I am trying to configure Digital Ocean native Load Balancer for distributing websockets traffic. I set the rule:
While trying to connect over load balancer, I am getting:
VM915:1 WebSocket connection to 'ws://{loadbalancerip}:8443/' failed: Connection closed before receiving a handshake response
.
Direct connection works just fine.
So how can I configure load balancer for balancing websockets traffic?
DigitalOcean Load Balancers DigitalOcean Load Balancers are a fully-managed, highly available network load balancing service. Load balancers distribute traffic to groups of Droplets, which decouples the overall health of a backend service from the health of a single server to ensure that your services stay online.
The load balancer knows how to upgrade an HTTP connection to a WebSocket connection and once that happens, messages will travel back and forth through a WebSocket tunnel. However, you must design your system for scale if you plan to load balance multiple WebSocket servers.
How does Cloudflare's DNS-based load balancing work? Cloudflare Load Balancing is a DNS-based load balancing solution that actively monitors server health via HTTP/HTTPS requests. Based on the results of these health checks, Cloudflare steers traffic toward healthy origin servers and away from unhealthy servers.
When you create a new Load Balancer, or when managing an existing one, you can activate Proxy Protocol by checking a box in the “Advanced settings” section. If you're automating management of your infrastructure, you can also toggle the Proxy Protocol setting via our Load Balancer API.
As far as it looks like Digital Ocean Load Balancer doesn't support websockets out of the box, I had to purchase a small instance and configure on it Nginx for balancing incoming traffic between 3 local machines.
Here is possible config for Nginx, which allows you to balance wss
traffic forwarded to 8443 port from Cloudflare:
upstream wss {
# Clients with the same IP are redirected to the same backend
# ip_hash;
# Available backend servers
server 228.228.228.1:8443 max_fails=3 fail_timeout=30s;
server 228.228.228.2:8443 max_fails=3 fail_timeout=30s;
server 228.228.228.3:8443 max_fails=3 fail_timeout=30s;
}
server {
listen 8443 ssl default_server;
listen 443 ssl default_server;
listen [::]:8443 ssl default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
underscores_in_headers on;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# switch off logging
access_log off;
try_files $uri $uri/ =404;
# redirect all HTTP traffic to wss
proxy_pass https://wss;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTP_CF_IPCOUNTRY $http_cf_ipcountry;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Path rewriting
rewrite /wss/(.*) /$1 break;
proxy_redirect off;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With