The pi zero is good for small projects that don’t require a lot of compute, however I personally haven’t found it to be useful in a self-hosted context. Unless you really don’t care about performance, the low specs make it unsuitable for hosting most of the services you listed above

gluetun bundles a control server on port 8000 which you can query for the port number (don’t worry about openvpn being in the url path, it still works with Wireguard). In my bash script (running on the host system), I use curl to retrieve the forwarded port number and then do a POST with that data to the API of my qbt client which is running in another container on port 8080.

There’s a reason why most providers don’t allow that feature anymore

Yes, cheese pizza

It’s said that port forwarding is a security risk

Says who? Assuming a fully patched system/client and a properly configured firewall/network, I’d love to hear more about these “risks”.

Also, qBitTorrent works just fine without it.

Only if you don’t care about seeding

Based. I use gluetun with qbt and ProtonVPN (with port forwarding). Despite this being a tricky config, it was still pretty easy to setup. Can share bash scripts if anyone is interested.

I’m personally a big fan of bore. It’s easy to setup/use and there’s a free public instance operated by the developer.