Cannot setup cloudflare tunnel with Full(strict)

I already set Cloudflare tunnel, and the tunnel can access my nginx webserver.
This is my config.yml

url: http://localhost

tunnel: <Tunnel-UUID>

credentials-file: /root/.cloudflared/<Tunnel-UUID>.json

The problem is I got too many redirect error. And it is because the nginx and let’s Encrypt certbot

if ($host = sub.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

How to properly set the tunnel so I can still use lets encrypt, tunnel and without too many redirect error

Looks like it is trying to redirect to https?

What if you change the url protocol to https:// ?

It won’t work because I dont have https in localhost.
Is it the best practice to use https for localhost?

Sounds conflicting when you have Let’s Encrypt certbot but without HTTPS enabled.

Or do you mean, HTTPS is not accessible when pointing to localhost but it’s accessible when pointing to the hostname itself (sub.example.com?

Yes I mean HTTPS only accessible when pointing to the hostname sub.example.com, and not available for localhost.
I just wonder how people use the tunnel with nginx what is the best practice? Cause I can’t see any documentation that really help