Apache

Enable at least the following mods using a2enmod:

ssl
proxy
proxy_http
proxy_balancer
proxy_wstunnel
rewrite

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName <sub>.<domain>.<tld>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    ProxyPreserveHost On
    ProxyPass / http://localhost:<audiobookshelf_port>/
    RewriteEngine on
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/?(.*) "ws://localhost:<audiobookshelf_port>/$1" [P,L]

    SSLCertificateFile /path/to/cert/file
    SSLCertificateKeyFile /path/to/key/file
</VirtualHost>
</IfModule>

Apache ≥ 2.4.47

If using Apache 2.4.47 or newer, you can use the following, without any RewriteEngine directives:

<Location /audiobookshelf>
    ProxyPreserveHost on
    ProxyPass http://localhost:<audiobookshelf_port>/audiobookshelf upgrade=websocket
    ProxyPassReverse http://localhost:<audiobookshelf_port>/audiobookshelf
</Location>

Let's Encrypt ACME Challenge

Some SSL certificates like those signed by Let's Encrypt require ACME validation.
To allow Let's Encrypt to write and confirm the ACME challenge, edit your VirtualHost definition to prevent proxying traffic that queries /.well-known and instead serve that directly:

<VirtualHost *:443>
    # ...

    DocumentRoot /path/to/local/directory

    ProxyPreserveHost On
    ProxyPass /.well-known !
    ProxyPass / http://localhost:<audiobookshelf_port>/

    # ...
</VirtualHost>

Apache ≥ 2.4.47​

Let's Encrypt ACME Challenge​

Apache ≥ 2.4.47

Let's Encrypt ACME Challenge