For those using NR in the enterprise, I need to have a flow that is essentially a custom http webhook receiver (the incoming information is not confidential in any way) collecting information from devices that are online but cannot connect via vpn.
Although I've been using NR for a while now, I've not put anything out on a public facing connection before and just want to make sure those of you with more experience dont see an issue.
My NR install is running as a regular (non-root) user
my webhook receiver is not on port 80 and is different port from my dashboard port
the webhook incoming port is the only hole in the firewall.
the NR instance is in an isolated DMZ that can only forward verified messages to an SQL server
the nr dashboard is "secure" and can only be accessed from my admin machine
I have safeguards in place for getting junk/malicious incoming posts and I've attempted to handle DoS attacks.
Are there any concerns you see in this kind of setup?
There have been recent reports about hacked node red instances, right after ports have been opened on routers. Hence I'd be really really careful. There are bots waiting for you. And I guess its independent from the ports you use.