Anything I don’t share with other users (ie the stuff I host for just me) isn’t accessible from WAN. Instead I host OpenVPN so my mobile devices are kept within my LAN and securely accessing my services. (also keeps them behind pihole for adblocking and local DNS records)

Is there a reason you cannot accomplish this with a selfhosted VPN?

Exposing anything has risk. Risk of loss of data, your systems being used for other attacks, and loss of time/money to fix. It is entirety possible to do this as safe as practical of course- keeping your stuff up to date and having some kind of visibility into intrusion detection for immediate response are ways to minimize issues.

I have been running Owncloud since 2011 without any reverse proxy and it’s been fine.

I’m still on an old version because every time I have tried to upgrade it, it has fucked up, and i’ve wasted loads of time getting it back running again. New versions /should/ be better I hope!

Pick decent user passwords, protect it with SSL, and have a local firewall on your server that only allows required ports though (80 and 443), and you should be fine.

I take a backup of mine now and again, but it’s quite small - only about 50gb.

https://doc.owncloud.com/server/10.13/admin_manual/configuration/server/harden_server.html You can start by checking out that URL

„Only“ revserse proxy no. You need more. Https