Internet rate limits in overlay-networks like ZeroTier

[frostbyte]

Finally, I found a solution. Split-DNS is the way to go. Essentially, I hosted a DNS-Server on my LAN to overwrite my public DNS records that'd point to Zerotier addresses to the local addressees. This DNS server is configured on the clients in my network through DHCP. That way the reverse proxy is also not used in the LAN anymore. It wasn't easy to setup on the QNAP and a AVM Fritzbox due to tons of issues like DNS ports were already in use on the NAS, bridge networks could not be created by portainer but had to be created in the native container station QTS app, DHCP settings were not applied until the router was rebooted and like 20 more issues. I use unbound as DNS server. bind9 was way too complex for this. unbound is way too much, either.
That way Jellyfin won't receive requests from ZeroTier IPs within the LAN anymore. So I can fully use the rate limits now.
FYI: Some services (not Jellyfin) are also tunnled via cloudflare (Zerotrust and Access) behind an identity aware reverse proxy where I can whitelist people based on their E-Mail address. Jellyfin would work that way, too but is probably against their TOS. Accessing my apps within the LAN, from the Internet both with Zerotier enabled and disabled works as intended and can be accessed with the same domain name everywhere, now.
I am very happy. Maybe that helps someone else, too.