I'm trying to set up end user authentication with JWT in Istio as described here: https://istio.io/help/ops/security/end-user-auth/

Here are the steps to reproduce:

1. Set up Istio locally: https://github.com/nheidloff/cloud-native-starter/blob/master/LocalEnvironment.md
2. Set up HTTPS, sample services and Ingress: https://github.com/nheidloff/cloud-native-starter/blob/master/istio/IstioIngressHTTPS.md
3. kubectl apply -f https://github.com/nheidloff/cloud-native-starter/blob/master/istio/access.yaml

I created a little app to get a JWT token for a user. I've checked that the token is valid via https://jwt.io/.

When I invoke the following URLs, I get the same error:

curl -k https://web-api.local:31390/web-api/v1/getmultiple
curl -k https://web-api.local:31390/web-api/v1/getmultiple --header 'Authorization: Bearer eyJhbGciOiJIU.........wOeF_k'

HTTP Status Code: 503 upstream connect error or disconnect/reset before headers

I don't see any entries related to these requests in the istio-proxy logs. I assume that means that something goes wrong before the request even arrives at the proxy.

kubectl logs web-api-v1-545f655f67-fhppt istio-proxy

I've tried Istio 1.0.6 and 1.1.1.

I've run out of ideas what else to try. Any help is much appreciated! Thanks!