It doesn’t require it, but it’s simplest, and still secure. Since the connection is happening within your network, if you trust all the machines on your network, then it’s safe. See this topic for an explanation:
If you must use HTTPS to proxy, then use https:// in your upstream address to tell Caddy to try to connect with TLS to the upstream.
The issue with proxying over HTTPS is typically trust. If your upstream doesn’t have a trusted certificate (i.e. issued by a well-known public CA) then Caddy can’t trust it and won’t complete the TLS handshake… unless you throw away all security by using tls_insecure_skip_verify transport option, which is “just as secure” as HTTP, as in, not at all. So might as well use HTTP if you don’t want the headache of managing trust internally.
Any logs? I see no evidence of that. If you’re able to connect to https://nas.flyingnobita.com with a successful response from Caddy, then you do have a certificate for that domain.