Created
June 9, 2022 21:04
-
-
Save shantanoo-desai/0d5fbc51518f6cdd1e04cbeab8d63c13 to your computer and use it in GitHub Desktop.
Securing node-RED Container with `htpasswd`
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Usage: docker compose up -d | |
# docker compose logs | |
# docker compose down | |
services: | |
node-red: | |
image: nodered/node-red:2.2.2-12-minimal | |
container_name: secure_nodered | |
env_file: | |
- ./node-red.env | |
ports: | |
- "1880:1880" | |
volumes: | |
- ./settings.js:/data/settings.js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NODERED_AUTH_ADMIN='${NODERED_AUTH_ADMIN}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/env bash | |
# USAGE: chmod +x nodeREDPWgen.sh | |
# ./nodeREDPWgen.sh testpassword | |
# | |
function nodeREDPW { | |
# 1st argument to this script is plaintext password | |
echo $1 | |
local NODERED_AUTH_ADMIN=$(htpasswd -nb -B -C 8 admin "$1") | |
export NODERED_AUTH_ADMIN | |
# create the env file for docker-compose | |
touch node-red.env | |
# let envsubst do its magic of substitution | |
envsubst '${NODERED_AUTH_ADMIN}' < node-red.tpl.env > node-red.env | |
unset NODERED_AUTH_ADMIN | |
} | |
nodeREDPW $1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module.exports = { | |
/** The file containing the flows. If not set, defaults to flows_<hostname>.json **/ | |
flowFile: '/data/flows.json', | |
flowFilePretty: true, | |
userDir: '/data', | |
// https://github.com/node-red/node-red-docker/issues/109 | |
adminAuth: { | |
type: "credentials", | |
users: [{ | |
username: process.env.NODERED_AUTH_ADMIN.slice(0, process.env.NODERED_AUTH_ADMIN.indexOf(':')), | |
password: process.env.NODERED_AUTH_ADMIN.slice(process.env.NODERED_AUTH_ADMIN.indexOf(':')+1).replace("$2y$", "$2b$"), | |
permissions: "*" | |
}] | |
}, | |
/** the tcp port that the Node-RED web server is listening on */ | |
uiPort: process.env.PORT || 1880, | |
httpAdminRoot: '/', | |
/** Configure the logging output */ | |
logging: { | |
/** Only console logging is currently supported */ | |
console: { | |
level: "info", | |
/** Whether or not to include metric events in the log output */ | |
metrics: false, | |
/** Whether or not to include audit events in the log output */ | |
audit: false | |
} | |
}, | |
exportGlobalContextKeys: false, | |
externalModules: { | |
}, | |
editorTheme: { | |
palette: { | |
}, | |
projects: { | |
/** To enable the Projects feature, set this value to true */ | |
enabled: false, | |
workflow: { | |
mode: "manual" | |
} | |
}, | |
codeEditor: { | |
lib: "ace", | |
options: { | |
theme: "vs", | |
} | |
} | |
}, | |
/** Allow the Function node to load additional npm modules directly */ | |
functionExternalModules: true, | |
functionGlobalContext: { | |
// os:require('os'), | |
}, | |
/** The maximum length, in characters, of any message sent to the debug sidebar tab */ | |
debugMaxLength: 1000, | |
/** Maximum buffer size for the exec node. Defaults to 10Mb */ | |
//execMaxBufferSize: 10000000, | |
/** Timeout in milliseconds for HTTP request connections. Defaults to 120s */ | |
//httpRequestTimeout: 120000, | |
/** Retry time in milliseconds for MQTT connections */ | |
mqttReconnectTime: 15000, | |
/** Retry time in milliseconds for Serial port connections */ | |
serialReconnectTime: 15000, | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment