weischinB
Whitelist your local network using the CLI as such -
nordvpn whitelist add subnet 192.168.0.0/16
Replace the IP with your subnet.
Cloudflare tunnels will proxy your connection so I don’t think you can do both tunnels and NordVPN together.
If you want to stick with AWS, try WorkMail for incoming/outgoing and SES for outgoing to large group.
You can use Let’s Encrypt DNS authentication to get an SSL without using any ports. The idea is to insert a CNAME of a string of text to your DNS to verify that you own the domain, thus getting the certificate issued. Google for that and there should be a guide for the OS that you use.
The only easy way is to have customers transfer payment directly to your bank account. Other than that, dealing with credit cards, frauds, audits, chargebacks, etc… will be more than anyone can do as a “side project”.