You’ll have to strike a balance between security and ease. Your two major options are reverse proxy and VPN (Tailscale is one option for VPN)
For reverse proxy, you functionally open the app to the internet. Anyone with the correct web address can access the login page. This is inherently less secure than VPN, but not irresponsibly so. Beyond the reverse proxy itself, you’ll also have to learn how to configure an HTTPS certificate to increase security since it will be open to the internet.
For VPN, every user you want to be able to access the service has to be tied into the VPN and have the VPN running throughout their access. Tailscale is arguably the easiest way to configure a VPN right now, as you won’t have to manually deal with VPN configuration files for every device. VPN use will functionally make it like you’re on your home network. VPN access to your network should not be given to tons of people if at all possible.
Not OP but loss of the Pi results in loss of network connectivity. A headache if you’re home and never doing anything time-critical on the network. A disaster if you or anyone else is dependent on the network for anything time-sensitive (virtual doctors appointment, work call, etc), or you’re away from home and unable to directly VPN to your router to reconfigure DNS settings.