So I run windows AD and have windows dns inside and cloudflare outside. I also run NPM for the web prox in my DMZ.
On the inside DNS I point the A record for NPMProxy.domain.com to the IP of my npm server. I than setup service1.domain.com inside npm to forward requests to the web server setup for service1. I than setup the CNAME record for service1.domain.com to point to NPMProxy.domain.com. This should complete your inside.
Outside I set the A record on cloudflare for service1.domain.com to my public IP address which will route again to NPM. This will complete the outside connectivity.
Make sure your firewall rules are set and proper ports open and you should be golden.
Bitwarden all day
+1 for dst nat on googles dns servers back to my piholes