In my experience, containerization has made self-hosting most software a breeze. The biggest pain points I've come across are related to network architecture and security. I've frequently run into issues with certificates, proxy setups, DNS, etc. It seems like much of that stems around how many modern web concepts were not designed to easily support offline-first environments. Then again, that stuff has never been my area of expertise.

For me I've decided to just have everything behind a VPN. Tailscale and Cloudflare tunnels make this quite easy to set up, dealing with ddns and CGNAT for you.

The upside is the security risk is massively reduced, an attacker would have to exploit both the VPN and the service behind it, both of these in theory being secure anyway. The downside is obviously that you require installing a VPN client to access services, but if it's only you using the server this isn't a huge deal.