How could I prohibit anonymous access to my NodeRed UI Dashboard on IBM Cloud(Bluemix)?

Question

I'm working with node-red, on boilerplate IBM cloud. I know that there is a way, changing the value of enviroments variables(NODE_RED_USERNAME and NODE_RED_PASSWORD), to change username and password of the editor flow. But, what about UI dashboard? I mean using dashboard nodes. Forbid access to

https://noderedservicename.mybluemix.net/ui/

I know that on the code, changing the variable httpNodeAuth on the file settings.js I can do what I want. What is the way for doing that on IBM Cloud? Thank you in advance!

It would be a good idea to list other links that you may have seen such as https://stackoverflow.com/questions/31936786/is-there-a-way-to-prohibit-anonymous-access-to-my-nodered-flow-editor-on-bluemix and explain why your question is different — Chris Snow, Mar 11 '18 at 07:30
@ChrisSnow the OP is wanting to protect the Dashboard-UI not the Node-RED Editor — hardillb, Mar 11 '18 at 08:39
Thanks @hardlib. I had noticed the difference and decided not to flag the question for closing. I was hoping the OP would show his research and point out how the other question was different. Stackoverflow would have suggested the other question to the OP when he added the title for his question. — Chris Snow, Mar 11 '18 at 08:57

hardillb · Accepted Answer · 2018-03-11T08:58:57.317

You need to add the httpNodeAuth (not the httpAdminAuth as this is for controlling access to the Node-RED editor and can done with the environment variables discussed in the other answer.) to the app/bluemix-settings.js file.

Something like this:

...
httpStatic: path.join(__dirname,"public"),
httpNodeAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."},
functionGlobalContext: { },
...

Details of how to generate the pass can be found here

There are a number of ways you can edit the file, some of which include linking the Node-RED deployment to a git repository or downloading the whole app, editing the file and pushing it back to Bluemix (when you first deploy Node-RED from the starter pack it gives you instructions on how to download the source to make changes and then push them back. You can get to these instructions by clicking on the "Getting started" link in your Node-RED Bluemix console page).

But the quickest/simplest/dirtiest way is probably to just SSH into the instance and change the file with something like vi. Details on how to ssh to an app instance can be found here. But the following should work:

cf ssh [app name]

Once you have edited the file you will need to tell bluemix to restart the app. You can do this from the web console or with the cf command line tool.

(The changes made by this method will not survive if the app is restaged, or bluemix decides to move your instance to another machine internally because it will rebuild the app from the pushed sources. The permanent solution is to download the source, edit and push back)

Thank you for the answer. So, if I download the starter code, and change the settings file, and then I make a lot of changes (like I already made), and want to change de authorization user. I can not do it simple and fast (and secure, for what you said)? — Tupac, Mar 11 '18 at 22:50
You can always SSH in and edit the `bluemix-settings.js` to test, but if you want the changes to be persistent then you need to change the `bluemix-settings.js` in your local copy and then re-push the entire project back to Bluemix. — hardillb, Mar 12 '18 at 07:34
To edit bluemix-settings.js with vi over ssh, and restarting the app afterwards doesn't seem to work anymore, the changes get wiped out when the app restarts. - The "simplest way" I've found so far is this: Enable 'Continuous delivery' for the app in the IBM Cloud dashboard, edit bluemix-settings.js right in the 'Eclipse Orion Web IDE', git commit the change, and redeploy the app. — rel, May 30 '19 at 00:47

kyouhei · Answer 2 · 2018-03-07T15:09:03.543

-2

This link will help you but it's written in Japanese. http://dotnsf.blog.jp/archives/1030376575.html

Summary

You can define the "user-defined" environment variables through the IBM Cloud dashboard. It contains the variables to protect Node-RED GUI. You have to be set as follows

NODE_RED_USERNAME : username

NODE_RED_PASSWORD : password

edited Mar 07 '18 at 15:09

answered Mar 07 '18 at 13:52

kyouhei

54
1
1
6

Thanks, Please rate +1 if possible – kyouhei Mar 07 '18 at 15:55
I don't know enough about Node-RED to judge the answer. So, I'm not voting on this - neither up nor down. Have faith that, if your answer helps people, you'll get your upvotes over time. Good luck! – S.L. Barth is on codidact.com Mar 07 '18 at 15:59
those are teh variables for de editor's but I need for the dashboard. I edited the question – Tupac Mar 10 '18 at 00:24

How could I prohibit anonymous access to my NodeRed UI Dashboard on IBM Cloud(Bluemix)?

2 Answers2

Linked