IIRC Getting the LetsEncrypt certificate for NGINX Reverse Proxy requires direct access to the web site on port 80 - you are behind CGNAT and stuffed…
Possibly have a look at Cloudflare tunnel (Cloudflared in Docker) - this gives you http / https access with certificates. I used these instructions and it took less than an hour to get up and running https://www.crosstalksolutions.com/cloudflare-tunnel-easy-setup/ Note my TTL on the domain was set low to speed up transfer of name servers.
This also lets me access the sites directly using the full DNS entry even though my router does not handle hair pinning - no need for a local DNS server anymore.
Note the above are slightly out of date to the screen layout but in principal they work fine.
There is a small security concern - Cloudflare can intercept all traffic (even to/from https sites) internally - that does not worry me but your use case (or principals) may differ :-)
I’ve been using ICY BOX on an old 2012 Mac mini for years and would happily use Yottamaster kit for the same task. My third option would be G-Technologies.
Not keen on hardware RAID built into enclosures but I’ve had raid controllers AND software RAID fail on me before today.