For people who are using Apache HTTPd instead of Nginx as the reverse proxy, the following configuration should work:
ProxyPass "/xwiki/websocket" "ws://localhost:8080/wiki/websocket"
<Location /xwiki/websocket>
ProxyPreserveHost On
RequestHeader set "X-Forwarded-Proto" "expr=%{REQUEST_SCHEME}"
# We unset the X-Forwarded-* headers that might have been received
# from the client. If we did not, a client might spoof these headers
# and there original values would be included in the values that we
# send to the upstream server. By unsetting them, we can be sure
# that the values received by the upstream server are fully
# controlled by this reverse proxy.
RequestHeader unset "X-Forwarded-For"
RequestHeader unset "X-Forwarded-Host"
RequestHeader unset "X-Forwarded-Server"
</Location>
Please note that mod_proxy_wstunnel must be loaded in order for this to work and the ProxyPass line must appear before the ProxyPass line for /xwiki. This can be combined with the AJP connector for proxying regular requests, e.g.
ProxyPass /xwiki ajp://localhost:8009/xwiki
but AJP cannot be used for WebSocket requests, so the HTTP connector must be enabled in parallel and used for the WebSocket requests.