I host a few docker containers and use nginx proxy manager to access them externally since I like to have access away from home. Most of them have some sort of login system but there are a few examples where there isn’t so I currently don’t publicly expose them. I would ideally like to be able to use totp for this as well.
Have you considered Cloudflare as tunnel to access your server services? It’s another layer of security and you don’t need to open any port. Also there are plenty of tutorials on how to do this.