If you require HABmin, consider connecting locally or using Safari for now.
You will be using Encrypting the communication between client and the server is important because it protects against eavesdropping and possible forgery.
This is fairly simple in NGINX once you have the reverse proxy setup, you just need to provide the server with a basic authentication user file.
Note: There is currently an issue with Proxy Authentication and HABmin when using some browsers.
These certificates expire within a few months so it is important to run the updater in a cron expression (and also restart NGINX) as explained in the Certbot setup instructions.