Got it working! Absolutely brutal. You have to setup the reverse proxy to add connection upgrade headers to the WSS connection. Here’s my location block for Nginx. The key is to do this for the /_/ws/ path.
location = /_/ws/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_pass https://localhost:8080;
proxy_read_timeout 60;
proxy_redirect https://localhost:8080/ https://MYSERVER/;
}
… where my anvil server is running with the same SSL key as Nginx and is running with the --port 8080 parameter. MYSERVER should be set to the same thing as your server block’s FQDN.
There’s a separate location block for the rest of the app’s reverse proxy, but it doesn’t need the match or the two upgrade lines.
Hope this helps save someone a day or two staring at raw header dumps and conf files…
Best,
Ken