Please note that this version of the site is no longer being updated. All content has been merged with my IT Blog "Much Ado About IT". Click here to see this page on the other site. I've found that using Jekyll to be too fragile and complex. GitHub pages are too limited. The blog site was on WordPress (self-hosted) but that was too slow and clunky. The revamped blog now uses Hugo and is published using Netlify
Making Node-RED available over the Internet
The simplest approach to making Node-RED available over the Internet is not to do it at all! Node-RED was not initially designed to be exposed direct to the Internet but rather as a prototyping tool for IoT and Home Automation. As such, it does not have regular security audits and you should very much limit its exposure.
The next simplest approach: A Telegram bot
However, access over the Internet is a common requirement and certainly extends the usefulness of Node-RED.
So the next simplest approach is to make use of a secure 3rd-party messaging service such as Telegram Messenger. Telegram has client apps for just about every platform. It is fast, robust, secure and has a relatively easy to use API (Application Programming Interface).
Create a bot in Telegram, grab the API connection details and install the node-red-contrib-telegrambot nodes into Node-RED.
You can use the bot to send information to Telegram clients and also to allow authorised clients/users/groups to send information and commands to Node-RED via the bot.
The main current limitation is that you cannot use your bot to bridge information from other Telegram bots into Node-RED.
Also, using an instant messaging style interface does limit how you can interact with your users. However, telegram allows a number of ways ranging from conversational interfaces to buttons & autocomplete.
You can also use a bot to send rich data including video and audio to clients. You can also receive such data and other files from users.
If you are trying to create a conversational interface, you might find RiveScript to be useful. There are two nodes available for Node-RED, node-red-contrib-rive and node-red-contrib-rivescript.
Alternative approaches
If a Telegram bot doesn’t meet your requirements, you will want to ensure that all Node-RED web interfaces (including admin, Dashboard, http-in/out, etc) are all properly protected. You will also need to protect the websockets and Socket.IO interfaces that are used. This is non-trivial and care is needed when configuring.
Some additional information is available on the WIKI for the Node-RED Cookbook.
Generally, the safer approach is to put Node-RED behind a reverse proxy. NGINX or HAProxy are two commonly used applications for this purpose.