get Wildcard DNS, point it to the public IP of your NAS
deploy the ssl cert (containing your main domain and sudomains for your docker containers)
configure reverse Proxy in Synology configy proxying requests for the subdomains to your docker container (you can enforce only local access to certain services too)
Static route or local dns (Pihole) to redirect local requests for your public ip to the private IP of your NAS
Get a 10GbE nic and OpenVswitch