How can I make synology reverse proxy work inside my local / private network and/or over VPN (and do I need to?)?

I have a Synology NAS accessible inside by local network over direct IP and URL:

https://192.168.5.10
https://cloud.local

I have docker running inside my synology NAS with some applications working on different ports. For example, when inside my home local network, I can access those apps with these URLS:

APP 1 accessible over: http://192.168.5.10:9000
APP 2 accessible over: http://192.168.5.10:9500
APP 3 accessible over: http://192.168.5.10:9800

I also have openVPN configured, so when away from home, I can connect to it and use the above URLs to access those same APPs.

This way I don't expose any port on my router other than openVPN. But despite my NAS being reachable only on local network or over my VPN, I want to add another layer of security by accessing those APPs over https instead of http, adding a layer of SSL encryption on top of my setup.

For that, I understood my Synology NAS has a reverse proxy feature which could serve me those APPs over https. I have thus added the following configuration in my Synology Application Portal > reverse proxy interface:

SOURCE
Protocol: HTTPS
Hostname: app.cloud.local
Port: 443

DESTINATION
Protocol: HTTP
Hostname: 192.168.5.10
Port: 9000

I was hoping then to be able to use my browser and visit https://app.cloud.local and get a secure access to my APP1 at http://192.168.5.10. Instead, nothing happens, the page tries to load and simply hangs without doing anything.

Maybe I am understanding the networking wrong, but it seems my browser can't translate https://app.cloud.local into anything. What am I doing wrong? Thank you.

You need to have the DNS server running with the domain pointing to the internal IP's, and of course your devices using the Synology as the DNS server. That way it will find those domains locally first. This is exactly how I do it