Oh yes, this header thing is very likely to be the problem
Similar issues happen to Caddy and Nginx users in cases they don't properly pass headers in config, there is a MinIO official nginx example but I don't know how to fix the config for CF tunnel and Caddy... My best effort is to use minio official cli mc as a cli tool instead of rclone on computer because they doesn't seem to have these issues, or try to use ip:port because http without reverse proxy doesn't bother the header thingy
This question actually has a long history and was replicated in many different S3 compatible providers, sometimes even AWS itself. I couldn't make an aggregate of all these issues but it does happen, and this shouldnt be a bug of minio or cloudflare, this is rclone, because I tried to use the domain name as endpoint with identical key pair at obsidian extension remotely save and minio official cli, either would work smoothly