„Inspired“ from https://lemmy.world/post/287146 and many related questions (also on reddit before).
Why don‘t people like opening Port 443 on their Homerouter? An open Port itself is not a vulnerability because nothing is listening on it, therefore there cannot be any connection established. When forwarding Port 443 From Router to e.g. The Homeservers LoadBalancer / Proxy, this Proxy is the final resolver anyways.
So why doing the more complex and more error prone Route via the VPS / Tailscale / CloudFlare?
I did that some years ago too, but just because i did not have an static IPv4 at home. But speeds were awful and i switched to Routerport + DynDNS and now everything is super performant.
I am confused by this question, if you forward a port then the only device you should be interested in is the device you are forwarding to surely? If you are worried about devices on your network, then surely since they are already on the network side of the router and so if they were going to do something nefarious then opening a port is the least of your worries.
Honestly trying to understand the point you were trying making.