Thanks so much for this!
Having just upgraded my firmware from 2.2.8.x to 2.2.9.x, this issue suddenly became relevant to me since even locally I use most locally hosted services through reverse proxy with LE ssl because no everyone can/should trust the LAN and with browsers aiming to eliminate or at least highly restrict unencrypted communication altogether anyway it doesn't make sense why the protocol and hostname would be hardcoded in the dashboard links and source.
One thing that threw me was that it seems the substitutions are no longer valid?
Using the rest of your vhost I changed the substitutions from:
to
Substitute "s|http://hubitat||"
Substitute "s|hubURL: \"hubitat\"|hubURL: window.location.host|"
since it appears the localIp variable is no longer used and a similar protocol/host scheme has been put in place, though it doesn't account for what it thinks should be a hardcoded local http/:80 scheme when it's local (seemingly determined on the backend by subnet/local dns).
Really looking at what was in previous firmware compared to what you wrote, and what is now, just seems purposeful to force one to subscribe to the cloud service when everything is pretty much in place otherwise to work behind a reverse proxy.
The simple notion of "if local, write urls as relative and use the client request host/protocol" seems to be deliberately ignored/avoided especially with the immediate resistance (Proper reverse tunnel support? @patrick's response) and lack of fundamental understanding of how simple it can be makes the whole thing seem more purposeful to specifically stifle using your own "cloud"-y alternative considering that configuring HE in depth is already not a task for the average user to undertake since the UI is relatively clunky for a reactive style app.
Thanks again! hope this helps someone as well.
