thewiwcorp/node-red-manageable
Manage your NodeRed containers using environment variables and custom settings files
67
Manage your NodeRed containers using environment variables and custom settings files
This project takes standard and official NodeRed containers (https://hub.docker.com/r/nodered/node-red) and add features to make easier the container configuration. Standard settings.js file is just slightly modified so you keep the existing behaviour by default.
It can be use like standard NodeRed image. Just add environment variables to get the new features. E.g.:
docker run -it -p 1880:1880 -v myNodeREDdata:/data -e NODE_RED_CREDENTIAL_SECRET="foo" --name mynodered thewiwcorp/node-red
docker run -it -p 1880:1880 -v myNodeREDdata:/data -v myusers.txt:/data/auth/editor_users.txt -e NODE_RED_SET_EDITOR_USERS_BY_FILE=true --name mynodered thewiwcorp/node-red-manageable
User are defined with the same syntax than the one expected by NodeRed in a file. Default user may be set too. Each time a user try to connect, the file is read so you can change the values without restarting NodeRed.
This feature is enabled when you set NODE_RED_SET_EDITOR_USERS_BY_FILE=true
Expected file format is:
[
{
"username": "admin",
"password": "$2b$08XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"permissions": ["*"]
},
{
"username": "writer",
"password": "$2b$08XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"permissions": ["read","flows.write","nodes.read"]
},
{
"username": "reader",
"password": "$2b$08XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"permissions": ["read"]
}
]
All passwords must be encrypted with bcrypt first.
Default file location: `/data/auth/editor_users.txt'
You can change the file location by setting NODE_RED_EDITOR_USERS_FILE
You can change the behaviour by providing your own js file and setting the variable NODE_RED_EDITOR_USERS_CUSTOM_JS
. This js file MUST export users
, authenticate
and default
functions. See https://nodered.org/docs/user-guide/runtime/securing-node-red#custom-user-authentication.
Credential secret may be stored in the NODE_RED_CREDENTIAL_SECRET
environment variable.
You can change the behaviour by providing your own js file and setting the variable NODE_RED_CREDENTIAL_SECRET_CUSTOM_JS
. This js file MUST contain a getCredentialSecret function than returns a string. String value is only read at NodeRed startup.
One user for HTTP nodes and access to static resources can be defined by setting NODE_RED_HTTP_NODE_USER
and NODE_RED_HTTP_STATIC_USER
variables.
Expected format is user:encryptedpassword
. Passwords must be encrypted with bcrypt.
You can change the behaviour by providing your own js files and setting the variables NODE_RED_HTTP_NODE_AUTH_CUSTOM_JS
and NODE_RED_HTTP_STATIC_AUTH_CUSTOM_JS
. This js files MUST contain getHttpNodeUser and getHttpStaticUser functions. Both of them MUST return a JS object {"user": "myhttpuser", "pass": "mypassword"
.
JS objects are only read at NodeRed startup.
}
All password must be encrypted with bcrypt and a salt of 8.
See https://nodered.org/docs/user-guide/runtime/securing-node-red#generating-the-password-hash.
With docker compose you can run that command:
docker compose run --rm -ti --entrypoint node-red-admin node-red hash-pw
services:
node-red:
image: thewiwcorp/node-red-manageable:3.0.2-16
environment:
- NODE_RED_SET_EDITOR_USERS_BY_FILE=true
- NODE_RED_CREDENTIAL_SECRET=mystaticsecret
- NODE_RED_HTTP_NODE_USER=uiuser:$$2b$$08$$mybcryppassword1
- NODE_RED_HTTP_STATIC_USER=resourcesuser:$$2b$$08$$mybcryppassword2
cap_drop:
- ALL
cap_add:
- CAP_NET_BIND_SERVICE
deploy:
replicas: 1
expose:
- "1880"
ports:
- "1880:1880"
volumes:
- node-red.data:/data
volumes:
node-red.data:
In docker-compose.yml
file, pay attention that all $ must be typed twice.
Either:
docker run -it -p 1880:1880 -v myNodeREDdata:/data -v myusers.txt:/data/auth/editor_users.txt -e NODE_RED_SET_EDITOR_USERS_BY_FILE=true --name mynodered thewiwcorp/node-red-manageable
Or:
docker compose up
If you want to improve this project, feel free to contact us or to send a pull request.
docker pull thewiwcorp/node-red-manageable