Domain cannot reach homeserver

I have activated a domain about a couple of weeks ago,, set everything and checked multiple times in documentation, community and also reddit users, but no matter what, my domain cannot reach my homeserver. The A record is fully propagated, but none of the CNAMEs are.
If I disable Proxied, they propagate, but as I re-renable it, they’re back to invisible.

I have a x86 homeserver with OpenMediaVault6+Docker+Portainer

I have just changed ISP and they gave me a 4040 router.

I have installed PiHole as DNS server to bypass, otherwise my domain lands on router login page.

This is the screenshot gallery

Since Debian/OMV uses port 53 like Pihole, I first tried to disable it, but since it still didn’t work, I moved Pihole container to a macvlan network, and that’s the address that you see in the screenshots.
No other device in my network has that IP, no conflict.

Now /etc/systemd/resolved.conf looks like this


My OMV6 server is, hence all services on NPM point to that same IP

My chain is:

Cloudflare to my public IP (added Cloudflare DDNS service to keep my public IP up to date)


DNS server to Pihole IP (same on Windows and OMV)

In Pihole

DNS Records: = (-> Ip of NPM)


dash →

music →, and so on

In Nginx Proxy Manager

Proxy Hosts to their relative local IP+port →

When I try any of my (sub)domains I land on a CF error page:

Error 523 Ray ID: 713dd378cd42739f • 2022-05-31 06:59:18 UTC
Origin is unreachable

Cloudflare diagnostics tool gives all OK except these 2 errors:

Check the HTTPS status
Does the site respond with a succesful HTTPS status?

Error Found
No, your request failed with a response status of 400 or above.


Check the site for mixed content
Does the website mix encrypted and non-encrypted content?

Error Found
The site’s web server responded with a status code that isn’t 200 (OK).

But I don’t have a site or web-page with mixed content, just Heimdall dashboard for dash, Navidrome for music, Kavita for comics, Nginx Proxy Manager for npm and OpenMediavault for www.

NSlookup responds like this:

Server:  pi.hole

Risposta da un server non autorevole:
Addresses:  2606:4700:3030::6815:e6a

I’ve been told on Reddit it should resolve to my NPM IP, not Cloudflare’s.

Before doing all this, with a simple CF domain pointing at NPM with no Pihole, all my (sub)domains led me to the login page. My public IP was “my router”.

Pihole now works great as DNS server from my Windows PC, it traps a lot of ads, gathers stats and so on, so it has no problem by itslef, but it cannot talk to NPM or viceversa.

Is NAT correctly configured / port forwarding?

Maybe your ISP is blocking some port :thinking:

All ports that should be forwarded are, check linked gallery.
53, 83 for Pihole and it works.
80, 443 to 8088, 4443 for NPM and it seems to be unable to translate public IP to local IP from PiHole DNS server.

My ISP officially doesn’t block anything, AFAIK, it’s Ehiweb (Italy).

EDIT That landing to my router login page is a feature of itself, it’s “Access from internet through HTTPS”. I have disabled it (forgot to mention), but the only difference is that instead of login page, I land on Cloudflare error page.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.