Wow… okay… It appears I was somehow missing the following lines in the port 443 listener of my sites-enabled file:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Authorization "";
Added these in, restarted nginx, et voila! Remote connection now works.
I have no idea how I missed this (pretty certain I was using a copy and paste of the full example at the bottom of the example page) but it was enough to break this thing…
Thank you SO MUCH for the time and examples and research you put into this, @justaoldman - I’m really grateful for the time you volunteered to help troubleshoot such a silly oversight. I wish I had figured this out days ago but I’m grateful for the lessons learned.