Thanks - that explains it.
While I see options there to get around the permissions issue, it seems like it makes more sense to use NGINX reverse proxy to solve this issue. Then, I think, I can also do things like redirect requests on port 80 to 443, or perhaps accept requests both ways. Neither of which I believe I can do with Node-RED alone.
I found this guide. Do you think this would put me on a better track? Node-red server with nginx reverse proxy howto guide