Sites are accessible externally, but not on the internal network

This is typically because your router at the edge of your network doesn’t support NAT hairpinning:

The usual solution is to run a DNS server inside of your LAN which resolves your domains to the LAN IP of your server for machines inside your network, and still resolves via public DNS to your WAN IP.