We have portainer running successfully on port 80 of the host, so it is available in a browser by ip address or name over http, no port 9000 required. However, we are having trouble now adding to the nginx reverse proxy.

server {
 listen 80;

 location / {
     proxy_http_version 1.1;
     proxy_set_header Connection "";
     proxy_pass http://10.108.150.11/; # ip addr for docker01
 }
 location /api/websocket/ {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
     proxy_http_version 1.1;
     proxy_pass proxy_pass http://10.108.150.11/api/websocket/;
 }
}

The problem seems to rotate around http://10.108.150.11/api/websocket/ giving a 404 in the browser if you try to navigate to this URL directly. Should it be reachable? Can anyone see anything else wrong here?

proxy_pass is entered twice in bottom location block

Cut n paste error?

Yes, but only to this thread! Was fine in the config. Got this working just now in the last half hour actually.

I set up a test reverse proxy in a VM and built the config up again with the one from the FAQ as a base (https://portainer.readthedocs.io/en/stable/faq.html). When I was satisfied it worked, I passed up the chain for the SSL to be added at our organisation’s actual reverse proxy. I think breaking the job into smaller tasks was key, I should have got it working over HTTP first and tested. Working fine now, even have LDAP authentication enabled.

https://<your_url>/api/websocket/ SHOULD give a 404, as the API is not reachable to the end user via the browser. Interestingly, we needed to disable nginx proxy_cache for all /api/websicket/ urls on the reverse proxy otherwise users could not see or interact with their newly created containers for a good 15 minutes! One to remember.