502 Bad Gateway, only when going through Cloudflare

Hi! Thanks for your answer.

Yes, the tests I have done were on a Cloudflare setup with encryption set to “Flexible” due to certain vendor requirements.
I’ve switched to “Full (Strict)” on a setup for testing purposes and have replicated the issue, so I don’t think it is related to this specific point.

Cloudflare proxying was always turned on for this service and it is being accessed via HTTPS.

8081 runs the app that is to be exposed - the port is hidden with UFW, the only ports that should be visible to CF are 80 and 443. Nginx can connect to the app fine.
CF can connect to these and the rest of the service works as expected, only the specific case detailed seems to cause issues.

May I also ask, www or non-www?

All tests are done on non-www, but I can replicate the issue on the www equivalent.

I’ve again done some tcpdump captures directly on the container the app runs in and on the whole system with CF set to no encryption (in order to observe HTTP requests), and the requests that are to end up in a 502 never seem to even arrive on the origin server. Succeeding requests are captured fine.
This confuses me greatly, as everything on CF’s side points to the error being on my origin server.

Is there anything else I could do to troubleshoot this?