I have a suite of services exposed using a reverse proxy (npm) protected with passwords, but I’m always a bit nervous that username/passwords aren’t enough – is there a way to set up 2FA either on Nginx Proxy Manager side or on, e.g., the 'arr suite of apps?
Not sure if it fits your requirements exactly but I just put a service behind TwinGate and it works well for my usage case. I can allow my wife secure access to services she needs to access from anywhere securely - she just opens the app to connect and she can access what she needs.
I haven’t but you can enable 2FA, as well as restricting based on things like hardware, OS and whether a device has biometrics.