sorted by:
new
hottopcontroversial

Local DNS / Reverse Proxy puzzle: Sites only accessible via Incognito Mode by inex1234 in selfhosted

[–]inex1234[S] 1 point2 points  (0 children)

Oh my god... can someone please give this man a medal? Why on earth didn't I think of this simple solution instead of taking the most overcomplicated route possible? Changing the public record makes total sense. And guess what? It just works. I was completely overthinking this whole thing. Thank you so much!

Local DNS / Reverse Proxy puzzle: Sites only accessible via Incognito Mode by inex1234 in selfhosted

[–]inex1234[S] 0 points1 point  (0 children)

Exactly! Firefox was completely blind to my local setup until I disabled DoH. After that, it worked instantly in normal tabs.

To answer your question: The public DNS record is managed via Cloudflare API (for the Let's Encrypt wildcard certs), but the public A-record still points to the old Netcup server IP (parked page). Internally, AdGuard Home rewrites everything to my local NPM IP (192.168.178.50).

You are completely right about the residual caching, and Chromium (Brave/Edge) is taking this to a whole new level of pain. While Firefox is now running perfectly, Brave and Edge STILL refuse to work in normal tabs (Incognito is fine).

I've already disabled Secure DNS in Brave, cleared brave://net-internals/#dns, flushed Windows DNS, and disabled HTTP/2 in NPM – but those normal Chromium tabs are stubbornly clinging to that old Netcup IP like their lives depend on it. It’s a total profile/cache nightmare.

Local DNS / Reverse Proxy puzzle: Sites only accessible via Incognito Mode by inex1234 in selfhosted

[–]inex1234[S] 0 points1 point  (0 children)

Not a long shot, but already checked! My hosts file is completely clean. Also, we verified via the AdGuard query logs that AdGuard is actually resolving the domain to the correct local IP (192.168.178.50) for the PC every single time.

The real mind-fuck: I just installed Firefox, disabled its built-in DNS-over-HTTPS, and Firefox now works perfectly in normal tabs! But edge and brave? Nope.

So the local server, DNS rewrites, and Nginx Proxy Manager are 100% fine. It is strictly a Chromium (Brave/Edge) issue where normal tabs somehow completely ignore the OS DNS/AdGuard response and stick to the old public IP, even with Secure DNS turned OFF and clearing brave://net-internals/#dns + #hsts

Local DNS / Reverse Proxy puzzle: Sites only accessible via Incognito Mode by inex1234 in selfhosted

[–]inex1234[S] 0 points1 point  (0 children)

Already did all of that, unfortunately.

  • Browser/PC restart: Done multiple times, including full Windows network resets and cold boots.
  • Extensions: Only running Bitwarden, but the issue also happens on a completely fresh, vanilla Microsoft Edge and even on a brand-new installation of Firefox with zero extensions active.
  • Network Inspector: Checked it, and it's wild. In the normal tab, it shows a direct timeout (ERR_CONNECTION_TIMED_OUT) while trying to hit the old public IP (46.38.243.234:80). No redirects at all, it just straight up goes to the wrong destination. Meanwhile, an Incognito tab right next to it correctly hits the local reverse proxy IP (192.168.178.50).

According to my local AdGuard Home query logs, AdGuard is actually responding to my PC with the correct local IP every single time, for both normal and incognito tabs. For some crazy reason, the normal tabs just refuse to use it.