192.168.1.38 is your Apache server isn’t it?
If that is your Apache log it suggest you have Apache proxying back to itself(backend should point to HA server)
May be good to post relevant Apache section
I’m such an idiot sometimes. How could I have put in the wrong address for the HA trusted proxy? The HA config should have said 192.168.1.14. I fixed that and restarted HA and Apache2 but I’m still getting the same problem. My fixed HA configuration is:
http:
# server_port: 443
# ssl_certificate: /ssl/fullchain.pem
# ssl_key: /ssl/privkey.pem
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.14 # your nginx-server
- 192.168.1.0/24 # The whole subnet
My Apache2 virtual host conf is:
<VirtualHost *:80>
ServerAdmin <my email>
ServerName ha.<my domain>
redirect permanent / https://ha.<my domain>/
</VirtualHost>
<VirtualHost *:443>
# SSL
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/<my domain>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<my domain>/privkey.pem
# Basics
ServerName ha.<my domain>
# Proxy
ProxyPreserveHost Off
ProxyRequests off
SSLProxyEngine On
ProxyPass / http://192.168.1.38:8123/
ProxyPassReverse / http://192.168.1.38:8123/
ProxyPass /api/websocket wss://192.168.1.38:8123/api/websocket
ProxyPassReverse /api/websocket wss://192.168.1.38:8123/api/websocket
</VirtualHost>
Just to reiterate, this configuration doesn’t work. It gives me the same symptoms as the previously bad one.
Found my original apache config
<VirtualHost *:443>
ServerName ha.domain.mine
SSLEngine on
ProxyPreserveHost On
ProxyPass / http://192.168.101.9:8123/
ProxyPassReverse / http://192.168.101.9:8123/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://192.168.101.9:8123/$1 [P,L]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/ha.domain.mine/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ha.domain.mine/privkey.pem
</VirtualHost>
Hope it helps 
Thanks aceindy. The differences I noted were that you have ProxyPreserveHost on, which didn’t affect my results, and the 3 lines dealing with Rewriting, which seems to be the operative factor. You also include the Let’s Encrypt options file, which doesn’t seem to affect the results.
You left out the websocket directives and I noticed that removing them from my setup also worked. They don’t seem to be necessary so far.
In short, it’s the rewriting rules that seem to be the important factor.
Thanks!
Here’s my complete apache2 conf file:
<VirtualHost *:80>
ServerAdmin <my e-mail>
ServerName ha.<my domain>
redirect permanent / https://ha.<my domain>/
</VirtualHost>
<VirtualHost *:443>
# SSL
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/<my domain>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<my domain>/privkey.pem
# Basics
ServerName ha.<my domain>
# Proxy
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine On
ProxyPass / http://192.168.1.38:8123/
ProxyPassReverse / http://192.168.1.38:8123/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://192.168.1.38:8123/$1 [P,L]
# Include /etc/letsencrypt/options-ssl-apache.conf
# ProxyPass /api/websocket wss://192.168.1.38:8123/api/websocket
# ProxyPassReverse /api/websocket wss://192.168.1.38:8123/api/websocket
</VirtualHost>
No, i did not, it is just written down i a different way…RewriteCond/RewriteRule are taking care of websocket (ws:)
But glad you got it to work 