I am using Sophos XG firewall as the reverse proxy. It has Web Application Firewall built in and will terminate the SSL traffic and forward it to the docker container over http. There is one rule on / which enables websocket through.
Unrelated to this current 404 issue, I was having problems previewing pdf and jpg files within Pydio Cells. Sophos XG was logging four suspected vulnerabilities (false positive?) that I had to whitelist in order for the traffic to pass. These items were,
33087 FILE-PDF Foxit Reader remote query string buffer overflow attempt
26281 FILE-PDF Foxit Reader remote query string buffer overflow attempt
26283 FILE-PDF Foxit Reader remote query string buffer overflow attempt
3457 SERVER-WEBAPP TrackerCam overly long php parameter overflow attempt
There is nothing logged in Sophos XG that might explain why I am having trouble with the Application Core pages /a/config/frontend%2Fplugin%2Fcore.pydio so I am not sure what is so special about these.