Getting bad gateway on one of the tunnels

Bad gateway with a tunnel usually means the service you have configured on that public hostname is unreachable by the cloudflared daemon.
If it happens only temporarily, is it possible you have two connectors/instances of cloudflared on different servers running, one where the service isn’t reachable? In the Zero Trust Dashboard, you can go under Access → Tunnels, click on the tunnel name. If you have more then one connector, click on the connector ID and you can see the IP/Hostname of it. All Tunnel Connectors should be able to reach the configured service.

If you only have one connector (or all connectors are as you expect), then I would guess your configured service is sometimes failing, and I would try reaching it from the server itself (via curl or something), when it doesn’t work via the tunnel. If it doesn’t work there either, then it’s an issue with the service.