Node-RED FTP access locally and globally

Dear Node red experts,

I have a connection of the hardware which has node-red in built in it. The Hardware is connected to a computer locally via (LAN 1) wired conection and thus the Node-RED dashboard and files inside the hardware are accessed via the FTP node from Node-RED.

Now to save the files inside the hardware and to download the files from the hardware via file zilla, I enter the local IP address and obtain the csv files.

But at the same time, I have also connected one more internet connection to the other LAN port (LAN 2) of the hardware and have given a static IP address to access it from anywhere over the internet. In the static IP the ports 1880, 80 and 21 are port configured to allow 2 way flow of information.

I heard that there is a risk in using the FTP node which is open to internet. So, I have not used this static IP along with port 21 for transfer of files over internet.

I am planning to access the hardware through the local IP address from LAN port 1 and get the files transfered via the file zilla directly on the laptop placed.

So, as per the connection, do I still have the security issue with the FTP port and file transfer via file zilla??

If you have opened port 1880 to the internet and have not forced https and strong password access to node-red then your node-red flows may well have been hacked already.

It is not the ftp node that is not secure, it is the ftp protocol. You must at least use sftp.

The main thing I need to do is to have the dashboard visible to us.

If I stop the FTP port configuration from the static IP and only allow the 1880 and port 80 , I can still see the node red dashboard and be secure? or from your advice above, I see I should have a https connection instead of http.

I have a username and password for the node red but I have not used https.

So, I understand that the https connection is needed instead of http, with a strong username and password to be secure. Then the node red and dhashboard can be accessed securely. and if I need to trnsfer files, I need to purchanse some sftp connection.

What files do you need to transfer and what direction (into node-red / out of node-red / both)?

You need to make sure that your FTP server is only accessible from your LAN. You can do that by configuring a local firewall on the server device - something like IPTABLES or IFW for a Linux based server. However, blocking inbound access to ALL ports on your Internet router is normal and as long as you have that, you should be OK.

To make your dashboard available over the internet, my recommendation is to implement a web server such as NGINX or Caddy and use it as a reverse proxy with TLS termination. That way, you don't need to mess with the configuration of Node-RED itself.

One other thing, if you are using a Linux OS on the server, you would be better off using SSH rather than FTP. Not only is it more secure, it is also more featureful. For example, you can use VScode over SSH to do remote coding. SSH includes SCP if you want to continue to do file transfers and FileZilla will happily work over SCP. Then you can decommission your FTP server for extra security.

I need not transfer files as of now, I just need the dashbard and node red to be visible for observing the status of the sensor data from hardware

I will check with your suggestion for gettig the node-red dashboard using a web server NGINX or Caddy.
Thank you very much for the clarification.