Can you share what the final desired goal is? It sounds like your goal is actually to provide your services to Bob securely over the internet, is that a fair description? You mentioned eventually grabbing a domain, how do you feel about publicly exposed services with authentication? For instance, I use authentik in front of Jellyfin and paperless myself for a little extra authentication juice.
Try another search engine: https://xo.wtf/search?q=what+is+supply-chain+lock-in