This became soooo much easier with the latest versions of Let's Encrypt
Not using their wild card certs yet, though I'm kind of a perfect candidate for it. The initial cert grab isn't bad, but its the short RENEWAL time that's a pain. If there's a better way than certbot to do that, I'm all ears, cause its a right pain in the ass for someone who lives and breathes web development... gotta imagine its borderline for non-tech people beyond "run these series of commands and pray".
One thing to watch out for when working the way you suggest - it is great when everything is on a single machine. Not so good if you later decide to split things up because you are still using HTTP over your network. Not a massive issue for many people but still a consideration.
I treat my local network as trusted here. Don't have much to protect anyway, and if someone got in far enough to MitM traffic, I'd be completely owned already anyway, with much larger problems than my home automation system. The added complexity of other security measures I could add around it wouldn't really give me much here.
Docker is daunting if you've never used it before, but it has a lot of advantages. It has paid for itself in spades for me personally on updates / restores / system stability and cleanliness. Admittedly though it scratches an itch for me in that I like to keep my systems as clean as possible, and nothing keeps it as clean as Docker (because any program I uninstall or upgrade, all its dependencies go with it, so there's no worry of left over crud on the main system, which stays pristine). I use it a lot as a developer when running stuff like Redis, RabbitMQ, and various other pieces though too, so I'm fairly familiar with it.
The best piece of advice I can give on docker is this: Script all your docker commands in bash scripts. I've got a template I use that wraps up installing / updating containers that I just write my 'docker run' command right into (one day I should really explore docker-compose), and it makes my updates literally a one liner. If you are trying to build a docker command every time you update, its a pain. Better to save that command for later so you can just rerun it.