The easiest way for the VM to reverse proxy stuff to my home server (without tracking my residential dynamic IP and messing with my router / NAT) is for the VM to be on tailscale too..then I can just proxy calls on the VM to the home server's tailscale address.
If you're asking why I bother to use tailscale on my phone to connect Jellyfin that way instead of just using the reverse proxy, I guess it saves me a little in bandwidth costs and it pings faster.
I suppose that makes sense... I guess tailscale doesn't need NAT config?
I have a dynamic IP in theory, but if I keep the router plugged in with less than 30 minutes downtime, I can keep the same IP for years.