I solved the same problem you’re having with Cloudflare tunnels. I added a tunnel to my docker/portainer host and then added services via that tunnel. I did buy a domain name through them to facilitate, but worth it imo. Vastly simpler than dealing with port forwarding and all the fun stuff you need to do with your router. Hope this helps
Edit:wrote this before reading your last line. Cloudflare tunnels simplify the process of dynamic dns, port forwarding, and https on apps that don’t support it.
I do exactly that, enable nesting in the lxc container, install docker and go from there. It works great