I run a docker home assistant install and use the SWAG container to act as a reverse proxy for secure access to home assistant. Here is a guide how to set it up.
You port forward ports 80 and 443 to the machine running swag - then the proxy will work both when you specify http:// and https://. If you specify http://, the proxy will automatically upgrade it to https:// based on the nginx config in the attached guide. There is no need to port forward 8123 to home assistant through the router, and you should not do this anyway when a reverse proxy is used.
Whatever proxy you use, if Pihole is on the same machine, ideally you will need to get its web interface off port 80 so the proxy can use it. Otherwise, you must make sure you always use https:// to access your domain as http:// won’t work. I run adguard, which pretty much does the same thing as Pihole, and does not need port 80 since you can access its webUI over port 3000 instead.
If you want to keep pihole, there appears to be a file you can edit to have its UI off port 80 and set it to something else (like 8080 or whatever)
https://www.reddit.com/r/pihole/comments/dhit3y/disabling_port_80_web_interface/