I have somewhat of a similar setup. I use Nginx Proxy Manager and AdGuard Homes rewrites to do the same thing as you.
As for Question 1: Creating self-signed certs is pretty straightforward. I followed this tutorial by Christian Lempa: youtu.be/VH4gXcvkmOYHe also has a good writeup on his GitHub: github.com/ChristianLempa/…/ssl-certs.mdHow to import the certs into Nginx, I don’t know, but I think that’s easy to lookup online.
Regarding Question 2: My understanding is that all traffic goes through the Reverse Proxy.
I hope I could help, let me know if you have any more questions.