From 5d334e961962b5f599c7f3d5cc9a1c358254da17 Mon Sep 17 00:00:00 2001 From: Nick O'Leary Date: Thu, 10 Dec 2015 13:20:39 +0000 Subject: [PATCH] Clarify auth settings in default settings.js --- settings.js | 50 +++++++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/settings.js b/settings.js index 28782c06e..5d77c9e64 100644 --- a/settings.js +++ b/settings.js @@ -63,43 +63,40 @@ module.exports = { // If set to false, this is disabled. //httpAdminRoot: '/admin', - // You can protect the user interface with a userid and password by using the following property. - // The password must be an md5 hash eg.. 5f4dcc3b5aa765d61d8327deb882cf99 ('password') - //httpAdminAuth: {user:"user",pass:"5f4dcc3b5aa765d61d8327deb882cf99"}, - // Some nodes, such as HTTP In, can be used to listen for incoming http requests. // By default, these are served relative to '/'. The following property // can be used to specifiy a different root path. If set to false, this is // disabled. //httpNodeRoot: '/red-nodes', - // To password protect the node-defined HTTP endpoints, the following property - // can be used. - // The password must be an md5 hash eg.. 5f4dcc3b5aa765d61d8327deb882cf99 ('password') - //httpNodeAuth: {user:"user",pass:"5f4dcc3b5aa765d61d8327deb882cf99"}, + // The following property can be used in place of 'httpAdminRoot' and 'httpNodeRoot', + // to apply the same root to both parts. + //httpRoot: '/red', // When httpAdminRoot is used to move the UI to a different root path, the // following property can be used to identify a directory of static content // that should be served at http://localhost:1880/. //httpStatic: '/home/nol/node-red-dashboard/', - // To password protect the static content, the following property can be used. + // Securing Node-RED + // ----------------- + // To password protect the Node-RED editor and admin API, the following + // property can be used. See http://nodered.org/docs/security.html for details. + //adminAuth: { + // type: "credentials", + // users: [{ + // username: "admin", + // password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.", + // permissions: "*" + // }] + //}, + + // To password protect the node-defined HTTP endpoints (httpNodeRoot), or + // the static content (httpStatic), the following properties can be used. // The password must be an md5 hash eg.. 5f4dcc3b5aa765d61d8327deb882cf99 ('password') + //httpNodeAuth: {user:"user",pass:"5f4dcc3b5aa765d61d8327deb882cf99"}, //httpStaticAuth: {user:"user",pass:"5f4dcc3b5aa765d61d8327deb882cf99"}, - // The following property can be used in place of 'httpAdminRoot' and 'httpNodeRoot', - // to apply the same root to both parts. - //httpRoot: '/red', - - // The following property can be used in place of 'httpAdminAuth' and 'httpNodeAuth', - // to apply the same authentication to both parts. - //httpAuth: {user:"user",pass:"5f4dcc3b5aa765d61d8327deb882cf99"}, - - // The following property can be used to disable the editor. The admin API - // is not affected by this option. To disable both the editor and the admin - // API, use either the httpRoot or httpAdminRoot properties - //disableEditor: false, - // The following property can be used to enable HTTPS // See http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener // for details on its contents. @@ -111,6 +108,11 @@ module.exports = { // cert: fs.readFileSync('certificate.pem') //}, + // The following property can be used to disable the editor. The admin API + // is not affected by this option. To disable both the editor and the admin + // API, use either the httpRoot or httpAdminRoot properties + //disableEditor: false, + // The following property can be used to configure cross-origin resource sharing // in the HTTP nodes. // See https://github.com/troygoode/node-cors#configuration-options for @@ -170,7 +172,9 @@ module.exports = { level: "info", // Whether or not to include metric events in the log output - metrics: false + metrics: false, + // Whether or not to include audit events in the log output + audit: false } } }