I just read that thread and that is another way to go. But, I think that method is confusing which is why I suggested using a different domain name for your origin server. CloudFront allows multiple origin servers to sit behind its edge. You can, for example, use Behaviors to direct some requests to an S3 bucket and other requests to a server like Apache. Your origin server can be any name you want it to be.
You have to make sure any web pages seen by the browser client have URLs for the domains controlled by CloudFront edge. I don't use Wordpress but you might have to make sure you tell it to use your root or www domain name when making pages and not the new origin domain name handled by your Apache server.
Your quote below is confusing. I agree there is a learning curve when designing more complex systems. And, on a different day I might be willing to spend more time. I'm pretty sure your 502 was because your CloudFront Origin wasn't set right. It should have been your origin.kupoholik.rs domain name and set to use HTTPS only. Your Apache server process those requests. That is, CloudFront is a client to your Apache server. The browser is a client to the CloudFront server (its edge).