Configuring load balancer as SSL endpoint *with upstream HTTPS*

I've managed to use Forge to successfully configure Digital Ocean droplets as load balancer and web server, with the load balancer acting as an SSL endpoint and proxying for an insecure (port 80) upstream server.

I would now like to take it a step further by adding SSL encryption to the upstream server connection.

The issue I get when I configure everything for SSL though is a 502 gateway error. It seems the upstream server is not understanding the host headers that the load balancer is adding, and therefore not serving the correct vhost/SNI is failing somehow. That is my suspicion anyway.

I need to use an unsigned SSL certificate on the upstream server as it won't be in the public DNS. That's OK; it is the encryption that I want.

Here is the relevant config from the load balancer's nginx:

location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host mysite.com.au;
        proxy_set_header X-NginX-Proxy true;
        
        # added to test
        proxy_ssl_server_name on;

        # changed http to https
        proxy_pass https://123456_app/;
        proxy_redirect off;

        # Handle Web Socket Connections
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # disable SSL certificate verification
        proxy_ssl_verify off;
    }

Does anybody have any ideas? Has anyone gotten this to work with Forge and Digital Ocean?