When I cruise around the net I sometimes use Mullvad as an ass-guard.
When I connect to my own server I have SSH, and if I ever need to access a local port I use port redirect over the SSH tunnel.
As a backup of a backup, if I am at a site that blocks access to remotes on port 22, I have sslh running on port 443 in front of my nginx, intercepting TLS for nginx, SSH and openVPN (running in docker) all on the one port, so I have options...