I put out a secure configuration for NGROK some time back in the forum. You might want to look at that, the configuration you've specified there is not secure.
Also, do you really want your security settings inside Node-RED? Might it not be better to simply use the command line version? That's what I've done. I have a Telegram bot that lets me turn on/off NGROK so I don't need to leave it running all the time and then I think it is an exec node to run the command. I'd need to look up the details, with lockdown I haven't needed to use it in a long time.
@TotallyInformation Thanks, I will follow and only plan on exposing for short periods of time/when in use, Telegram bot to turn on/off will work great.
In regards to the ngrok node - when testing I can expose the web inference : flow (http:// ip:1880). however can I exposing a root of 1880 such as UI , etc so the ngrok web inference is for example http:// ip:1880/UI
I haven't been able to find node red documentation on this and whether I can do this in the properties of ngrok node.
I don't use the node so I can't help with that I'm afraid. What I will say again is that your configuration is not secure. While you may only be exposing for a short period, an endpoint that appears in the internet will be attacked in <30sec.
