Nginx 负载均衡器在代理传递 SSL 流量时抛出 502 错误

我有两台 debian 10 服务器，配置如下。10.0.0.3 是基于 nginx 和端口转发（80、443）的负载均衡器。10.0.0.2 是我想要代理流量的代理后面的服务器之一。负载均衡器 nginx 配置：

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
}

server {
        listen 443 ssl default_server;
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_pass https://10.0.0.2;
        }

}

以及 10.0.0.2 服务器上的 phpmyadmin 的示例配置

server {
    server_name pma.example.com www.pma.example.com;
    root /usr/share/phpMyAdmin;
    access_log /var/log/nginx/access_pma.example.com.log;
    error_log /var/log/nginx/error_pma.example.com.log;

    satisfy  any;
    allow 8.8.8.8;
    deny   all;

    auth_basic "Administrator’s Area";
    auth_basic_user_file /etc/apache2/.htpasswd;


    client_max_body_size 4m;

    location / {
        try_files $uri /index.php?$query_string;
    }
    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
       access_log off;
       expires 30d;
    }

    location ~ /\.ht {
       deny all;
    }

    location ~ /(libraries|setup/frames|setup/libs) {
       deny all;
       return 404;
    }
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        fastcgi_pass unix:/var/run/php/php7.4-fpm_pma.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
 location ~ /\.(?!well-known).* {
        deny all;
    }



    listen 443 ssl;
     include snippets/self-signed.conf;
    include snippets/ssl-params.conf;

}

我收到的错误是 502，来自负载均衡器的日志如下：

2020/07/01 11:48:22 [error] 21623#21623: *6 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: xxxx, server: , request: "GET / HTTP/1.1", upstream: "https://10.0.0.2:443/", host: "pma.example.com"
2020/07/01 11:48:22 [error] 21623#21623: *6 peer closed connection in SSL handshake while SSL handshaking to upstream, client: xxxx, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "https://10.0.0.2:443/favicon.ico", host: "pma.example.com", referrer: "https://pma.example.com/"

感谢您的任何帮助！ ：）