SSH or VPN is the only secure way to do this. LuCI is not considered safe to expose to the Internet, whether or not https is used. Note that https is designed to protect the user from having their communications intercepted in transit, or connecting to an imposter site. It does nothing to protect the server from being hacked.
If you have the OpenWrt router connected to the main network through its WAN, (double-NATting), you have to open a port on the WAN to allow SSH in. The OpenWrt router's LAN address does not matter.
Internet (public IP) -> main router -> Open Wrt's WAN IP on the main router's LAN -> Openwrt WAN -> Dropbear SSH
On the main router:
Reserve / static lease a DHCP address for the OpenWrt router's WAN interface
Forward a port from the Internet to port 22 at the OpenWrt router's IP known above.
On OpenWrt
Open a port with source WAN, proto TCP, destination port 22
It is best not to use port 22 on the Internet, it will get probed a lot. Pick some port with a number > 10000.