It's mostly so that I can have SSL handled by nginx (and not per-service), and also for ease of hosting multiple services accessible via subdomains. So every service is its own subdomain.
Additionally, my internal network (as in, my physical LAN) does not have any port forwarding enabled
everything is over WireGuard to my VPS.
Just use your $200+ Fluke to check the batteries, problem solved.