I would like to control my IoT devices I am currently doing from the local node-red instance from the online node-red.
Note: I don't want to open ports on my home network!
Can I create a reverse tunnel? Sockets? If so, could you please provide some steps where to start with that, because I have no much knowledge about them.
Further question is if it is good to have two connected node-red instances or should I transfer everything to the webserver?
Just note that the default NGROK config is not secure. To be honest, any of the similar tools would do the job. They all use a trusted intermediary with a locally run agent to avoid having to change your firewall.
However, you should note that running a webserver and node-red needs careful thought and configuration, especially if you are using a VPS or shared web service. This stuff is easy to get wrong so take it steady, make sure you understand what you are doing and be prepared to rebuild everything a few times as you work through the right configuration for your needs.
Another possibility is to have only an MQTT broker that is publicly accessible, and use that to communicate between the private systems. All connections are from the local networks to the broker so there is no need to open any ports. An MQTT broker can be secured relatively easily.