How to secure tljh?

I already enabled HTTPS for tljh, as recommended in its documentaion.

I then read up about the additional security considerations here: Security Overview — JupyterHub 3.0.0 documentation

But the documentation is not very clear on how to set everything up.

Are there any more detailed step-by-step guides somewhere?
I am relatively new to Jupyter, so not very familiar with how to configure everything yet.

From a quick test on my current installation, it seems users can modify ~/.jupyter, install pip packages, etc, so it would not be secure according to the documentation.