Solution: How to get local SSL and use your public domain for local internal subdomains?
Use cloudflare to get an api token
Set an a record for a wildcart cert *.domain.com pointing towards your servers local IP such as 192.168.0.1, turn off cloudflare proxy
Go into NPM and setup the SSL cert using dns challenge and your api token
setup a proxy host user your subdomain.domain.com pointing towards your docker container
key step!!!! make sure you do not have conflicting ports 80 and 443 on your machine. On unraid the device management ports are set to this, but for NPM to do local proxies, it needs access to these ports.
I'm running cloudflare and NPM, I did a DNS challenge to get my wildcard cert, then put in access lists so for my internal hosts only private IP address subnet can access them. I have my OPNsense firewall also redirect any of those internal hosts request back to my NPM host. I have everything internal with a valid https cert.