Figured I’d give Netbird a go, glad I did because I can self host extremely easily by using the new services feature.
You specify a subdomain, point to a peer, specify a protocol and port, and you are good. NetBird fetches you the certificate and your site goes live fast.
I can use my Immich with my mobile data now.
Edit: Note that I choose to self host NetBird, and haven’t really used the service they provide all that much.
I don’t think so in your case. From their docs these features are only available for self hosted instances, so you’d have to host Traefik instead of Nginx and end up with a similar config as your current one.
Netbird/Tailscale are at their heart private LAN that you control that routes over the internet. They have some features on top to make DNS/TLS/Services/Tunneling easier. OP is using a service to allow external access to a host on their LAN.
If you wanted to hide your home IP you could either use something like Defelct or Cloudflare as a reverse proxy, or host your own reverse proxy on a cloud provider (either Nginx like you currently are, or Netbird’s reverse proxy UI) and proxy it back to your local server over something like Netbird/Tailscale.
DDOS/Scraping protection would depend on the method you choose.