Using ESXi as a hypervisor , so I rely on Veeam. I have copy jobs to take it from local to an external + a copy up to the cloud.

You’ll be ok as long as whatever software you’re running that is listening to 80 and 443 never has an exploitable vulnerability, if it does… you may be in trouble depending on the vulnerability.

Or be careful of the service on the other side of your (I assume) reverse proxy, should it have a vulnerability you may still be in trouble depending on the setup of the reverse proxy and what it’s config is.

Would 100% go JellyFin vs Plex, also toss in some sonarr/radarr automation and organization. Everyone should have some kinda media streaming server, even if its just kept in house.