When I had my homelab services exposed to the broader web, I enjoyed using Authelia with NGINX. It supported MFA and worked well enough.
That said, I HIGHLY suggest you expose as few of your home systems to the web as possible. Ideally, I would set up a VPN like WireGuard or OpenVPN and use that to connect into your LAN while on the go.
The more of your home network you expose to the web, the bigger your attack surface. If you can just turn on a VPN that already has strong authentication like asymmetric key pairs, you significantly reduce the ways someone can break into your home network while making as many (or few) of your home services available through that VPN as you want.