Somehow, there are still plenty of misunderstandings or misconceptions.
It depends on the configuration. Nothing that can’t be adjusted.
That depends on the application. For a web server app like Nextcloud, the ports are 80/443. Other applications use their own or different ports. For the apps we provide via dietpi-software, this information can be found in our online documentation.
With MyFritz, you can also forward more than just port 80. I can easily activate MyFritz on my FritzBox and still forward ports 80 and 443 to a backend device. Importantly, you can forward a specific port to just one device.
Ports are always forwarded to a single device only. Not to the entire network. In other words, only that one device does not have SSL. But even that can be easily sorted out in a web server application like Nextcloud using dietpi-letsencrypt
dietpi-letsencrypt can easily automate this. You can also configure it so that requests on port 80 are automatically redirected to port 443.
Nothing is holding you back, except yourself
I’ve already mentioned that above. An SD card is the worst medium for continuous use.
Just to give you an idea of how to secure a Nextcloud instance via HTTPS and make it accessible on the web. It’s a bit old now, but it provides a good insight. The bit about DDNS isn’t quite accurate anymore, but that shouldn’t matter in your case as you’re already using MyFritz for DDNS.