You can't do this without thinking about the network not just the proxy. But the approach taken could indeed be reused for Node-RED as it is certainly a generic approach.
A lot depends though on where the proxy is set up and how it is configured. It is all too easy to create something that APPEARS to be secure but really isn't.
So the main question is - where would you set up the proxy? It needs to be somewhere that is, itself secure. You then still need to create a secure connection from the proxy to all of the Node-RED instances.
None of this is massively hard but it does need to be done with care and tested well. I would strongly recommend getting professional help and it would absolutely need specialist security testing.
But in principle, the concept is to create the proxy somewhere secure. Using something like NGINX or Caddy as a proxy would be fine as would HAproxy. Apache web server also works but is rather resource hungry by comparison.
Then you need a well protected route between the proxy and the node-red server. This either needs to be protected with a VPN or at least with a secure HTTPS connection. If using HTTPS, you will want to make sure that the connection is well secured and that the Node-RED instance ONLY accepts connections from the proxy and nowhere else. You can also configure Node-RED to trust proxy headers - when doing so, it is best to restrict that to the specific proxy servers.
If using a VPN, remember that ALL inter-connected networks on the VPN are only as secure as the weakest link. Meaning that if you extend the VPN to a weakly protected laptop for example, you are asking for trouble.
A proxy can, and often should, be used to provide any authentication and perhaps authorisation services as this is often easier to manage and better battle-tested than doing those things within Node-RED. It may also be easier if connecting your IDAM to an enterprise SSO service. Doing that from within Node-RED would likely be complex and may not be a well tested option.
Here are a few more references that may help you:
- Safely accessing Node-RED over the Internet - FAQs - Node-RED Forum (nodered.org)
- Using NGINX as a reverse proxy for Node-RED - FAQs - Node-RED Forum (nodered.org)
- Node red dashboard accessing from internet - Dashboard - Node-RED Forum
- Overview of general web app security with some specifics for Node-RED and uibuilder (totallyinformation.github.io)
- How to use flows and uibiulder middleware to secure your data (totallyinformation.github.io)
- How to use NGINX as a reverse proxy with TLS and identity authentication (totallyinformation.github.io)