If tailscale is your preferred method to access your network from outside your home it’s one of the most important parts of your setup, in terms of both security and functionality.
Luckily, overlay VPNs like tailscale are pretty easy to set up without glaring security problems, but you definitely want to triple-check you aren’t messing things up. The thing is, you don’t know what you don’t know, so you might not realize if you make a mistake. But like I said, it’s pretty hard with those types of setups.
To actually answer your question though, I recommend you get one or two containers working locally and then figure out how to access them from your tailnet before you dive in and set up your entire stack. Docker adds another layer of complexity when it comes to accessing things so I recommend you get it right and then deploy and test each container individually.
Don’t set up 10 containers and then try to see if they all work, go steadily and deliberately, checking to make sure each works, and then snapshot your functional setup before you start using it heavily.
Don’t forget to plan for backups and updates.
You mentioned immich somewhere, I think that’s a good one to set up. Don’t throw your entire life’s photo album at it at first, but it’s really good to test a variety of functions and transfer speeds.
Oh yeah… And TAKE NOTES about your setup. Like, for each container, make notes of how you set it up and why. Trust me this is REALLY important for maintaining your stuff. If you go down a rabbit hole for two days and find a couple forum threads that lead you to how you need to modify the configs for your use case, a year from now you will have forgotten everything.
Document, document, document.