If you were self-hosting a VM that's to be public facing (like MeshCentral, NextCloud, etc.), would you bother with also setting up a separate VM as reverse proxy server for that traffic?
I would say "yes." Even if you're just proxy-ing traffic for only one server, you would still want the single ingress point for external traffic.
I think of it like virtualization. Even for a single server you still install a hypervisor on the bare metal. There's no downside to the one server being a VM and if if you add servers in the future, you just spin up more VMs. In the case of a reverse proxy, if you find yourself hosting more stuff, you can simply add configs to your reverse proxy and manage TLS certs in one place as well.