Access nginx pod through external IP

Hi, I am learning Istion and I need help with a test/toi example I am working on. My goal is to reach a pod in k8s running nginx, to prove this I hope to be able to see the nginx welcome page. I also want to use istio routing because I want to use an external IP to access the pod.
This is the service

$ kubectl -n istio-system get svc ...
NAME                         TYPE           CLUSTER-IP      EXTERNAL-IP       PORT(S)                                                    AGE
istio-ingressgateway-can     LoadBalancer   10.23.105.173   148.187.106.66    80:30017/TCP,443:32269/TCP                                 164d

And

kubectl -n istio-system describe svc istio-ingressgateway-can
Name:                     istio-ingressgateway-can
Namespace:                istio-system
Labels:                   app=istio-ingressgateway-customer-user
                          app.kubernetes.io/managed-by=Helm
                          istio=ingressgateway-customer-user
                          peerauthentication=ingressgateway
                          release=cray-istio
Annotations:              external-dns.alpha.kubernetes.io/hostname: api.can.alps.cscs.ch,auth.can.alps.cscs.ch
                          meta.helm.sh/release-name: cray-istio
                          meta.helm.sh/release-namespace: istio-system
                          metallb.universe.tf/address-pool: customer-access
Selector:                 app=istio-ingressgateway-customer-user,istio=ingressgateway-customer-user
Type:                     LoadBalancer
IP Families:              <none>
IP:                       10.23.105.173
IPs:                      10.23.105.173
LoadBalancer Ingress:     148.187.106.66
Port:                     http2  80/TCP
TargetPort:               80/TCP
NodePort:                 http2  30017/TCP
Endpoints:                10.38.128.107:80,10.38.128.74:80,10.40.128.34:80
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  32269/TCP
Endpoints:                10.38.128.107:443,10.38.128.74:443,10.40.128.34:443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

This is the gateway

kubectl -n services describe gateway customer-user-gateway
Name:         customer-user-gateway
Namespace:    services
Labels:       app=istio-ingressgateway
              app.kubernetes.io/managed-by=Helm
              gateway=customer-user-gateway
Annotations:  meta.helm.sh/release-name: cray-istio
              meta.helm.sh/release-namespace: istio-system
API Version:  networking.istio.io/v1beta1
Kind:         Gateway
Metadata:
  Creation Timestamp:  2022-07-25T10:48:39Z
  Generation:          1
  Managed Fields:
    API Version:  networking.istio.io/v1beta1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:meta.helm.sh/release-name:
          f:meta.helm.sh/release-namespace:
        f:labels:
          .:
          f:app:
          f:app.kubernetes.io/managed-by:
          f:gateway:
      f:spec:
        .:
        f:selector:
          .:
          f:istio:
        f:servers:
    Manager:         Go-http-client
    Operation:       Update
    Time:            2022-07-25T10:48:39Z
  Resource Version:  61044921
  UID:               088ecd01-e38f-408f-bfaa-297546be6705
Spec:
  Selector:
    Istio:  ingressgateway-customer-user
  Servers:
    Hosts:
      *
    Port:
      Name:      http
      Number:    80
      Protocol:  HTTP
    Hosts:
      *
    Port:
      Name:      https-443
      Number:    443
      Protocol:  HTTPS
    Tls:
      Credential Name:  ingress-gateway-cert
      Mode:             SIMPLE
Events:

And these are the nginx deployment with the service and virtual service

$ kubectl -n nginx-proxy apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-test
  labels: 
    app: nginx-test
  namespace: nginx-proxy
spec:
  replicas: 1
  strategy:
    type: Recreate
    rollingUpdate: null
  selector:
    matchLabels:
      app: nginx-test
  template:
    metadata:
      labels:
        app: nginx-test
    spec:
      containers:
      - name: nginx-test
        image: cache/nginx:1.18.0
        ports:
        - containerPort: 80
        - containerPort: 443
EOF
$ kubectl apply -f - <<EOF 
apiVersion: v1
kind: Service
metadata:
  name: nginx-test
  namespace: nginx-proxy
spec:
  selector:
    app: nginx-test
  ports:
  - port: 80
    protocol: TCP
EOF
$ kubectl -n nginx-proxy apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: nginx-test
spec:
  hosts:
  - "*"
  gateways: 
  - customer-user-gateway         
  http:
  - match:
    - headers:
        User-Agent:
          prefix: nginx           
    route:
    - destination:
        host: nginx-test.nginx-proxy  
        port:
          number: 80
EOF

I can reach the nginx welcome page using the pod IP

curl http://10.42.128.67
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

But I am unsuccessful using the external IP and the matching header, using the nodePort gets stuck

curl -I -H 'User-Agent: nginx-test' -vvvv http://148.187.106.66:30017
*   Trying 148.187.106.66:30017...
* TCP_NODELAY set
* Connected to 148.187.106.66 (148.187.106.66) port 30017 (#0)
> HEAD / HTTP/1.1
> Host: 148.187.106.66:30017
> Accept: */*
> User-Agent: nginx-test
> 

Using port 80 gives an 404 Not Found error

curl -I -H 'User-Agent: nginx-test' -vvvv http://148.187.106.66
*   Trying 148.187.106.66:80...
* TCP_NODELAY set
* Connected to 148.187.106.66 (148.187.106.66) port 80 (#0)
> HEAD / HTTP/1.1
> Host: 148.187.106.66
> Accept: */*
> User-Agent: nginx-test
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
< date: Sat, 12 Nov 2022 18:56:42 GMT
date: Sat, 12 Nov 2022 18:56:42 GMT
< server: istio-envoy
server: istio-envoy
< transfer-encoding: chunked
transfer-encoding: chunked

< 
* Connection #0 to host 148.187.106.66 left intact

Could someone please help me understand what am I doing wrong?