Firewall on the HAOS?
Not sure maybe there is iptables or linux firewall on the system and you can enable and start it.
For the webserver you might can specify the allowed network ranges. https://httpd.apache.org/docs/2.4/howto/access.html
i do run my own CA at home using Download.
Had to install the root CA on my end devices to be able to offer SSL/TLS encrypted sites.