I need some help to possibly find a new correct TP-Link router model. Describing my current problem with Deco M5 below.

I have a local mesh network and home automation server (Pi5, Node-Red) which I'm accessing both from locally and externally. To have a better security than just NAT and userId /password, I have now built a reverse proxy in the same Docker as the server. Proxy also implements SSL traffic. My wish is that accessing the server externally (only port 443 is open) I need to give userID and password for the proxy, but accessing the server via proxy internally (still using the same domain name xyz.tplinkdns.com) the credentials would not be asked. That should be possible by configuring the proxy so that it identifies the ip-range coming internally and bypassses the security. I didn't succeed on this conf and I have understood that it is because of the way M5 does the NAT. I.e. the proxy thinks all traffic, even internal queries, are coming from external wan and therefore allways requires credentials. Also I considereed to use Pi-hole in raspberry but that requires M5 to accept local adress as the DNS server, which it doesn't. Alternatively the DHCP server should be removed from Deco and let PI-hole act as DHCP server. No sucess as DHCP server cannot be removed from M5. 

(I should mention that the proxy and the server are in same docker network and server has no exposed local IP so I cannot just access it by it's local ip. Only via the proxy.)

So, I'm stuck. Even if my M5 mesh nework has been good enough for me until now, I suppose I need a mode advanced Deco model as the router. But there I would be happy to receive some help. What Deco model would be suitable for my needs? So, notrequiring much more but a bit more advance options to configure the router.  I know there are other type of routers but in this case I like to see first if some Deco model could offer what I need. Even better if I could reuse my current three M5 as the mesh units either via LAN port or wifi. For many IoT solutions a 2,4GHz wifi is also needed and preferable with separate SSID's for 2,4 and 5GHz networks. 

Thanks in advance.

Pete