NGINX / Cloudflare random 520 HTTP errors when HTTP2 is enabled within NGINX

I'm seeing a problem where Cloudflare returns a 520 HTTP error code to roughly 10% of requests. However the issue does not occur if I bypass the Cloudflare proxy, and request from the server directly.

After lots of troubleshooting, I've discovered if I remove the two http2 parameters after listen, then the issue goes away, and Cloudflare stops returning the 520 errors.

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate         *path to key*;
    ssl_certificate_key     *path to key*;
    server_name example.com;
    root *path to directory*;
    location / {
        proxy_pass         http://localhost:5000; // proxying asp.net core app
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

Is there a resolution to the problem that allows me to keep the HTTP2 capability?

Solution 1:

The easy explanation is that according to the Understanding Cloudflare HTTP/2 and HTTP/3 Support:

Cloudflare only uses HTTP/1.x between the origin web server and Cloudflare.

You can disable the HTTP/2 on your origin server and still benefit from it between the browser and Cloudflare, as it is enabled by default if you have TLS at Cloudflare's edge network.