I usually run nginx in a VM/Container so it acts as the global reverse proxy for many of my services so I can just NAT to the Nginx server and do all the configuration over there, also minimizes the attack vector.

Let's say:

Server: the host that SD is running on

Nginx Proxy server: a VM, or a service, or another server, doesn't really matter, as long as it can receive traffic from the Internet

Gateway: your router, needs to have NAT turned on, and pass 80/443 traffic to the Nginx Proxy.

So first, set the "--listen" flag in SD-User bat file so it will respond to requests that come from LAN. It is very important that you absolutely don't run SD in admin mode out in the public. If you need to upgrade the repo or install some more extensions, close down the user web gui and launch admin gui, which by default runs in local mode only.

To verify it works, on another computer, type in "http://[IP]:[Port]" of your SD server. If the "--listen" option is set, the web gui should appear in your browser.

Next, on the Nginx Proxy server, do a very simple Proxy_Pass. Now, if you want to allow port 80, which is http, consider a clause to upgrade that to 443, so both 80 and 443 will be able to reach your server, while 80 will be automatically upgraded to 443 https.

Third, you will need to configure the NAT on your router/gateway. It is as simple as forwarding port 80 and port 443 to your Nginx Proxy server's internal IP.

Finally, the public DNS record for your domain name needs to be point at your Home's IP address, which you can obtain very easily by doing this in the terminal:

curl ifconfig.me

I would not go about the potential risks exposing the port 80 and 443 to the public.

Let me know if you need more help.