Yes. But the Apache server will need certs to terminate those TLS connections.
Pretty much anything that "works" is allowed.
That does simplify things.
In this case, the back-end QNAP server will not need a cert.
The Apache server will do all the (external side) encryption for all servers (including QNAP server).
Note: The name should remain the same and any self-referencing links within the QNAP should NOT include the protocol it uses (HTTP/HTTPS).
[it shouldn't include the protocol... but we must confirm that and can check it once it is fully configured]
So then Apache will have both names.
One name will be served locally.
The other will be reverse proxied from HTTPS on the outside to HTTP on the inside.
Are you ready?