If it’s only you (or your household) that is accessing the services then something like hosting a tailscale VPN is a relatively user friendly and safe way to set-up remote access.
If not, then you’d probably want to either use the aforementioned Cloudflare tunnels, or set up a reverse proxy container (nginx proxy manager is quite nice for this as it also handles certs and stuff for you). Then port forward ports 80 and 443 to the server (or container if you give it a separate IP). This can be done in your router.
In terms of domain set-up. I’ve always found subdomains (homeassistant.domain.com) to be way less of a hassle compared to directories (domain.com/homeassistant) since the latter may need additional config on the application end.
Get a cheap domain at like Cloudflare and use CNAME records that point domain.com and *.domain.com to your dyndns host. Iirc there’s also some routers/containers that can do ddns with Cloudflare directly, so that might be worth a quick check too.
Walk in, press on button, hang up jacket and get stuff out of bag, type in password, grab coffee.
That’s a pretty common morning pattern I see.