For posterity, I briefly answered on Slack.
If you’re doing this in a production type environment the easiest thing might be to put a reverse proxy that does SSL termination in front of the WebSocket server
So you’d have an NGINX process that has SSL termination setup and it would forward things to your WebSocket server which is listening on “vanilla” HTTP.