Depends on your threat model, but you’re probably fairly secure from remote unauthorized access right now.

Given that I’m American, I would put the *arr stack behind a dedicated VPN container like gluetun and set Gluetun up using a “no logs” VPN.

For remote access, Tailscale can probably get around that double NAT. If you have it on your devices as well as your server, you won’t necessarily need to expose anything publicly.

If that’s not an option, you could set up an external VPS to run a reverse proxy (Caddy perhaps) and use the Tailscale connection to connect the VPS to your home server. There are fully self hosted ways to do this (Headscale comes to mind), but Tailscale is how I personally would solve this.

They load. I have to specify http:// to get it to work though.

I’ve never done it myself but this may be what you’re looking for.

Please! That would be very helpful. I tried but got tired of banging my head against a wall. I’d like to see how you approached it.