Allow inbound TCP/UDP connections

[ZJvandeWeg]

Description

As a Node-RED developer I want to update proxy rules So that to allow certain connections to be made to the Node-RED instance that aren't the supported ones like HTTPS, WSS, allowing more use-cases for end users.

[sammachin]

This is a limitation of the k8s (and docker) deployments, its not an issue on localfs.

This isn't just a question of adding a rule to a proxy there isn't a TCP/UDP proxy in the platform, HTTP works on hostname and is a Layer7 proxy TCP and UDP don't have this concept as they are Layer 4. It would require a dedicated Public IP address for a project and then some new component to perform address translation for this address through to the project container, also some kind of user configuration/firewall type of setting would likely be needed. This would be bespoke to the environment that FlowForge is running in, eg AWS EKS etc.

It's potentially a useful premium add-on for FlowForge Cloud but is a significant amount of work so we would need to assess the market demand for it first.

As a work around the ngrok node (https://flows.nodered.org/node/node-red-contrib-ngrok) can be used to get inbound TCP connections to a Node-RED instance when the platform does not have a public IP address, however it doesn't support UDP.

[hardillb]

There is similar problem on localfs in that you can only have a single project use any given port with no way to communicate between projects as to what ports are already being used.

[sammachin]

Although that's always an issue with running multiple services on one machine doesn't matter if it's 2 node-red projects or node-red and some other application