Still wasn’t working but I was able to get it going, in a slightly different way. The docs for my websocket server were updated with some more information on using TLS.
I didn’t enable TLS on the websocket server but left it on caddy and proxied as needed, here is my updated caddy file. At this point
{
debug
}
http://gitlab.listech.on.ca:80 {
reverse_proxy http://172.17.63.3:80
tls internal
}
staging.h1.listech.on.ca {
@ws {
header Connection *Upgrade*
header Upgrade websocket
}
reverse_proxy 172.17.63.4
reverse_proxy @ws http://172.17.63.2:6001
tls /certs/h1/certificate.crt /certs/h1/private.key
}