Nginx reverse proxy issue with authentication

I’m trying to setup my Home Assistant to use an NGINX Proxy which deals with SSL & authentication. Visiting my custom URL, results in a question for user/pass from my browser., Once entered, the interface shows. All good!

However, if I go to Config > General and change the language to English, close the browser and re-open it I’m confronted with an immediate 401 from nginx and not even a prompt for credentials.

This appears to be happening as soon as there is any local storage on my device but also when I enable push notifications. “Forgetting” the website and refreshing results in me getting a prompt and everything working again.

This problem seems to limit itself to my mobile (Android 8.0 with Chrome), on the desktop it seems to work just fine strangely.

I’m not on the latest HA so I can’t test the language settings, but did you add all of the proxy related stuff as noted on this page?

Also, for html5 push notifications, /manifest.json can’t be behind basic auth when enabling/disabling push notifications for a device. On my own setup both /manifest.json and /api/notify.html5/callback are not behind basic_auth for full html5 push notification functionality.

The config is (more or less) the same, the important parts are there. The normal HA interface works (including websockets), but as soon as authentication is added the thing falls apart. Very odd.

I have excluded manifest.json and the endpoints for html5 + google assistant from the basic auth (read: there is a separate location block for these). For Google Assistant this works fine.

Yet, for some reason it doesn’t. An odd thing I see is that some kind of service_worker.js is being loaded from (what appears to be) my HA server but seems to originate from my browser?