CF Access inconsistency?

I’ve been playingh around with Zero Trust for a while now and recently added CF Access to the mix.

I have a CF tunnel to my DO droplet with a few public hostnames on it. They are all on the same CF hosted domain and the domain is setup with CF Access (*.domain.tld) and Google as IDP. I have https set and TLSverify turned off.

For things like Portainer, Heimdall and some others I’ve tried it all works well. I get to login via Google and then I’m authorized for X days. But whenever I try to reach my Homepage (ghcr:gethomepage/homepage) it all fails and gives me a 502. The very same service is however reachable via :3000.

What am I doing wrong here?