I try to setup an aws load balancer (ELB) with SSL follow the instruction at #6566

Certificate was attached on ELB.

However, I got the issue "upstream connect error or disconnect/reset before headers. reset reason: connection termination" when trying to access our web on browser.

Our setup without SSL has been worked before.

I use the custom values.yaml to install the istio (helm template):

helm template ./istio/install/kubernetes/helm/istio --name istio --namespace istio-system --values ./mesh/values.yaml | kubectl apply -f -

I have inserted below annotations to the gateways tag:

istio-ingressgateway:
    serviceAnnotations: 
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-southeast-1:xxxxx:certificate/my-crt"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"

Here is my gateway.yaml:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-gateway
spec:
  selector:
    istio: ingressgateway #default istio ingressgateway
  servers:
  - port:
      number: 80
      name: http-istio-gateway
      protocol: HTTP
    hosts:
    - "*"
    tls:
      httpsRedirect: true
  - port:
      number: 443
      name: https-istio-gateway
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: api-gateway
spec:
  gateways:
  - istio-gateway
  hosts:
  - "*"
  http:
  - match:
    - uri:
        prefix: /socket.io/
    route:
    - destination:
        host: api-gateway-ws.default.svc.cluster.local
        port:
          number: 5001
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: api-gateway.default.svc.cluster.local
        port:
          number: 5000