People don't usually expose self-hosted services directly to the internet, even if they have a login page. You use a reverse proxy, that way they can be HTTPS, share port 443, and use subdomains (Caddy makes this really easy). And then adding auth becomes trivial, and you can even put your services behind some SSO sign-in if you want to.
If possible though it's best to use a VPN so that nothing needs to be accessible from the internet at all (not to mention then you can access your NAS shares w/o needing a web UI). That's why I actually prefer when self-hosted apps don't have their own auth system, or at least let me disable it. If everything's internal only, I don't need it anyway.
If possible though it's best to use a VPN so that nothing needs to be accessible from the internet at all (not to mention then you can access your NAS shares w/o needing a web UI). That's why I actually prefer when self-hosted apps don't have their own auth system, or at least let me disable it. If everything's internal only, I don't need it anyway.