github.com/node-red/node-red-docker/issues/109
adminAuth: {
type: "credentials",
users: [{
username: process.env.NODERED_AUTH_ADMIN.slice(0, process.env.NODERED_AUTH_ADMIN.indexOf(':')),
password: process.env.NODERED_AUTH_ADMIN.slice(process.env.NODERED_AUTH_ADMIN.indexOf(':')+1).replace("$2y$", "$2b$"),
permissions: "*"
}]
},
/** the tcp port that the Node-RED web server is listening on */
uiPort: process.env.PORT || 1880,
httpAdminRoot: '/',
/** Configure the logging output */
logging: {
/** Only console logging is currently supported */
console: {
level: "info",
/** Whether or not to include metric events in the log output */
metrics: false,
/** Whether or not to include audit events in the log output */
audit: false
}
},
exportGlobalContextKeys: false,
externalModules: {
},
editorTheme: {
palette: {
},
projects: {
/** To enable the Projects feature, set this value to true */
enabled: false,
workflow: {
mode: "manual"
}
},
codeEditor: {
lib: "ace",
options: {
theme: "vs",
}
}
},
/** Allow the Function node to load additional npm modules directly */
functionExternalModules: true,
functionGlobalContext: {
// os:require('os'),
},
/** The maximum length, in characters, of any message sent to the debug sidebar tab */
debugMaxLength: 1000,
/** Maximum buffer size for the exec node. Defaults to 10Mb */
//execMaxBufferSize: 10000000,
/** Timeout in milliseconds for HTTP request connections. Defaults to 120s */
//httpRequestTimeout: 120000,
/** Retry time in milliseconds for MQTT connections */
mqttReconnectTime: 15000,
/** Retry time in milliseconds for Serial port connections */
serialReconnectTime: 15000,
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment