The author doesn't explain it well, but I use home assistant and I share the same view. Home assistant is not a very secure app. I would be fine putting it behind Nginx with basic auth, because Nginx is quite battle hardened and basic auth is a small attack surface.
I've solved it instead by using Wireguard and keeping home assistant on my private network. No idea why the author thinks VPN is not a good solution. It's also helpful for several other apps I don't feel safe exposing to the internet.
> Nginx isn't suggested on the remote access manual page for sure
This makes it seem like they advise against it on that page, which is not true. Nor would it make any sense, putting a reverse proxy in front of a web application before exposing it to the open internet is about as typical as things get.
The problem the author describes is that doing this is not compatible with the mobile app. It doesn't support http basic auth and also can't present a client certificate (that's what I used to secure remote access to other browser based apps)
I've solved it instead by using Wireguard and keeping home assistant on my private network. No idea why the author thinks VPN is not a good solution. It's also helpful for several other apps I don't feel safe exposing to the internet.