My Home-Assistant (HA) installation is on a Raspberry Pi 4. It works perfectly well locally.
My internet connection is via Carrier Grade NAT 
I decided to circumvent this barrier by use of an Apache server running a reverse proxy setup.
HA on Pi 4 > Pi 4 that delivers HA local site via SSH to aws > aws runs Apache server
I send the web site from my Pi via SSH using the ‘autossh’ appplication. This works absolutely fine when using Nextcloud and also Domoticz. However, I want to use HA instead of Domoticz.
I can get the login screen via my domain name (aws server) but, when I try to log in, I am presented with a ‘Try again’ screen.
On the local login of HA the notifications show there has been an unsuccessful login attempt but via another Raspberry Pi that is sending the HA web site to aws.
I have looked through the forum posts on this and tried a number of things, totally unsucessfully, to solve the problem. Also, posts go out of date as HA is updated. I tried,also, setting various combinations of internal and external URLs, via the HA configuration, to no avail. Below is the Apache config file that works perfectly on Nextcloud but, as stated above, does not fully work with HA. Any help would be appreciated.
ServerAdmin webmaster@localhost ServerName ha.mydomain.com
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:2060/
ProxyPassReverse / http://127.0.0.1:2060/
<Location />
Order allow,deny
Allow from all
</Location>
SSLCertificateFile /etc/letsencrypt/live/nc.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nc.mydomain.com/privkey.pem