Security - nicnacnic/restreamer-dashboard GitHub Wiki
With the dashboard, you have access to various controls built-in to Node-Red to secure your controls.
You're able to set up a password to control who has access to both the editor and the dashboard. This is stored in your local configuration file, settings.js.
To change the editor password, look for adminAuth: { in your configuration file. You'll want to uncomment the line, then change the username, password, and permissions. The editor supports multiple users with multiple permissions. The default user is named admin and the password is password, but it's highly recommended to generate your own password, go to the Generating Passwords section of this page to learn more.
-
username: A username for the editor. Default: admin -
password: A password for the editor. It is stored in hash using the bcrypt algorithm. Default: $2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN. -
permissions: The permissions for that user. A star (*) provides full administrator permissions, andreadprovides access but no editing permissions. Default: *
adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
permissions: "*"
}]
},
To add another user, just add another entry in the users: [{ array with a username, password, and permissions.
adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
permissions: "*"
},
{
username: "user",
password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
permissions: "read"
}]
},To change the dashboard password, look for httpNodeAuth: { in your configuration file. You'll want to uncomment the line, then change the username and password. Unlike the editor, the dashboard only supports one user. The default user is named user and the password is password, but it's highly recommended to generate your own password, go to the Generating Passwords section of this page to learn more. A dashboard user won't be able to log in and view the editor, unless they also have the username and password for the editor.
-
user: A username for the dashboard. Default: admin -
pass: A password for the dashboard. It is stored in hash using the bcrypt algorithm. Default: $2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.
httpNodeAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."},
Using the command line, you're able to generate custom passwords to use in your configuration file. To do this, open up Command Prompt as administrator and type the command below.
node-red admin hash-pwEnter your password, then it will give you a hash that you can put in your settings.js file.
With Node-Red, you're able to assign the dashboard to a custom domain that you own. To do this, you'll need to set up Dynamic DNS to link your public IP address to a URL. Setting up DDNS is outside the scope of this document, but should be pretty easy depending on your domain registrar.
If you need a custom domain, I highly recommend Google Domains. With Google Domains, you can get a custom domain for as little as $12 a year with unlimited subdomains, free Dynamic DNS, and free custom email addresses. I use Google Domains to host my own dashboard, and it wasn't that difficult to set up either.
Why use HTTPS? Well, HTTPS is a protocol that encrypts your data, and makes it harder for outsiders to gain unauthorized access to your dashboard. Due to an update to the Twitch player in July 2020, all websites that have the player embedded must have HTTPS enabled.
The one thing you will need is an SSL certificate for your domain/subdomain. Obtaining one is outside the scope of this document, but I recommend ZeroSSL if you need something that's quick and easy. The only disadvantage is that you need to renew your certificate every 90 days, but that's not a big deal, especially that this service is free.
You'll need your SSL certificate to be in the .pem format. If your certificate is in the .crt format, it's not a big deal. If you use OpenSSL, you're able to convert your certificates from .crt and .key to the .pem format. Once again, that's outside the scope of this document, but instructions aren't that hard to find these days.
Once you have your certificates in the .pem format, just drop them in the .node-red folder. You'll now need to enable HTTPS and link to your certificates in the configuration file. Open settings.js with a text editor, and search for uiPort: process.env.PORT || 1880,. Change 1880 to 443.
uiPort: process.env.PORT || 443,
Next, search for https: { in the file. You'll want to uncomment the following lines, and add the path to your certificate and key. For example, if your certificate is named cert, your key is named key, and both are in the .node-red folder, your config should look like this.
https: {
key: require("fs").readFileSync('key.pem'),
cert: require("fs").readFileSync('cert.pem')
},
Finally, you'll need to enable the HTTPS module. Search for requireHttps: true,, uncomment the lines, and change the value to true if it isn't already. Save the file, then close it.
And one more thing: be sure to change the dashboard config (RestreamDash\RestreamerDashboardConfig.json) to include your new domain/subdomain/public IP to make sure the Twitch player works correctly!
To make sure HTTPS works, navigate to https://<your-domain>/ui if you have a custom domain, or https://<public-ip>/ui if you don't use a custom domain. Log in with your username and password, and look for the lock icon in the address bar. Also, check that the Twitch player is working in the monitoring tab, that's a signal that HTTPS is working. And there you go, HTTPS is now enabled on your dashboard!
Please note your dashboard will no longer be accessible using the HTTP protocol, it is only accessible by typing in https://<your-domain>/ui or https://<public-ip>/ui. The editor is still available, just remove the /ui at the end of the URL, for example https://<your-domain> or https://<public-ip>.
If you need more assistance or you want to do more customization, check out the official Node-Red documentation at https://nodered.org/docs/user-guide/runtime/securing-node-red#http-node-security.
Due to a Node-Red limitation, if you want to use NodeCG integrations while still using HTTPS, you'll also need to enable HTTPS on your NodeCG server. It's a similar process, but it's outside the scope of this document. For more information, visit https://www.nodecg.dev/docs/security#how-do-i-enable-httpsssl-encryption. If you're hosting NodeCG on the same domain/subdomain/public IP, you can actually reuse the SSL certificates for NodeCG as well!