I have my smart TV access it over my local network. If you’re using a friend’s instance, you could set up a WiFi SSID that tunnels everything over your VPN.
If that’s onerous, you can make it publicly accessible, but only for whitelisted client IPs.
Yeah, an IP range totally works. Figure out the subnet info and add that to a whitelist. It’s a pain, but it should keep the script kiddies at bay.