Disabling reverse proxying without breaking everything

[rbmatt1s]

When I originally set up my UNRAID, I configured it so that I had subdomains on my custom domain (i.e. movies.<mydomain>.com), which I had pointing to my DDNS URL (I had DDNS on my router) , port 80 and 443 forwarded to my UNRAID (I KNOW, I KNOW), then I had letsencrypt/nginx for reverse proxying. 

Everything worked very well, I could remotely access NZBManager using SSL.

 

After reading the threads in Security, I think having my UNRAID facing the internet was a mistake.

 

If I want to do things more securely i.e. OpenVPN running on router, all remote clients connecting to OpenVPN, then accessing services via local IP (i.e. 192.168.1.X:7521), is the procedure, just "uninstall Letsencrypt Docker, edit config files on all my other docker containers?" 

Anything I'm missing? I followed @spaceinvaderone 's tutorials to a tee when setting up reverse proxying, worked very well, but the security issues are too worrisome.

 

thanks