Fading Coder

An Old Coder’s Final Dance

Home > Tech > Content

Protecting the Node-RED Editor with Admin Authentication in Docker

Tech 2

The Node-RED editor and admin API are open by default. You can enable a simple username/password challenge by editing the settings.js file in your data directory. This walkthrough shows how to do that when running Node-RED in Docker, including generating a bcrypt hash for the password.

Run Node-RED with a persistent data directory

Create a data folder on your host and start Node-RED with it mounted at /data:

# Run a container named "nr-admin" and expose port 1880
mkdir -p ./nrdata

docker run -d \
  --name nr-admin \
  -p 1880:1880 \
  -v "$PWD/nrdata:/data" \
  -e TZ=UTC \
  nodered/node-red:latest

Confirm the container is running:

docker ps --filter name=nr-admin

Once started, the mounted directory will contain Node-RED’s runtime files, including settings.js:

ls -1 nrdata
# lib
# package.json
# settings.js

At this point, http://localhost:1880 loads the editor without any login prompt.

Create a bcrypt hash for the admin password

Node-RED expects a bcrypt hash in settings.js. You can generate one using bcryptjs inside the container. The example below reads the password from standard input to avoid echoing it into shell history:

echo -n 'YourStrongPassword' | \
  docker exec -i nr-admin node -e "const fs=require('fs');const b=require('bcryptjs');const p=fs.readFileSync(0,'utf8').trim();console.log(b.hashSync(p,8))"

Copy the printed hash (a string beginning with $2a$ or $2b$).

Enable admin authentication in settings.js

Open nrdata/settings.js and locate the "Securing Node-RED" section. Add or uncomment the adminAuth block and set the hash you generated:

// settings.js
module.exports = {
  // ...other settings...

  adminAuth: {
    type: 'credentials',
    users: [
      {
        username: 'admin',
        // Paste the bcrypt hash here
        password: '$2a$08$REPLACE_WITH_YOUR_BCRYPT_HASH',
        permissions: '*'
      }
    ]
  },

  // ...other settings...
};

Notes:

  • username is the login name you will use (e.g., admin).
  • password must be the bcrypt hash you generated (not the plaintext password).
  • permissions: '*' grants full access to the editor and admin API.

Restart Node-RED to apply the settings

docker restart nr-admin

docker ps --filter name=nr-admin

Verify the login prompt

Open http://localhost:1880 in a browser. You should now see a login form. Sign in with the configured username and the plaintext passsword you hashed. After successful authentication, the editor loads normally.

Tags: node-redsecuritydockerAuthentication
Back to List

Prev: Skipping Errors in MySQL Asynchronous Replication

Next: Building a Minimal Thread Pool in C with POSIX Threads

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top