As the use of NGINX is often recommended by myself and others to help provide performance and security gains for Node-RED. I thought that I really ought to do a full write-up on how to do this.
Note that there is also another FAQ on this subject but the above gives specifics about the use of HTTP/2 and rewrite rules for handling multiple instances of Node-RED (or multiple node.js apps or using uibuilder with its custom server feature). Or indeed just proxying specific parts of Node-RED.
The configuration in this article also uses the current standards and configuration of the community version of NGINX (e.g. it does not use the sites-available folder).
My article does not, however, cover the installation and configuration of other tools and services such as fail-to-ban or Let's Encrypt.
Node-red server with nginx reverse proxy howto guide - Node-RED Forum
User Authentication
This is the other piece of the puzzle, doing user authentication outside of Node-RED. I still need to do an article on this and will do so when time permits.
There are doubtless various ways of doing this with NGINX but I'll first be looking at vouch-proxy which supports multiple back-end authentication services and is open source.
