I looked into this a bit more, it appears to be a quirk of the Go HTTP server. This issue is discussed in depth in go/issues/23689 and has been addressed with Go 1.12, the server now replies with the following HTTP response:
HTTP/1.0 400 Bad Request
Client sent an HTTP request to an HTTPS server.
This means that Chronograf would only need recompiled with Go 1.12 to get this new behavior. This wouldn’t give you a redirect to HTTPS, it doesn’t appear that this response is configurable with the Go server. So I think the reverse proxy is still something you will want, but it would still be good to create a Chronograf issue.