This guide is agnostic of how you run HA.
The TL/DR is:
- Install something to keep your dynamic DNS hostname up to date
- Install and configure something to generate SSL certificates for your hostname (dehydrated or certbot)
- Decide whether you’re going to do SSL in a proxy server (good choice) or directly in HA (maybe not a good choice)
- Install and configure your chosen proxy server
- Configure HA for the reverse proxy
- Set up your port forwarding and test it all