I don’t understand what you mean with the content disappearing when you mount the virtiofs on the guest - isn’t the mount empty when bound, untill the guest populates it?
Can you share what sync client+guest os you are using? if the client does “advanced” features like files on demand, then it might clash with virtiofs - this is where the details of which client/OS could be relevant, does it require local storage or support remote?
If guest os is windows, samba share it to the host. if guest os is linux, nfs will probably do. In both cases I would host the share on the client, unless the client specifically supports remote storage.
podman/docker seems to be the proper tool for you here, but a VM with the samba/nfs approach could be less hassle and less complicated, but somewhat bloaty. containers require some more tailoring but in theory is the right way to go.
Keep in mind that a screwup could be interpreted by the sync client as mass-deletes, so backups are important (as a rule of thumb, it always is, but especially for cloud hosted storage)
Some of these you’re already doing, but writing a complete* list. *almost garuanteed not to be complete, suggestions welcome
lastly consider if these things need to be publically avilable at all. I’m happy with 95% of my services only being available through Tailscale (mesh VPN, paid service with good enough free tier, open source+free alternatives available), and I’ve got tailscale on all my devices