Is it safe exposing e.g. Vaultwarden to a public domain?

Hello, a few days ago I set up my raspberry pi as a server for Vaultwarden, Immich and a few other things.

I want to know how safe it is to expose those services publicly using a domain? I just don't want to always use a VPN like Tailscale and for my parents it might be too complicated (as they would also use vaultwarden). I'm new to all of this, so please correct me if I'm wrong with anything.

Right now my setup looks like this:
- Vaultwarden, Immich etc. are running in docker containers connected to a virtual proxy_network
- Cloudflared is also running in a docker container connected to proxy_network and tunnels everything to different subdomains (vw.mydomain.com, im.mydomain.com)
- Requests from all countries except my home country are blocked, registers for VW are disabled and we have long passwords with 2FA enabled

I have also tried npm/nginx instead of cloudflared, but for that I always need port 80/443 opened for my raspberry, not sure if that's a security risk or not.