Recently moved from one ISP to another and now having issues with my reverse proxy setup. I’ve verified that carrier-grade NAT is not being used on my new connection. My setup includes a Cloudflare container that automatically updates my domain’s A record with the current WAN address.
All DNS configurations appear correct on the Cloudflare dashboard. My home server maintains its original static IP address (192.168.2.134) and all proxy configurations in Nginx Proxy Manager point to this internal address with their designated ports.
I’ve configured port forwarding for both HTTP (port 1880) and HTTPS (port 18443) traffic. Testing shows that accessing my-wan-ip:1880 displays the NPM welcome page successfully. However, attempting to reach my-wan-ip:18443 returns “400 Bad Request The plain HTTP request was sent to HTTPS port”.
Most importantly, none of my configured reverse proxy entries function properly. They all result in endless loading followed by 522 timeout errors. What could be causing this behavior after the ISP change?
sounds like a firewall issue on the new isp’s end tbh. ive seen this before where everything looks right but the carrier is doing some weird filtering behind the scenes. try testing with a different external port entirely - maybe 8080 for http and 8443 for https instead of your current ones. also double check if cloudflare proxy is enabled (orange cloud) because that can cause wierd ssl handshake problems after ip changes.
Have you checked if your new ISP is blocking or throttling certain ports? Even though you confirmed no CGNAT, some ISPs implement port restrictions that weren’t present with your previous provider. The fact that port 1880 works but 18443 throws SSL errors suggests this might be the case. I encountered something similar when switching to a business plan - had to contact my ISP to whitelist ports above 8080. Also worth verifying that your router firmware didn’t reset any advanced NAT settings during the transition. Try temporarily changing your HTTPS port to something like 8443 or 9443 to see if the issue persists. If the 522 errors disappear with a different port, you’ll know it’s ISP-related rather than a configuration problem on your end.
The 400 error on port 18443 indicates that your SSL certificate configuration needs attention. Since you changed ISPs, your WAN IP likely changed, which may have disrupted the SSL binding in Nginx Proxy Manager. It’s important to check whether the SSL certificates in NPM are still valid and pointing to the correct, updated IP address. Additionally, ensure your router’s port forwarding rules are accurate for your new public IP. I faced a similar situation when my ISP changed my IP unexpectedly; regenerating Let’s Encrypt certificates and updating SSL settings resolved it. The 522 errors suggest that Cloudflare can’t establish a secure connection to your origin server, which likely points back to the SSL certificate issue.