Best and safest way to set up safe, secure remote access with google assistant integration

My trial for nabu casa is coming to an end and would like to set up remote access that will play nice w/google assistant for free. Willing to put in some work and learn.

Was able to setup an ssl certificate and https via duckdns.org. But was going to redo it and try the reverse proxy method w/nginx. I’ve also enabled MFA as well as a ban ip after 5 incorrect login attempts in my configuration.yaml file.

Couple of q’s:

  1. Is there a way to ban ip’s from non-us locations?
  2. Can i incorporate a vpn like wireguard or tailscale into my setup and still use google assistant?
  3. Would cloudflare be a better option than duckdns?
  4. is there a way to only allow access from my local network as well as my wife and my phone
  5. Any other measures i should look at to secure my instance?

Any and all help is much appreciated.

Stay wit Nabu Casa, that will be my advice :wink: