This is a template of configurations to configure your Apache2 service to proxy the Cockatrice websocket server. Many of the details are glossed over unlike the SSL Websockets - NGINX article.

In order for us to accept websocket connections, we have to configure Servatrice to accept them:

[server]
; Servatrice can listen for clients on websockets, too. Unfortunately it can't support more than one thread.
; Set to 0 to disable the websocket server.
websocket_number_pools=1

; The TCP port number servatrice will listen on for websocket clients; default is 4748
websocket_port=4748

We now need to tell servatrice where to find the real IP of the connecting client. Since we are proxying via Apache, the real address can be found in the X-Forwarded-For header. You will need to add this line to your servatrice.ini

; The header to check for the client's actual IP address
web_socket_ip_header="X-Forwarded-For"

Start of by creating a regular subdomain configuration via apache2 and set it up with Cert Bot for SSL certificates. This should generate a apache VirtualHost configuration with the Lets Encrypt configuration setup somewhere around /etc/apache2/sites-available.

Enable the proxy engines we will be using:

$ a2enmod proxy
$ a2enmod proxy_http
$ a2enmod proxy_wstunnel

Now in your new VirtualHost, add the RewriteEngine rules to rewrite upgrade connects, and the ProxyPass rule to proxy WS traffic:

  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://localhost:4748/$1 [P,L]

  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass "/servatrice" "ws://localhost:4748/servatrice"
  ProxyPassReverse "/servatrice" "ws://localhost:4748/servatrice"

Note that we are redirecting the traffic /servatrice to ws://localhost:4748/servatrice. The game server is hosted in the /servatrice folder. If you want to be fancy, you can make all traffic auto route to this folder with a slight change of the ProxyPass, but this might interfere if you have a website also running on that route (self-hosted webatrice for example)

Aaaand done. Simply restart your servatrice and apache2 configuration for it to apply. A full VirtualHost module may look something like:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin [email protected]
    ServerName mtg.chickatrice.net

    DocumentRoot /var/www/mtg.chickatrice.net/
    ErrorLog ${APACHE_LOG_DIR}/mtg.error.log
    CustomLog ${APACHE_LOG_DIR}/mtg.access.log combined

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*)           ws://localhost:4748/$1 [P,L]

# Disabled: We only need to rewrite WS requests to servatrice
#    RewriteCond %{HTTP:Upgrade} !=websocket [NC]                  
#    RewriteRule /(.*)           http://localhost:4748/$1 [P,L]

    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass "/servatrice" "ws://localhost:4748/servatrice"
    ProxyPassReverse "/servatrice" "ws://localhost:4748/servatrice"

SSLCertificateFile /etc/letsencrypt/live/mtg.chickatrice.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mtg.chickatrice.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

( dont blindly copy above, this is a mix of auto-generated and site specific configuration )