There are some apps which uses localhost port and nginx is made to do reverse proxy for these apps so that apps can be reached by a domain.
Do we need to open port for these apps ?
Opening ports for these app can be a security issue ?
I would say it depends of the app and of what you need.
By example for synapse we need to open the port 8448 for the federation connection (with TLS) but we leave the port 8008 (without TLS) closed because it’s just for nginx.
Except in a few very specific cases, you don’t need to open those ports. Only nginx is exposed to internet, and it’s better like that since your reducing the ways to be attacked.