I’m basing a project off of balena-node-red and I’d like to disable the editor from being visible on the network, so that nosy users can’t open the web editor and take a peek. I would of course still like to access the editor via balena tunnel <uuid> -p [port]:[port].
I’ve confirmed that I can currently use balena tunnel as described. I tried to turn off editor access by editing the settings.js file for Node-RED to set uiHost to localhost (127.0.0.1) but this seems to block any connections at all, which isn’t expected.
Is it the case that the tunnel is considered outside of localhost, therefore the UI is not visible?
Thanks for the comment. Yes, I’m using credentials so that nobody can edit the Node-REDs flow via the editor, however without logging into Node-RED it’s still possible to have a look into the flows, credentials and generally ‘poke’ into a UI that I’d prefer to not be accessible on the local network.
For example, see the screenshot below of what is visible without logging into the editor:
Fantastic - thanks. I think the uiHost idea doesn’t work because this limits access to the localhost only. balena tunnel allows access to ports available externally to the device, for which the Node-RED editor port 80 wouldn’t be in this case. So perhaps uiHost is not the answer here.
I have found a workaround that combines ssh -L with balena tunnel to allow remote access to a remote port bound to 127.0.0.1. It is described as comment in the same GitHub issue. With that workaround, I believe you could continue to set uiHost to 127.0.0.1, and access the UI remotely through the tunnel to your workstation. Let us know if works for you.
Joe i found another way to introduce the login and password before accessing the Node Red UI using a “public” local IP address. Not sure what NodeRED are you using, but if you go to the setttings.js file and delete on the adminAuth the defaults lines, then nodeRED will force you to access using username and password.