带有 AWS ACM 的 Istio TLS 从服务器得到空回复

我已经为 AWS NLB 设置了 ACM。

然后我部署网关和虚拟服务。

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: jenkins-gateway
  namespace: jenkins
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 443
      name: http-jenkins
      protocol: HTTP
    hosts:
    - "cicd.domain.com"

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: jenkins-vs
  namespace: jenkins
spec:
  hosts:
  - "cicd.domain.com"
  gateways:
  - jenkins-gateway
  http:
  - route:
    - destination:
        host: jenkins
        port:
          number: 8080            

但是当我使用

curl

curl: (52) Empty reply from server

我也有为

istio-ingressgateway

      annotations:
        service.beta.kubernetes.io/aws-load-balancer-name: "name"
        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
        service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-south-1:xxxxxx:certificate/e050b0fc-7117-444a-a296-ebcdc01d3ab2"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
        service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
        service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"

• Istio 版本：1.16.1
• EKS 版本：v1.23

任何帮助表示赞赏。