As others have suggested I would stick to internal only until you’re comfortable. Dealing with automated port scanning from all over the globe is a nightmare if you aren’t running a tight ship, and a collasal headache to deal with if they get in. I started with pihole, jellyfin, and some other simple docker services. Check out linuxserver.io if you go the docker route, they have good prebuilt compose files for you to use and the community has good info on their forums. You don’t need a domain but it’s preferred if you want to host something public-facing. Make sure you have fail2ban configured if you open stuff up to the web, it makes dealing with the automated attacks easier.
Scanning isn’t a problem, it’s when someone gets in and sets up a c&c client that you’ve got issues. If you have open ports and out of date software, or bad password practices, it’s only a matter of time before someone turns automated port knocking into embedding malware in your printers and IOT devices.