SSL/TLS encryption mode on Cloudflare side is on "flexible" status (https on)
server side setting on third server is:
upstream backend {
server domain1.com;
server domain2.com;
}
server {
listen 80;
location / {
proxy_pass http://backend;
}
Error message is: Error 1003 Direct IP access not allowed
Cloudflare explains: Error 1003 Access Denied: Direct IP Access Not Allowed Common cause A client or browser directly accesses a Cloudflare IP address. Resolution Browse to the website domain name in your URL instead of the Cloudflare IP address.
I resolved this problem with set proxy to the header
proxy_set_header Host www.domain.io;