TLS termination for internal app on private network

Hi! I’m trying to set up an internal-only app that needs TLS (I know Fly private networking is already encrypted; this is just to satisfy some app-specific dependencies so we can more closely match our production deployment).

The docs for Private Networking state that we can “Use Flycast to do the following entirely within your organization’s private network: …Use advanced proxy features like TLS termination or PROXY protocol support.”

However, just below in the instructions for setting up Flycast it says " do not use force_https as Flycast is HTTP-only ." This seems like a contradiction.

Is there a way to have Fly terminate TLS for an app within my org’s private network?