Nginx

How to provide access to internal sites to an authorized user from a Rails application?

Let's say there is some physical device. He has his own web application. This application is only accessible locally from the machine where the main Rails application is deployed. The challenge is to allow authorized users of the application to walk around this web application.
That is, authorized users can visit sites that only the Rails application itself can visit. How it is possible to competently organize proxying?
The first thing that comes to mind is the usual Net::HTTP and rendering of the resulting pages.
First, we give the user the main page of the site (a request by the rest client and a response render). Then this page starts loading its files (styles, scripts, etc.). All of them go to one controller, which also makes a request to the internal site and returns pages with all the headers, etc.
The problem arises when the site has WebSockets or other technologies. Here it is already necessary to raise the reverse WS proxy and give requests to it.
Has anyone encountered similar? Is there any efficient solution? Can this be done with nginx? But then the question arises of authorization in rails through nginx. There are a lot of devices and each has 6-7 web applications