(removes complexity of hairpin nat)
Why? Tell me, why do you say these things?
What's complex about:
/ip firewall nat
add chain=srcnat src-address=192.168.10.0/24 dst-address=192.168.10.0/24 action=masquerade
This is your whole complexity in all its glory.
Ok, if you want, you can play with it more. You can add out-interface=<LAN> if you want, even though packets to LAN subnet won't go elsewhere anyway. But maybe the rule could look more clear to you with it. Or if your heart can't take that you'll be trying to masquerade even router's own connections to LAN (if there are any), you can add src-address-type=!local. If you hate that in server's log, you'll see for all connections from LAN source address 192.168.10.1, which is wrong, because it's the router and router is not connecting to your server, it can be solved too. Ditch masquerade and use "action=src-nat to-addresses=<your public address>" and you'll see all LAN clients in log as if they are coming from <your public address>. You won't be able to tell one from another, but if they are connecting to any other remote server, they are hidden behind common <your public address> too, so that's kind of normal. If you don't have static address and still want this, just put any other address in to-addresses. Completely random, anything you like, and it will work too. But remember, all this is completely optional, even the rule shown above is enough.
The only other thing you need is correct dstnat rules. So no in-interface, but:
/ip firewall nat
add chain=dstnat dst-address=<static public address> protocol=tcp dst-port=80 action=dst-nat to-adresses=192.168.10.13
or if you have only dynamic address:
/ip firewall nat
add chain=dstnat dst-address-type=local dst-address=!192.168.10.1 protocol=tcp dst-port=80 action=dst-nat to-adresses=192.168.10.13