By default Node-RED is insecure. If the Application is exposed to the internet then anybody can modify the flow and access the data from the network working on Node-RED. So to make the connection secure we need to opt for the following options.
- Use SSL Connection
- Use User Name and Password Authentication while accessing the Node-RED Application.
We are implementing secure node-RED on ubuntu20.04 based system.
Use SSL to secure Node-RED
To make Node-RED secure, we need to generate the Key and certicate for Node-RED Server. We will use the OpenSSl.To Install OpenSSL visit OpenSSL Site here or OpenSSL Binaries for windows. For Linux or Ubuntu use this command to install OpenSSL
sudo apt-get install openssl
We need to generate he server certificate signed us to be used for Secure Node-RED connection.
Use the steps as show below to generate the key and server certificate
1. Generate Private Key by using the command.
openssl genrsa -out nred-key.crt 2048
2. Generate .CSR file or Certificate Request. Use the following command.
openssl req -new -sha256 -key nodered-key.crt -out nred-csr.csr
3. Sign the certificate with private key to generate self-signed server certificate. Use the following command,
.
openssl x509 -req -in nred-csr.csr -signkey nodered-key.crt -out nred-cert.crt
Once the all the certificates files are generated,save these files in one folder.I have the all the three files in the folder /home/adtechknow/nodered/certs
Edit the Settungs.js file for Node-RED
Once the certificates files are generated edit settings.js file located in /lib/node_modules/node-red.
Copy this settings.js file and paste it in the local folder of your choice. For me, I have saved this file in the folder /home/nodered.
Follow the steps as given below.
1. Open the file settings.js and locate the section security.
2. In security option locate the section option1 related to https.
3.Uncomment https section and copy the path of the key file and server certificate file along with the path as shown in image given below.
4. Save the settings.js file and close it.
5. Now rum Node-Red from the terminal using the command.
node-red -s /home/adtechknow/nodered/certs/settings.js
Now Node-red is started running the secure mode as shown below with address https://127.x.x.x:1880.
.You may get the following warning which can be overcome by clicking on the Advance
It will say the certificate is self signed as we signed the certificate. Click on option Accept and continue to Enter the Node-Red Admin window.
UserName and Password Authentication
The Node-RED can be secured by providing the UserName and Password Authentication for access the Node-RED Admin Window.
Follow the steps as given below.
1. Open the settings,js file and locate the section Security.
2. In the Security Section,locate the adminAuth
3.Copy the complete block of the adminAuth and paste it just below it.
4.Enter the and newly generated encrypted password as show in the figure.
5. Use the following command to generate the new encrypted password.
node-red admin hash-pw
Run this command and enter your new encrypted password in authAdmin block password .
6.Save the settings.js and close the file.
7. Run the Node-Red Again and copy the address https://1xx.x.x.x:1880/ in the browser.
8. Enter the Username and Password in the Login windows which pops up and access the admin window of Node-RED.
For more Details Watch this YouTube video
Tags:
Secure Node-Red with SSL