I'm going to cast another vote for a reverse proxy, such as NginxProxyManager. It's really easy to set everything up, and they're usually very easy to run in Docker/Podman.
One thing to note: if you end up with a domain with mandatory HSTS, you'll have to use DNS-based certificate generation rather than HTTP based, since unencrypted HTTP is blocked (chicken/egg problem to get HTTPS working). It's not hard, but you have to be aware of that limitation.