Hi Medan,
Just curious why didn't you use Azure App GW for all these requirements? Instead of NVA you can utilise Azure APP GW for SSL/TLS Offload, rewrite headers and other L7 features. SKU v2 of App GW will cover all these requirements.
Also not clear how is your SSL encryption is set, is it End to end or just from the NVA to Backend? Check the end to end encryption process here for App GW. https://learn.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal
For this you will need to load Certs and configure the listener.
Hope this helps.
JS
==
Please Accept the answer if the information helped you. This will help us and others in the community as well.