Docker compose + Cloudflare Tunnels is my current setup, no need to deal with SSL, have a public IP address, and if you make use of Tailscale, you do need any open ports, witch is extremely secure and robust.▲
Same, I use dockge to manage them. Then I use cloudflare zero trust with email login to access them instead of using a vpn, don't have to install vpn on multiple devices and my partners devices.