Having trouble to setup reverse proxy with my app

Hi Experts,

I configured reverse proxy using below the blog and I am successfully able to get atlassian-connect JSON file and able to install my app but when I try to click on the index page of my app I am getting an error “Unauthorized: Authentication failed: query hash does not match.”

Kindly help for the solution: @acalantog , @rwhitbeck, @david.pinn

I did setup the reverse proxy app using this blog:
https://itnext.io/hosting-multiple-apps-on-the-same-server-implement-a-reverse-proxy-with-node-a4e213497345

My config.json file for reverse proxy:

{
  "routes": [
    {
      "route": "/app1",
      "address": "http://localhost:4000" (*I am running my app on 4000 port*)
    },
    {
      "route": "/app2",
      "address": "http://localhost:5000"
    }
  ]
}

app.js file of reverse proxy app(Running this app on 443 port):

// Dependencies
const express = require('express');
const proxy = require('http-proxy-middleware');
const https = require("https");
const fs = require("fs");
const os = require("os");

// Config
const { routes } = require('./config.json');

const app = express();

for (route of routes) {
    app.use(route.route,
        proxy({
            target: route.address,
            pathRewrite: (path, req) => {
               
			   return path.split('/').slice(2).join('/'); // Could use replace, but take care of the leading '/'
            }
        })
    );
}

 var options = {
    pfx: fs.readFileSync("./cer/*********.pfx"),
    passphrase: "*****",
    ca: [
      fs.readFileSync("./cer/CACertificate-ROOT-2.crt"),
      fs.readFileSync("./cer/My_CA_Bundle.ca-bundle")
    ]
  };
  https.createServer(options, app).listen(443, () => {
    console.log("App server running at https://" + os.hostname() + ":443");
  });

My Cloud App:
Atlassian-connect.json


  "key": "com.***.jira.cui",
  "name": "My App",
  "vendor": {
    "name": "ABC",
    "url": "https://atlassian.*******.com/"
  },
  "baseUrl": "{{localBaseUrl}}",
  "enableLicensing": true,
  "links": {
    "self": "{{localBaseUrl}}/atlassian-connect.json",
    "homepage": "{{localBaseUrl}}/atlassian-connect.json"
    
  },
  "authentication": {
    "type": "jwt"
  },
  "lifecycle": {
   **"installed": "/app1/installed"**
  },
  "scopes": ["ADMIN"],
  "modules": {
    "generalPages": [
      {
        "key": "import-page-jira",
        "location": "system.top.navigation.bar",
        "name": {
          "value": "Import Users"
        },
     *   "url": "/app1/index",*
        "conditions": [
          {
            "condition": "user_is_admin"
          }
        ]
      }
    ]
  },
  "apiMigrations": {
    "gdpr": true
  }
}

Route index,js file of my app

app.get("/", (req, res) => {
 *  res.redirect("/app1/atlassian-connect.json");*
 }); 

app.get("/index", addon.authenticate(), (req, res) => {
    let licenseStatus = req.query.lic;
    let tenantUrl = req.query.xdm_e;
      
    if (licenseStatus != "active") {
        res.render("license_error", {
        title: "Import User Plugin",
        tenantUrl: tenantUrl
      });
    } else {
      res.render("/index", {
        title: "Import User Plugin"
      });
    }
  });

Congi.json file of My app

"production": {
    // PaaS like Heroku will provide HTTP port via environement variable.
    "port": "4000",
    // Use views/unauthorized.hbs for error page.
    "errorTemplate": true,
    // Public URL to production app.
    **"localBaseUrl": "https://xxxx.xxxxx.com",**
    
    "store": {
      "adapter": "sequelize",
      "dialect": "sqlite3",
      "type": "memory"
    },
    // The app can only be registered by the products on these domains:
    "whitelist": [
      "*.jira-dev.com",
      "*.atlassian.net",
      "*.atlassian.com",
      "*.jira.com"
    ]
  },

I have attached a screenshot of the response of my app.