Yes.
If you expose your reverse proxy’s port 80/443 to the outside you have exposed all your reverse proxies services too.
A good approach would be to use an upstream reverse proxy (ie a layer 7 router, on your router/firewall) to forward only domains you want exposed to that port.
You may not be able to do that, in which case forward external 80/443 to a different set of ports 81/444, and setup your load balancer to handler those ports differently
OK I didn’t expose 80 and 443 directly, I redirect them to other port and use these other ports for Nginx Proxy Manager. Not sure if it’s the same as you suggest. I have an OpenWRT router, so I should be able to do some advanced settings, if I find a good tuto how to do it. But I will be moving to a Turris Omnia soon, still OpenWRT in the backend but with different UI. I could take the chance of this change to improve my setup.
How does external traffic get to those ports? Just a port forward?
Of course it’s a DNS name. But when you’re coming in via VPN, it’s the same local IP address.
To throw a couple more pennies in here:
I’m both a QNAP and TrueNAS user. Both systems have to be learned.
Migrating through FreeNAS to TrueNAS all I’ve seen is the interface becoming more user friendly. The documentation is very comprehensive, the pop-up help is more informative and the community is very responsive and helpful.
Oh, yes, and this massive resource is free to community users. QNAP?
So take a thought to what you are accessing here as “free” Google scrapes your life and goes on to sell it and QNAP / Sinology slide dollars out of your pocket for a given solution that lacks the power of TN.
I’m sure your will come to love your life as a TN user with all the occasional wrinkles 
