Hmm. Can you post the full output of the ‘bad handshake’ error? Which layer is generating the error - client, Caddy, backend?
Yes, websockets are meant to be automatically proxied.
Transparency isn’t automatic, though. You’ll need to add those headers yourself. The example at the end of the reverse_proxy docs page shows how:
reverse_proxy localhost:9000 { header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} header_up X-Forwarded-Proto {scheme} }
In fact, you don’t even need that named matcher because you’re not doing anything different with your websocket connection, they’re going to the exact same place as everything else in that config (localhost:4124). The matcher doesn’t modify the request in any way, it just singles out websocket connections so you can do something specific with them.