https://code.onedev.io runs with a LetsEncrypt certificate, and I can connect the agent to this https url with the provided docker command.

What error message get printed at your side?

Also please try with the official agent to see if it works.

I tried with both the docker agent and the bare-metal agent. Both of them produced the same error. The exact error is below, but I changed the url.

Launching a JVM...
WrapperManager: Initializing...
17:14:00 INFO  io.onedev.agent.Agent - Cleaning temp directory...
17:14:01 INFO  io.onedev.agent.Agent - Connecting to https://example.com...
17:14:02 ERROR io.onedev.agent.AgentSocket - Websocket error
org.eclipse.jetty.websocket.api.UpgradeException: Failed to upgrade to websocket: Unexpected HTTP Response Status Code: 400 Bad Request
	at org.eclipse.jetty.websocket.client.WebSocketUpgradeRequest.onComplete(WebSocketUpgradeRequest.java:537)
	at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:218)
	at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:210)
	at org.eclipse.jetty.client.HttpReceiver.terminateResponse(HttpReceiver.java:481)
	at org.eclipse.jetty.client.HttpReceiver.terminateResponse(HttpReceiver.java:461)
	at org.eclipse.jetty.client.HttpReceiver.responseSuccess(HttpReceiver.java:424)
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.messageComplete(HttpReceiverOverHTTP.java:365)
	at org.eclipse.jetty.http.HttpParser.handleContentMessage(HttpParser.java:591)
	at org.eclipse.jetty.http.HttpParser.parseContent(HttpParser.java:1716)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1545)
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.parse(HttpReceiverOverHTTP.java:204)
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:144)
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:79)
	at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:131)
	at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:172)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
	at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:137)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
	at java.lang.Thread.run(Thread.java:748)

Have you forwarded websocket traffic as explained in reverse proxy setup?

https://code.onedev.io/projects/162/files/main/pages/reverse-proxy-setup.md

If still not work, please let me know detail steps to reproduce.

I did not see that reverse proxy setup guide before. Thank you for pointing me to it. It seems to have fixed my issue.