It is very possible to do this! What you need to do is to rent a low-end cloud VPS. Even a 5.00 digital ocean droplet running Ubuntu Linux would do the trick. Then you run an NGINX Proxy Manager reverse proxy with a WireGuard tunnel to the machine that will act as a server for your instance. From there you, you simply set up Let's Encrypt certificates to use with your intended domain. Even though I am not behind CGNAT, I do this and it works very well.
EDIT: If you intend to do this entirely in open source and need some help, I'll offer it. I am pretty passionate about open source and helping others out along the way.