@JackDavies nice, thanks for sharing. This looks a lot like the setup I used to have until I decided I was not comfortable (nor experienced enough) having my Pi (and my whole network) exposed to the internet.

A few tips/recommendations I can share from my experience:

Namecheap includes free dynamic DNS hosting with all their domains, which means you can have your own domain and this reduces the chances of your sites being blocked due to others abusing free dynamic DNS services. You can get a cheap $2/year domain instead.

For an even smoother TLS certificate experience, you can use Caddy, which is as easy to configure and run as Nginx, with the added benefit of automatic TLS certificate management.

I know many people are not happy with Cloudflare, but their Zero Trust tunnel service is amazingly easy to use and covers 99% of use cases (I made up that number). Instead of exposing your entire network, you just make an outbound connection by running the cloudflared daemon inside your network and then create the subdomains by creating “apps.” No port exposing or routing.

As for the post itself, I would only recommend replacing your mydomain.com examples with one of the official domains used for technical documentation: example.com, example.org, or example.net. These cannot be registered by anyone, which means you are not creating links to potentially dangerous sites.

Good luck with your #selfhosting adventures!