So I am for the most part a lurker and a hobbyist. I've always been a bit of a techie, but over time decided I wanted to be more anti-consumption and such.
I started out with by doing my own calendar. I have a desktop that has my nextcloud and use it to sync my gnome calendar with fossify (with davx5). This was rather straight forward and gave me a nice confidence boost. This is mostly done on my local network, tho I am thinking of reading more into tailscale and getting a domain. The next move I did was to bring my todo list over. This was a bit tricky as many apps don't have a setting to support repeat todos and crossing one off might just remove the item entirely and kill the resets that another app set up. At one point I found the app super productivity. This app is basically perfect. Only downsides is that it is a bit more strict (particularly on the mobile app) about an ssl cert. There is an option to have the app sync with a local file. I thought I could be clever and just have nextcloud do the syncing and let the apps think they are working only off the local on their respective device. Alas there was a snag here. For some reason nextcloud will write the files with read only permission on the laptop, so I cannot add or cross off items. Then I remembered using some apps around a decade ago that worked off a todo.txt file. I figured maybe I could find some mobile and desktop apps and recycle the idea of letting nextcloud manage two way sync of a file and letting apps interact with it as if it were local. It seems like I have some winners here with sleek on desktop and ntodo.txt on mobile.
Just my humble story of selfhosting so I don't feel like a poser when listening to podcasts or lurking.
Try the web app (PWA). I don't remember it complaining about http localhost.
I'd also raise that as an issue with the developer. No self host-able app should enforce https. Only warn/notify. There are numerous situations where http is a perfectly fine, permanent solution (LAN/VPN).
So I realize the following does not directly apply in this specific case, since we are talking about a full android app. But in general, there are strictly technical limitations which absolutely requires you to use https. This for example applies to PWA's, and it also applies to apps which are WebView-based.
Basically the w3c is disagreeing with you; there are several important javascript features which are forcefully disabled if you are not connecting over https. This is a decision made by the webbrowser itself, and not something you or the dev can disable or otherwise avoid.
For example, it is impossible to use the browser's built-in api for getting the sha512 hash of a file, which is why i had to go through great pains to do that in other suboptimal ways in one selfhosted service i made. Most devs rightfully wouldn't bother, since those restrictions are arbitrary and effectively pointless, as there are (usually painful) workarounds.
List of features which require https: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts/features_restricted_to_secure_contexts
Other people were talking about it with the dev on github.