basic configuration to my homelab

Hi people,

For some reason I am kinda struggling with configuring my Cloudflare domain to my home based internet connection. I want to bind the domain to my wan ip. And than within Cloudflare I would create a sub-domain that should be set through to Nginx proxy-manager. Nginx then should forward the sub-domain request to the lan-ip and port-number of preference.

  1. T-mobile Zyxel router is the connection to the outside world. And obviously it has an lan ip-address
  2. The Zyxel lan is wired connected to my TP-link M5 mesh network. The TP-link wan ip is and the lan ip is
  3. The TP-link M5 lan is also wired connected to my Home-lab pc running Debian.
  4. The main-ip address of my Home-lab is

On this Debian I have installed Docker, Docker-compose and Portioner. The docker-container applications I have installed Nginx proxy-manager. Another container application is home assistant at port-number 8123.

I also like to use Nginx to guide certain requests to my domain / sub-domains to other ip address in my local network but I think I will be able to do so when I have the domain and specific sub-domains to land at my targets in my network.

The best result I have had so far is that it landed at a 403 page of Nginx (which was located at I think it my problem might have to do with the configuration in Cloudflare on my part and the given that it needs to follow the path of my wan-ip at my Zyxel router to my TP-link M5 access-point where the ip-range goes from 192.168.1.x to 192.168.2.x

Hopefully someone can see through the issue better than I did so far.



Jokes about your confusing choice of double-NAT aside, I find it is a lot easier to break down complex efforts, such as your current undertaking, into simpler components.

You mention resolving your domain to WAN IP and then talk about resolving a subdomain to your Nginx Proxy Manager as if that were a different IP. Assuming that you intend to access the subdomain from the public internet and you only have the one public IP, it will appear on the same public WAN IP as your domain. You will need to handle the port forwarding once traffic reaches your gateway device. Cloudflare can only help traffic find its way from thee internet to your WAN. Once it gets to your WAN, it is up to you to get it where you want it to go.

It is also important to understand that DNS entries intended for public consumption are not likely to match those you are using internally. You can engage in NAT reflection, and sometimes it can even make sense, but most of the time your internal and external DNS views are going to appear quite differently. That usually means that you will need to running your own internal DNS that is responsible for that interior view.

You mentioned that you have Home Assistant on port 8123. That port is not supported by the Cloudflare proxy. You could create a :grey: DNS Only hostname and use that port, or perhaps you can use Nginix to proxy it within your LAN from one of the supported ports. How to do that is probably more of a Home Assistant question than a Cloudflare question, though.

See if you can break your challenge into more succinct components. That way you can ask specific questions about your Cloudflare settings and we can help you answer them. You may need to send some of your questions to a forum that is geared more toward general LAN topics. I don’t have any suggestions, but other Community members may be able to share some of their favorites.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.