I'd like to be able to access the webui without having to log in with the qbit username and password (using my reverse proxy for authentication instead), now I am able to achieve that by whitelisting my proxy as exempt from auth, BUT that now leaves the API endpoint completely open to the world (and I would like to be able to access it outside my local network for apps like nzb360 that allow me to view the torrent status in a neat, mobile friendly way), can a scheme similar to apps like Sonarr, Radarr etc. be implemented? (a API token is used for authentication to the API instead)

PS: Can I also get the ability to use a hostname in the whitelist?, I'm running the proxy under docker so its IP may change

EDIT: Alternatively, please let me know if such a setup is currently possible!