Timeout when LOCALLY attempting HTTPS access to an NPM proxy, but works REMOTELY

[forestial]

I have installed NPM on Docker on a Raspberry PI (Bookworm) system.
I configured a proxy to point to a Flask-based service that I have running on the same PI. The Flask based service uses port 5050 and it uses HTTP only. I can access this HTTP service from a curl command on the PI, or from a browser on another machine on the local network. I can access the HTTP-based proxy locally or remotely.

My problems start when I change the proxy to use HTTPS. I used NPM to create a Lets Encrypt certificate in the usual way, and set up my proxy to use that cert. I enabled all four of the options in the SSL tab (Force SSL, HTTP/2 support, HSTS Enabled, HSTS Subdomains). I have a domain name set up (xxx.yyy.duckdns.org) and the cert is configured for that.

From outside my local network, I can access https://xxx.yyy.duckdns.org successfully.

But from inside my local network, I get a timeout when trying to access https://xxx.yyy.duckdns.org. This happens with any client: curl on the Raspberry PI itself, a web browser on a Windows PC that is on the local network, or a curl command in a MINGW64 session in that PC.

So to recap; with HTTP I can use this proxy normally whether locally or remotely. But after enabling HTTPS in NPM, it only works remotely. Nothing new appears in the fallback_access.log or in the proxy-host-1_access.log when the timeout occurs. It looks as though the request is not getting to NPM. My docker-compose file maps port 443 to the host's 443.

To isolate the problem, I implemented another Flask server and configured it to use HTTPS. That works normally with local clients. So I am wondering what could be wrong in my NPM config to prevent local clients working.

[forestial]

I found after posting my question that my problem appears to be a limitation my ISP (Optimum/Altice), or the router that they provide and how they handle port 443. I was able to work around it (while still using NPM) by getting my HTTPS request to use a different port. It's a small inconvenience to add the port number to any request, and it seems to work for both internal and external access.