Cloudflare tunnel and nginx

I know there are a lot of articles on this forum, but none of them worked for me. I have a nextcloud server and every time I sign in, I get a warning that some content like pictures are not encrypted. I want to use full SSL encryption. I selected strict SSL in my Cloudflare dashboard. I would like everything to be encrypted on the server side too. The only way I know how to do this is with nginx. I want to use a Cloudflare tunnel so my home IP address isn’t public also some of my websites (Proxmox) need zero trust for Google authentication. I get an error when I try to visit my nextcloud subdomain. The error says “too many redirects” then I am brought to a Cloudflare error 502. What did I do wrong? My tunnel points to nginx and nginx is a proxy for nextcloud. I also want to implement authelia for bitwarden, I think api access and hardware security keys for Cloudflare cost money. Thanks for your help, I’ve been struggling hard with this setup. My real problem is that I’m using a reverse proxy with another reverse proxy. I’d like to use nginx instead of Cloudflare, but I want to keep the tunnel.

I can only post one picture. The tunnel points to nginx and nextcloud is

What’s the domain name facing issues?

Have you ensured your Nginx instance is listening on the same location as what is placed in the zero-trust dashboard?

What’s your server block configuration for the site?

I have an update: I switched to something that is less complicated. I chose to point Cloudflare at Heimdall and it actually worked on http. I set Cloudflare to http localhost, nginx was set to the true IP and port of my Heimdall container. when I visited my test subdomain and I was brought to Heimdall. I changed it to https and got a letsencrypt cert and everything worked. I set Tunnels > tunnel name > Public Hostname Page > Additional application settings > TLS > notlsverify on and typed in my domain name for Origin server name. Now I need to find previous threads that aren’t closed and post this solution to help others with this same problem.

Nginx was set as a proxy for Heimdall and I set http and the IP address of my Heimdall instance. My issue was on my Cloudflare tunnel itself. I set it up wrong. I wanted to include more screenshots, but the forums will only allow one screenshot. Thanks for your help. I found a reddit post that used the older ingress settings. I set mine up through the zero trust dashboard. I am still new to Cloudflare, I love the service, I have a lot to learn. Now that I have this set up, I need to install Authelia and use it to protect some services.

Glad to hear you resolved the issue.