The two pieces of software have very different topologies.

In very broad strokes: Something like FunkWhale uses a server-client model. To get to it, you connect to it remotely and you need some way to get there. By contrast Syncthing behaves as a mesh of nodes. Each node connects directly to the other nodes and the syncthing project folks host relays that help introduce the nodes to one another and penetrate NAT.

No, you may not need a paid domain to use your self-hosted FunkWhale server (I haven’t dabbled with that service in particular). There are a few options.

1. You could probably use the direct public IP address or alternatively
2. Use a dynamic DNS provider (like afraid.org) to resolve your IP address
3. Use a VPN on all of your clients and use local DNS to resolve your FunkWhale server’s local IP address.

These all assume that you have a public IP address on your router and not one that’s being NAT-ed by your ISP.

Again, these are very broad strokes, but hopefully it helps point your in a direction for some research.

There’s definitely nothing magic about ports 443 and 80. The risk is always that the underlying service will provide a vulnerability through which attackers could find a way. Any port presents an opportunity for attack; the security of the service is the is what makes it safe or not.

I’d argue that long tested services like ssh, absent misconfiguration, are at least as safe as most reverse proxies. That doesn’t mean to say that people won’t try to break in via port 22. They sure will—they try on web ports too.

I’m not sure if this what you’re after, but it sounded to me that you were describing monitoring. Might be worth your checking out librenms or zabbix or checkmk. Those would give you a good overview of the health of your stuff and keep track of what’s where.