here you mix different things. some integrated mechanisms like aquiring LE TLS cert using ACME protocol require the system require the system to be (partly) accessible from the internet. And your internal system can’t be accessible from the internet reverse proxy comes into play and acts as an intermediate party forwarding requests from outsinde into internal network.
DNS internally resolving to a local IP is perfectly valid installation as long same public domain (validation) is accessible externally - see 101: Split-Brain DNS (split-horizon)
many different installation variants exist… AiO is addressing SOHO segment and is limited to 100 users… Enterprise installation with more than 100 users and support contract would likely prefer dedicated hardware especially when adding more resource demanding functionality like Office and Talk