Did you mean to send that reply to me?
I ask because I’m not quite sure what specific suggestions you’re looking for.
But in general, I would suggest not exposing port forwarding.
What services are running behind NGINX? What router/firewall are you using?
On a barely related note, that reminds me of this classic financial media segment.