accessed from the internet
Accessed only by you and close family/friends who you are also hosting services for?
Or accessed by anyone?
“Accessed by anyone” carries more risk.
“Accessed by users you host for”, the risks can be eliminated (well, other than risks from those users) by using a VPN. As in, only the people authorised to be on the VPN can access the services.
Wireguard is the go-to these days.
Tailscale is much easier and free for 3 users and 100 nodes.
If it absolutely has to be “accessed by anyone” I would look into a “reverse proxy over VPN/tunnel” or just straight tunnel style approach like chisel (or crowbar, or corkscrew), rathole, frp, or cloudflare tunnels.
Basically, don’t point a domain at your home public IP and don’t forward ports on your home router/firewall
The 2nd part about “don’t mention politics” is twice as long as “I’ve lost my job”.
And still ends with:
As if that isn’t the left-wing (most countries would call centre) modus operandi: people are people