There's no way to expose HTTPS without a reverse proxy. This was a conscious decision to keep a separation of concerns, reduce development overhead, because reverse proxies have better support, and because anyone running multiple instances will need one for load balancing anyways. Nginx is quite easy to set up, and LetsEncrypt has very good support for it.