Laravel Websockets Apache2 ReverseProxy setup

Create a subdomain for websockets. Then edit your virtualhost configs (Apache 2.4) as such:

<VirtualHost *:443>    ServerAdmin admin@example.com    ServerName socket.website.com    <Proxy *>        Require all granted        Allow from all    </Proxy>    SSLEngine on    SSLProxyEngine on    SSLProxyVerify none    SSLProxyCheckPeerCN off    SSLProxyCheckPeerName off    SSLProxyCheckPeerExpire off    RewriteEngine on    RewriteCond %{HTTP:Upgrade} =websocket [NC]    RewriteRule .* wss://127.0.0.1:6001%{REQUEST_URI} [P]    ProxyPass / ws://127.0.0.1:6001    ProxyPassReverse / ws://127.0.0.1:6001    SSLCertificateFile /etc/letsencrypt/live/socket.website.com/fullchain.pem    SSLCertificateKeyFile /etc/letsencrypt/live/socket.website.com/privkey.pem    Include /etc/letsencrypt/options-ssl-apache.conf</VirtualHost>

broadcasting.php

    'pusher' => [        'driver' => 'pusher',        'key' => env('PUSHER_APP_KEY'),        'secret' => env('PUSHER_APP_SECRET'),        'app_id' => env('PUSHER_APP_ID'),        'options' => [            'cluster' => env('PUSHER_APP_CLUSTER'),            'host' => '127.0.0.1',            'encrypted' => true,            'port' => 6001,            'scheme' => 'https',            'curl_options' => [                CURLOPT_SSL_VERIFYHOST => 0,                CURLOPT_SSL_VERIFYPEER => 0,            ]        ],    ],

websockets.php

'dashboard' => [    'port' => env('LARAVEL_WEBSOCKETS_PORT', 443) // <- we changed this to 443],'apps' => [    [        'id' => env('PUSHER_APP_ID'),        'name' => env('APP_NAME'),        'key' => env('PUSHER_APP_KEY'),        'secret' => env('PUSHER_APP_SECRET'),        'enable_client_messages' => true,        'enable_statistics' => true,        'encrypted' => true,        'host' => env('WEBSOCKETS_URL') // for dashboard    ],],'allowed_origins' => [    parse_url(env('APP_URL'))['host']],'statistics' => [    ...    'perform_dns_lookup' => true, // For statistics to work    ...],'ssl' => [    'local_cert' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT', null),    'local_pk' => env('LARAVEL_WEBSOCKETS_SSL_LOCAL_PK', null),    'passphrase' => null,    'verify_peer' => false],

.env

WEBSOCKETS_URL=socket.website.comLARAVEL_WEBSOCKETS_SSL_LOCAL_CERT=/etc/letsencrypt/live/socket.website.com/fullchain.pemLARAVEL_WEBSOCKETS_SSL_LOCAL_PK=/etc/letsencrypt/live/socket.website.com/privkey.pem

/etc/supervisord.d/websockets.conf

[program:websockets]command=php /var/www/html/website.com/artisan websockets:serve --host=127.0.0.1 --port=6001process_name=websocketsnumprocs=1autostart=trueautorestart=true

Echo

window.Echo = new Echo({    broadcaster: 'pusher',    key: window["MIX_PUSHER_APP_KEY"], // <- from .env    wsHost: window["WEBSOCKETS_URL"], // <- from .env    wsPort: 80,    wssPort: 443,    disableStats: true,     enabledTransports: ['ws', 'wss']});

@max: your rewrite rules were the key, also applies when the proxy just forwards the unencrypted traffic and apache is handling ssl to the outside, replacing wss with ws then - after one day of fiddling its finally working!

edit: not enough reputation for a comment , sorry