But the attacker should know the internal and the external DNS. If the internal DNS doesn’t have any SSL certificate on its name, it’s impossible to discover.
By the way, I always suggest to reach services through VPN and use something like Cloudflare tunnel for services that must be public.
P.s. Shouldn’t public and private DNS be inverted in your curl example?
I use BookStack and with Node Red I export to PDF the books as soon as pages get updated, so if everything goes feet up, I have all the documentation in PDFs (locally and automatically uploaded to a free DropBox account, still done with Node Red).