To add a bit: With VLANs you can have several ‘virtual’ cables inside of a real (physical) cable. You probably don’t need it in a home setup, I’m not sure. It’s for use cases like you just have one ethernet port or one cable running through the wall, but you need two (or more) entirely separate networks on the other side. Like the telephone network or the seperate server network along with the normal network, all over one cable. It works by tagging all the network packets. In the end it’s just a number that gets attached to the packets and the other side knows how to handle the packets with those additional numbers attached to them. And it can send them out through different ports again.
At home, most people just have one network, so that kind of functionality isn’t needed. Some people put their TV set, NAS or the smart home devices or their home office and/or guests in different networks so the devices can’t mess with each other. A VLAN might be handy for those kind of things. And OpenWRT has VLANs, too, since there are two separate networks attached (as with every router). In this case the WAN side, going to your ISP, and your LAN. If you have a router with like 5 ports on the back, you can map those to either port if you change the VLAN settings. The labeling (WAN/LAN) from the manufacturer is just the default with OpenWRT.
Whatever floats your boat. If you don’t need it, you don’t need it. I have some services exposed to the outside on the standard port and I need a reverse proxy to make that possible. It also does the https with letsencrypt certificates. It’s a bit more comfortable managing them all in the reverse proxy. But I also have some webinterfaces of other less important software that is fine running on some IP on port 5100 and I don’t worry configuring something to change that. I don’t think there is a “should” unless you need to encrypt the traffic or expose that service to somewhere. And it’s also not wrong to do it.