Istio-ingressgateway 8443 port fails to find route

Hello, I’m using Isitio v1.16 for Kubeflow, and I want to apply TLS on istio-ingressgateway.
As I know, target port for HTTP is 8080 and 8443 port is for HTTPS.
But in my case, 8443 port of istio-ingressgateway looks it cannot find route to kubeflow dashboard.

This is error log when I access “https://centraldashboard.kubeflow.example.com

HTTP/2 404 NR route_not_found - "-" 0 0 0 - "61.101.xxx.xxx" "Mozilla ... " Chrome/109.0.0.0 ... "centraldashboard.kubeflow.example.com" "-" - - 10.244.133.65:8443 61.101.xxx.xxx:5014 centraldashboard.kubeflow.example.com -

Also, I’m using NodePort type of istio-ingressgateway service, because there is external L4 switch outside of cluster.
My istio-ingressgateway svc yaml is,

apiVersion: v1
kind: Service
metadata:
  labels:
    app: istio-ingressgateway
    istio: ingressgateway
    ...
spec:
  ...
  ports:
  - name: status-port
    nodePort: 30406
    port: 15021
    protocol: TCP
    targetPort: 15021
  - name: http2
    nodePort: 30000
    port: 80
    protocol: TCP
    targetPort: 8080
  - name: https
    nodePort: 32384
    port: 443
    protocol: TCP
    targetPort: 8443
  - name: tcp
    nodePort: 32224
    port: 31400
    protocol: TCP
    targetPort: 31400
  - name: tls
    nodePort: 31699
    port: 15443
    protocol: TCP
    targetPort: 15443
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
  type: NodePort
  ...

This is Istio gateway yaml file.

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  ...
  name: istio-ingressgateway
  namespace: istio-system
  labels:
    release: istio
spec:
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
  servers:
  - hosts:
    - '*'
    port:
      name: http
      number: 80
      protocol: HTTP
  - hosts:
    - '*'
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      credentialName: centraldashboard-tls
      mode: SIMPLE

So, my question is,

  1. Why 8443 target port cannot find any route, even if istio-proxy has 8433 container port?
  2. Is there any method to route to centraldashboard pod from 8443 target port in istio-ingressgateway?
  3. Is it possible to apply TLS with NodePort type of Istio-ingressgateway service?

Thank you