Some synology security questions

I really appreciate the work you do on synology.
I have some questions,
1)how do I make the custom domain local with ssl protection. I followed the procedure and from the outside everything works with port forwarding. But I can’t from the internal network (LAN).
2)When I activate the VPN it is not possible to access from the outside since the gateway changes since the automatic DNS IP also changes, can I solve this?
3)how can I make the “web station” application secure when I connect from outside?
I have set a password in htaccess, can you give me some advice?
AuthName “MY”
AuthType Basic
AuthUserFile /…/.htpasswd
AuthGroupFile /dev/null
require valid-user

Thank you
Best regards