Can't agree on the NLB part. Everyone should be using ALB by default, and only reach for NLB in very specific cases (you'll know when), in my humble opinion having worked with AWS for 8 years and being a certified architect.
Enable the dropping of invalid headers, enable HTTP/2, let the ALB terminate the TLS, and you'll see benefits even if your full backend isn't HTTP/2 enabled and you'll have eliminated a whole range of other headaches you no longer need to manage. It's one of the most reliable services AWS has.
Book co-author here. (Not article author.) The recommendation is based on the multi-tenant behavior of NLBs (no need to warm up the LB to handle traffic spikes). If you need any ALB features, use ALB. Otherwise, NLBs give you one less thing to worry about (and slightly cheaper and faster too.)
Enable the dropping of invalid headers, enable HTTP/2, let the ALB terminate the TLS, and you'll see benefits even if your full backend isn't HTTP/2 enabled and you'll have eliminated a whole range of other headaches you no longer need to manage. It's one of the most reliable services AWS has.