Maybe I asked the wrong question. I meant to ask: this is what I came up with. It works. Some containers in docker and the only open ports are the Wireguard one and Plex. Is it safe to have everything on http inside my home network or should I look into hardening it?
Plex is shared with family so the door is open. But if I’m getting this right, since it runs in docker and I’ve enabled 2fa and a strong password it’s fine.