π‘οΈ Security Best Practices
Securing your Node-RED instance is critical for protecting your data and system.
π Admin Authentication
Enable username/password protection in your settings.js file:
adminAuth: {
type: "credentials",
users: [{
username: "admin",
password: "<bcrypt-hash>",
permissions: "*"
}]
}
Use a tool like bcryptjs to generate the password hash.
π HTTPS/SSL Support
Use self-signed certificates or Letβs Encrypt to enable HTTPS:
https: {
key: require("fs").readFileSync("/data/certs/privkey.pem"),
cert: require("fs").readFileSync("/data/certs/cert.pem")
},
requireHttps: true,
π Network Hardening Tips
- Run behind a reverse proxy (e.g., Nginx, Caddy)
- Use firewall rules to limit access to the Node-RED port
- Avoid exposing Node-RED directly to the public internet
Stay secure! This section will expand with more best practices over time.