I read your post and contemplated how I’d do things myself, until I came to the end,
That made me laugh, we may know each other only via the forum, but you got me there
I may have to read up on NPM and try it out, it gets mentioned more and more often. My solution so far has been: throw more money (in limited amounts, or actually, IPs or VPSs) at the problem. With the risk of letting you down: I have no suggestion for your question!
Only one IPv6/128? That’s almost criminal…
IPv6 is supposed to be handed out in at least /64. I found a (very old) discussion on whether Kimsufi actually hands out /64 or not (they should to prevent trouble: if any IP out of the gazillion addresses in a random /64 behaves badly, that whole /64 gets punished by blocklists)
If indeed you can use the whole IPv6/64, regular access without a reverse proxy is a lot easier. I run some Yunohosts with IPv6 only, but with Github still in the second half of the 20th century and lacking internet connectivity outside of IPv4, installing apps gets frustrating at times.
The diagnosis supports ‘deviant’ setups with the ‘ignore’ button (“If you can figure out how to set this up in that way, you probably know how to monitor it yourself as well…” ), but it would be nice if we could extend the diagnosis with custom checks for such occasions.