If you don’t want to deal with these things and it’s just you or maybe a few others, here’s the easy way:
Define the services for each host (i.e. physical + virtual machine) in a single Docker Compose file. You can even put all of these docker-compose files in a single Git repo
Install Tailscale on all your machines - this is really easy and will let you securely access everything without having to forward ports or worry about the attack surface of the public web
Set up something like Heimdall or https://github.com/tailscale/golink to have easy to use shortcuts for your services
This gets you out of SSO signin, certificates, reverse proxy setups, all the things that are (understandably!) complex and annoying to set up
Home Assistant is a good example - its recommended installation is a VM