What’s the easiest way to secure that app so that only I can access it from my computer and phone, even when away from home?
This sounds like a use case for a VPN, but how does that work in practice, with minimal hassle? Would WireGuard work in the case I want to access the web app over the internet, with my phone’s browser (without any extensions, ideally)? Are phone VPNs smart enough to only send traffic through the VPN for certain domains?
I’m sure there’s a guide written about this topic somewhere, but I’ve spent quite a bit of time searching and everything I’ve found either doesn’t mention phones, doesn’t mention web apps, or assumes you want all your traffic routes through the VPN (or is incomprehensible SEO nonsense).
Edit: I didn’t discuss serving the site over HTTPS and having an actual login flow because that seems like it would be annoying to setup, but feel free to convince me I’m wrong!
If you really want to go down the VPN route, you can use something like Tailscale (which uses Wireguard under the surface).
After playing around with this, it is as I feared with respect to VPNs--it seems like you have to tweak a lot of obscure settings (and possibly run your own DNS server) to get the VPN to only be used for, say, a single domain. I'm surprised I haven't found a simple self-hosted solution to this yet. Edit: actually, this discussion on Reddit looks like what I'm looking for: https://www.reddit.com/r/WireGuard/comments/lqcmqn/use_wireg...
Tailscale looks promising, although I'm trying to see if I can get things working without signing up for an account there yet.
Cloudflare also requires an account and changing DNS settings (something I'm not sure I want to do yet).
Edit: I'm not opposed to having accounts and using free services--I'd just prefer not to, if I can easily avoid it. I assume all "free" services are actually "free until the company gets acquired" :)
Edit: and open source, if possible.