Hairpin NAT is needed to allow access from your local network to services you are exposing over internet. If not set and not using sort of proxy, you won't access to those services.

Wrong solution

...(my) but functioning solution what I had before hairpin NAT. Skip this section, if you care about correct approach.

If you are using https://www.cloudflare.com/ as your DNS for your domain and using Cloudflare's proxy just for some of your services - you might notice access to those domains works fine from local vs the one's that goes directly (without Cloudflare's proxy) are not accessible while still you have access via internet.

You might set your DNS server as I did (I am using Adguard via docker compose) to rewrite your reverse proxy IP for specific domain. You need to be specific without using *.something.com wildcards. You have to avoid records which are using some sort of proxy (Cloudflare's)

Correct solution - Hairpin NAT

Assuming you have port port forwarding setup correctly.

NAT - Network address translation. Rewrites IP of device behind NAT to another IP.

Masquerade - Type of NAT. Supposing router has public IP, your computer on LAN has internal. Masquerade rewrites IP when your LAN device with internal IP access the internet so the target webserver see your routers public IP instead of internal one.

Resources

SmallData | Home | Victor Parmar

SmallData | Victor Parmar

Victor ParmarVictor Parmar