Thanks for replying to my thread Julian.
The WebSockets part is all working fine if I remove the basic authentication. The TLS settings are defined in my modern-tls.conf included file - this is taken from the very handy Mozilla SSL Configuration Generator.
The second link you gave is someone using JWT and nginx's auth_request. I suspect this is the method that is most like to work (otherwise how does anyone ever secure WebSockets). However it just seems massively overkill when all I want to do is protect a website something that only one person uses (me!).
I guess my main question was not what is wrong with my nginx config but has anyone else solved the general problem in a different way? It does seem that I am the only one trying to do this!
I will probably just go back to using client certs again and accept that it doesn't work in Safari.
