Unfortunately I don’t think that it’s easily doable without some heavy tinkering
If you are concerned about security, then making your app private, and possibly restricting access to a few users, should do the trick, as it will only be accessible for those users after logging in the SSO.
If you are concerned about speed, then accessing via the domain name or via the local IP shouldnt make any difference since your internet box IP should directly correspond to the domain name, hence paquets never actually leave your local network.
If you change the nginx configuration of an app, the next upgrade could ask you to reapply change… That’s why the sso solution (ssowat works as a plugin to nginx) is more useful
Here is what you asked for, you need to add it inside ‘location’ in the app nginx conf located in /etc/nginx/conf.d/DOMAIN.d/APP.conf:
it did deny any income from domain.tld, but i cant connect from 192.168.X.X even with port 5050.
it always redirect to yunohost admin, probably because /etc/nginx/conf.d/yunohost_admin.conf