May I ask you if your app is actually working on both 80 and 443 port or only one of them?
Can you re-check the config file?
How did you checked if it is or not resolving on port 80 (should be at the origin to redirect to 443, HTTP to HTTPS in that case)?
Can you check what have you got selected under SSL tab at Cloudflare dashboard? Is it Full SSL or something other?
Regarding 522 error, here is an step-by-step instruction article:
Have you allowed Cloudflare IP addresses to connect to your new host/origin?
Maybe you need to allow Cloudflare IP addresses to connect to your host/origin server:
Thank you for your response.
There is Nginx web-server which serves static files and reverse proxies to api-server. It is based on servername. Nginx is configured to work with both http, and https, for https it uses the certificates created on Cloudflare. Full SSL mode is enabled.
Yes, turns out I set it actually to Full (strict) mode. Using Cloudflare’s self-signed certificate on origin server.
No errors were shown on Nginx’s side. (client sending http request) Checked using Wireshark if Cloudflare is really sending any request to origin server and no traffic was there…