I host all my services on three VPSs at NetCup. Except for the Tor relay, no service is directly exposed to the public. Because of that, everything — UDP/TCP packets and HTTP(s) requests — is routed through Caddy, which either forwards the packets/requests to the appropriate container or serves static files directly.