I myself will answer the question I had regarding not exposing Bitwarden port 443 to the internet.
I have created a rule in the Firewall (pfSense) that allows the exit of the secure port 443 only from the internal IP address of my self-hosted Bitwarden server (192.168.2.115) without the need to open said port to the internet. Said NAT/Port Fordward rule is managed by the Proxy Server incorporated in pfSense.
I hope it will serve as a reference for other people who have questions about how to maintain Bitwarden’s internal ports (80, 443) without having to open ports 80 and 443 to the Internet in the Router (I use a pfSense as Router and Firewall).
In the event that self-hosted Bitwarden’s internal ports were changed during the initial Bitwarden installation, this solution should work just as well by simply opening the necessary ports on the Proxy Server (for Bitwarden’s internal IP address only).
Best Regards to all 