Cloudflare Tunnel is a must have
For anyone who is doing self-hosting, the question of how to expose your services to the world is important. People talk about DDNS, DMZ and things alike. But I would like to recommend Cloudflare Tunnel.
Cloudflare Tunnel | Cloudflare Zero Trust docs
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do not send traffic to an external IP — instead, a lightweight daemon in your infrastructure (cloudflared) creates outbound-only connections to Cloudflare’s global network. Cloudflare Tunnel can connect HTTP web servers, SSH servers, remote desktops, and other protocols safely to Cloudflare. This way, your origins can serve traffic through Cloudflare without being vulnerable to attacks that bypass Cloudflare.
Basically it gives you a way to expose your services to the world, without making your port public.
What's more, it is a free service.
I have been using it since I worked on building services on my OCI instance (see my previous post if you don't know what it is or how to get one).
Journey of Self-Hosting (3): Get your cloud server, for free
Get your free (and powerful) VM from OCI
ycsh
Also, make sure you check out how to tunnel your SSH too, so that you don't even need to open your port 22 in order to SSH into your instance.
SSH | Cloudflare Zero Trust docs
The Secure Shell Protocol (SSH) enables users to remotely access devices through the command line. With Cloudflare Zero Trust, you can make your SSH server available over the Internet without the risk of opening inbound ports on the server.