如何让 Amazon 的 ELB 与 HTTPS/SSL 与 Web Sockets 一起工作? [英] How do you get Amazon's ELB with HTTPS/SSL to work with Web Sockets?

问题描述

这现在似乎不起作用.我在 Amazon ELB 后面使用 Faye 和 NodeJS.当我打开 HTTPS 时，无法再代理连接.我在这里发现了一个未回答的问题:https://forums.aws.amazon.com/message.jspa?messageID=283293 .任何人都能够得到这个工作?除了运行我自己的 HAProxy 实例之外，还有其他解决方法吗?

This doesn't seem to be working right now. I'm using Faye with NodeJS behind an Amazon ELB. When I switch on HTTPS the connections can no longer be brokered. I found a question here unanswered: https://forums.aws.amazon.com/message.jspa?messageID=283293 . Anyone able to get this working? Are there any work around outside of running my own instance of HAProxy?

推荐答案

我确认，根据我们自己的测试，在 TCP/SSL 上配置 ELB，而不是 HTTP/HTTPS，可以使用 WebSockets.缺点有两个:

I confirm, based on our own tests, that configuring ELB on TCP/SSL, instead oh HTTP/HTTPS, makes the trick with WebSockets. The drawbacks are two:

1) 正如arturnt 已经指出的，你不能获得粘性.

1) As already pointed by arturnt, you cannot get stickyness.

2) 您将无法检索客户端的身份.您的 WebSocket 服务器看到的原始 IP 将始终是 ELB 之一，并且与 HTTP/HTTPS 配置不同，不会将 X-Forwarded-For 标头添加到请求中.

2) You will lose the ability to retrieve the identity of the clients. The originating IP seen by your WebSocket server will be always the ELB one and, differently from the HTTP/HTTPS configuration, no X-Forwarded-For header will be added to the requests.

2013 年 7 月更新:亚马逊刚刚添加了对代理协议的支持，解决了上述第 2 个问题.使用代理协议，即使 ELB 在 TCP 级别而不是 HTTP 级别工作，也会添加包含客户端原始 IP 的标头.完整详情:http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html

UPDATE July 2013: Amazon has just added support for Proxy Protocol, which solves drawback number 2 above. With the Proxy Protocol, a header containing the client's originating IP is added even when ELB works at TCP level, rather than HTTP. Full details: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html

2016 年 8 月更新:亚马逊刚刚发布了新的 AWS 应用程序负载均衡器，它支持第 7 层的 WebSocket(以及 HTTP/2.0 和基于内容的路由).请参阅 https://aws.amazon.com/it/blogs/aws/new-aws-application-load-balancer/

UPDATE August 2016: Amazon has just announced new AWS Application Load Balancer, which supports WebSocket at Layer 7 (as well as HTTP/2.0 and content-based routing). See https://aws.amazon.com/it/blogs/aws/new-aws-application-load-balancer/

这篇关于如何让 Amazon 的 ELB 与 HTTPS/SSL 与 Web Sockets 一起工作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！