Why might SELinux issue a Permission Denied error when accessing an upstream Node.js server's default routes, but not static files like image files?

Question

Environment: Nginx reverse proxy serving static resources and using proxy_pass to serve resources from 2 separate Node.js upstream server instances.

Simplified example nginx.conf:

server {
    server_name example.com;
    location ~* \.(jpg)$ {}
    location / {
        proxy_pass http://127.0.0.1:8080;
    }
}
server {
    server_name subdomain.example.com;
    location ~* .(jpg)$ {}
    location / {
        proxy_pass http://127.0.0.1:8081;
    }
}

The top block can serve both static files and Node.js resources through proxy_pass without error. The bottom block can serve static files but throws an SELinux permissions error when I hit the Node.js server through proxy_pass. With SELinux set to permissive no error is thrown.

Client error: Chrome displays a 502 Bad Gateway error.

From the error log:

2020/12/11 14:49:03 [crit] 2113#2113: *24 connect() to 127.0.0.1:8081 failed (13: Permission denied) while connecting to upstream, client: 0:0:0:0:0:0:0:0, server: subdomain.example.com, request: "GET /random-page HTTP/2.0", upstream: "http://127.0.0.1:8081/random-page", host: "subdomain.example.com", referrer: "https://subdomain.example.com/"

I have httpd_can_network_relay set to on. This seems to be enough to make the top block work but not the bottom block.

httpd_can_network_relay (on , on) Allow httpd to can network relay

What else might I need to set in SELinux to get rid of the error?

UPDATE:

As suggested below I threw the error and then ran,

$ sudo ausearch -m AVC -ts recent

The error in the log is outside my ability to understand it. I'm not sure where to start.

time->Fri Dec 11 20:39:08 2020 type=PROCTITLE msg=audit(1607744348.594:791): proctitle=6E67696E783A20776F726B65722070726F63657373 type=SYSCALL msg=audit(1607744348.594:791): arch=c000003e syscall=42 success=no exit=-13 a0=11 a1=55c9f3d0ab50 a2=10 a3=7ffeab2adb5c items=0 ppid=1187 pid=1191 auid=4294967295 uid=989 gid=986 euid=989 suid=989 fsuid=989 egid=986 sgid=986 fsgid=986 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1607744348.594:791): avc: denied { name_connect } for pid=1191 comm="nginx" dest=8081 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:transproxy_port_t:s0 tclass=tcp_socket permissive=0