As of right now, I need access to the editor from any remote location and I need to open up access to the Dashboard so that anyone can use it. Is it possible to use NGROK and the stuff you mentioned later on (although I don't quite know how to do any of that just yet but I'm sure a quick Google search will give me everything I need).
Based on your flow post, will I need to set up my own Telegram bot to secure NGROK? Also, will NGROK work on an RPi?
It's a little to late for that... 
You sound a bit too dangerous for my taste, I think it is a bit scary what you are attempting based on all the question you are raising. We are not in the same company I hope...but good luck anyway 
Are you doing this for a commercial organisation? If so then please get professional advice. Otherwise your system will almost certainly get hacked at some point, someone's personal information will get stolen and you will be getting sued.
So this is the dangerous part. Nobody in this forum will give you exact advise on how to do this because it could put us in a difficult position should you later get hacked. So any information here is given on the understanding that both responsibility and accountability for the safety and security of yourself and anyone else is yours and yours alone. Please bear in mind that in some countries, this could, in extreme cases, put criminal as well as civil liabilities on you.
So having said that, I've already outlined what you will need in order to make this happen with even a modicum of safety.
The easiest way is to set up your Pi with absolutely minimum software on it and keep any flows to a minimum too. Make sure that you create new user accounts, one for admin use and a separate one for running Node-RED, Caddy should also have its own. Then delete the pi account.
Use a second device if needed to house more sensitive things and keep that separated from the Pi that is connected to the internet.
The connected pi should have Caddy installed and configured for Let's encrypt to get security certificates - for this, you also need a registered domain name that points to the external IP address of your home connection. A domain will cost you a few dollars a year. The certificate is free. Caddy will take care of the renewals for you. Configure Caddy to act as a reverse proxy for both the HTTP and websockets connections that you will need for access to Node-RED. You can also use Caddy to provide user logins if you need that, if you don't, just remember that anyone on the Internet will be able to access your Dashboard. You MUST use HTTPS (which is what the certificate is for), block all HTTP, also block websockets (ws) and only allow secure websockets (wss). If using user logins, also configure something like fail2ban which will help detect people trying to brute force the logins and will auto-ban them.
Also don't forget to disallow any access to the Node-RED Editor. Move it to a different path. Also don't use the default port (1880), move it to something high (it must be over 1024).
Now go and read up more about securing Linux (Debian). Then read it all again, and probably at least one more time. Take the time to implement any recommendations.
Next, go register at Cloudflare and assign your registered domain to the Cloudflare name servers - better still, register you domain via Cloudflare, its as cheap as you can get it. Set up security in Cloudflare so that it is acting as a proxy for your connection. Now go to your router and allow a single inbound connection on port 443 (https) and route it to the pi's ip address and the port you set up in caddy. BUT only allow a connection from the Cloudflare servers. Cloudflare can also do user logins for you which is even easier to set up but I think you only get 5 logins on the free tier.
Now test to make sure you cannot connect to your endpoint directly (using your home's external ip address for example). Next test that you can access it via the domain name and check cloudflare to make sure things are routing through it.
Finally look up a bunch of web security test sites and test your connection to make sure it is reasonably secure. If you are getting a score of less than B, something is probably wrong. You should be aiming for A, A+ but that is actually very hard to do.
Ideally, you would also have configured logging and would monitor attempted connections to be sure that the only connections ever happen via cloudflare.
Now go make sure that you have a bunch of reminders set so that you are updating everything weekly. You can also add some software that will alert you if any of the settings in /etc change which would indicate someone has broken in.
Seems like too much effort or too hard? Good. Don't even think about trying in that case. 
If you get to here and you have a nicely configured and safe endpoint, welcome to the club of geeks who run their own servers. And finally, remember that, on the Internet, safety is an illusion brought on by lack of knowledge. Also today's security is tomorrows security hole.
I will this once as well, everything else, and I mean everything else, should be isolated from the Pi device, on a separate internal network, so the Pi is in its own zone. As your read through documentation on proper security and isolation methods, the term zone will, should, take on new and unique meaning.
I think Iām just gonna follow this advice for now... the amount of work it would take just to keep this secure and stable doesnāt seem worth it for the small number of projects Iām working on. Maybe sometime in the future when I have more experience Iāll come back to this and test it out. Iām sorry you had to type so much, but hopefully someone out there will appreciate your step by step explanation.
I think Iāll try to find a different way to host my Node-RED server for now. Thank you all so much for your help, especially @TotallyInformation and @Nodi.Rubrum!
You are most welcome. Rather discuss and qualify risks, than not. What is the old saying? Better safe than sorry.
haha, no problem. I don't mind the typing and it helps me as much as anyone else as it makes me think about what is correct & helps me remember the details.
I do hope that you will come back to this and have a go in the future. Yes, its a bit scary but the results are satisfying.
If nothing else, if you've gone away with a better understanding and appreciation of the risks and complexity then hopefully you will be able to pass this on to others in the future and it will have been time well worth spending.
Well, whatever you do, have fun and keep thinking. Quite often another way will present itself after some of the ideas and thoughts have settled in.
And... maybe all the hackers will get a computer virus, and lose the ability to type... it would make for a nicer world for the rest of us IT engineers, not to mention every honest computer user world wide?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarksā¢ or registeredĀ® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy