Not really, you can use DNS to point YouTube.com to an iP you control, but the problem is that you will get TLS issues. It won’t redirect the hostname, but just the IP address. You could use a custom CA and sign YouTube.com certificates, but you will likely still have problems if you use Chrome because they will be pinning certificates for Google services, and your mobile applications will also pin the certs so your mobile YouTube will stop working completely.

Stick your services in a DMZ. It’s easy to setup with PFSense. Don’t allow traffic from your service to anywhere that it shouldn’t go. If your API contains any vulnerabilities, they could be abused to pivot into the internal network. Now, it’s not likely, but it’s certainly possible. Especially if those APIs are from someone open source project or something, if a vuln gets discovered it’s likely to be targeted en-mass.

If you run an exit node, while it is legal, you will likely have to do deal with the police knocking at the door from time to time.