With my old setup: the fact that my public IP address wasn't "mine", it didn't lead to my router so I couldn't do port forwarding and expose anything publicly - instead it routed to my ISPs infrastructure and thus any inbound traffic that I wanted to reach my servers at home was dropped.

Thus I used WireGuard to make a tunnel between my local homelab server (outgoing connection) and a VPS that I rented, which could then forward any traffic it receives on port X to the same (or a different) port of my local server through the tunnel. Of course, the wording I use could use some work, networking isn't my forte.

I also use some dynamic DNS (ddclient is great) in places and Let's Encrypt for TLS certificate renewal, no complaints there.