Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do you get Amazon's ELB with HTTPS/SSL to work with Web Sockets?

Tags:

This doesn't seem to be working right now. I'm using Faye with NodeJS behind an Amazon ELB. When I switch on HTTPS the connections can no longer be brokered. I found a question here unanswered: https://forums.aws.amazon.com/message.jspa?messageID=283293 . Anyone able to get this working? Are there any work around outside of running my own instance of HAProxy?

like image 605
Art Avatar asked Feb 07 '12 22:02

Art

People also ask

Does AWS ALB support SSL?

Application Load Balancers do not support SSL renegotiation for client or target connections. When you create an HTTPS listener, you must select a security policy. You can update the security policy as needed. For more information, see Update the security policy.

Does AWS ALB support TLS?

ALB will automatically choose the optimal TLS certificate for each client. These new features are provided at no additional charge.

What is https in AWS?

This allows clients, such as web browsers, to establish an HTTPS connection with your web server. Then make an HTTPS connection to your web server and verify that it's using the certificate that you configured for SSL/TLS offload with AWS CloudHSM.

1 Answers

I confirm, based on our own tests, that configuring ELB on TCP/SSL, instead oh HTTP/HTTPS, makes the trick with WebSockets. The drawbacks are two:

1) As already pointed by arturnt, you cannot get stickyness.

2) You will lose the ability to retrieve the identity of the clients. The originating IP seen by your WebSocket server will be always the ELB one and, differently from the HTTP/HTTPS configuration, no X-Forwarded-For header will be added to the requests.

UPDATE July 2013: Amazon has just added support for Proxy Protocol, which solves drawback number 2 above. With the Proxy Protocol, a header containing the client's originating IP is added even when ELB works at TCP level, rather than HTTP. Full details: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html

UPDATE August 2016: Amazon has just announced new AWS Application Load Balancer, which supports WebSocket at Layer 7 (as well as HTTP/2.0 and content-based routing). See https://aws.amazon.com/it/blogs/aws/new-aws-application-load-balancer/

like image 58
Alessandro Alinone Avatar answered Oct 13 '22 20:10

Alessandro Alinone
Sign in to Comment

Related questions

How do i do an update statement where a condition
pretty print to a file in ruby
How to change logback log level programmatically in Java? [duplicate]
Android: How to get kernel logs after kernel panic?
How to minify/obfuscate a bash script [closed]
How to show only one image in Django admin inline
How to work with string fields in a C struct?
URL.Action includes id when constructing URL
Eclipse C/C++ Shows Errors but Compiles?
Why are lubridate functions so slow when compared with as.POSIXct?
How to get the line of code that triggers a query?
Why the absolute value of the max negative integer -2147483648 is still -2147483648?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!