My router is a Netgear Nighthawk X4S R7800 running OpenWRT 22.03.0. It's a beef

1. My router is a Netgear Nighthawk X4S R7800 running OpenWRT 22.03.0. It's a beefy little guy that does a fair bit more than I expected, and I'm thankful for that. My external/WAN IP address changes semi-regularly, but for the past while, it's been x.x.x.x. Internally, it's 192.168.1.1. My laptop is 192.168.1.200. I do have a third-level TLD to point to my router (whatever.privatedns.org) for icecast, which i can update when my IP changes. Easy to follow so far, right?
2.  
3. Here's what i did so far:
4.  
5. uHTTPD acts as my current server for OpenWRT. I've re-named the stock index.html file for logging in to luci as admin.html, since i made a small portal page for my LAN with links to things like weather.gc.ca, gas prices in the area, and other semi-useful tools. I used admin/network/firewall/rules/ to configure port forwarding such as the following:
6.  
7. Incoming from WAN to 192.168.1.1 on Port 20080, forwarded to 192.168.1.200 at port 80.
8.  
9. Incoming from WAN to 192.168.1.200 on Port 8588, forwarded to 192.168.1.200 at port 8588
10.  
11.  
12. So, what is it i want to do with my OpenWRT router?
13.  
14. I would like to keep the LAN portal page. I also want to be able to broadcast video to cytu.be, but that requires HTTPS as a URL video source. So... that means I need to get my router certified with HTTPS.
15.  
16.  
17. I also wanted VirtualHosts or mod-rewrite support so i can redirect services on different ports (such as icecast) to subdirectories (instead of 192.168.1.1:8000, it would be 192.168.1.1/icecast/, for example) With mod-rewrites, i was able to also include my laptop's test website via XAMPP (C:\XAMPP\HTDOCS) at 192.168.1.1/xoticpc/ instead of requiring x.x.x.x:20080 or whatever.privatedns.org:20080/.
18.  
19. I was told in #lighttpd on Libera.chat that VirtualHosts or mod-rewrite would do this, and LigHTTPd performs this function, but i found it tricky, and their help channel on libera.chat is run by an absolute moron that likes to kick people out for asking for advice, and staffed by even dumber trolls like gps that say to read the fucking manual, even when that's not applicable. so, quite naturally, i'm more than a little pissed off.
20.  
21. One thing I DO NOT WANT is that I DO NOT WANT LuCI's login page to be accessible to WAN. I love how uHTTPD shows "Forbidden <br> Rejected request from RFC1918 IP to public server address". LigHTTPd happily presents that login page to wan, and that's a dealbreaker. Yes, my router's password-protected. No, i don't take comfort in that, since brute-forcing passwords has been a thing for as long as passwords have been a thing. And other hackery is possible too, if not now, then eventually.
22.  
23.  
24. Right now, I'm able to perform basic video streaming to my LAN and my friends via port forwarding for RTSP-Simple-Server:
25.  
26. x.x.x.x:8588 for HLS (HTTP Live Streaming), x.x.x.x:8554 for RTSP (Real-Time Streaming Protocol), x.x.x.x:1935 for RTMP (Real-Time Media Protocol).
27.  
28. The program on my laptop that does this (RTSP-Simple-Server) has full support for RTMPS (port 1936), RTSPS (Port 8332)
29.  
30. Those ports are just forwarded directly to the same-numbered ports on my laptop.
31.  
32. HOWEVER, i can't stream to cytu.be since i lack an HTTPS certificate. I also want an ability to not have to put a port number into the URL to access my laptop page.
33.  
34.  
35. I did see potential methods of having both uHTTPd (for LuCI) and Lighttpd coexisting on port 80 in OpenWRT's documentation, but I haven't figured out how to get it to work.
36.  
37. do i need a first-level top-level domain, like whatever.tld instead of whatever.privatedns.org in order to get HTTPS certification?