WebSockets:通过ELB从客户端到Amazon AWS EC2实例 [英] WebSockets: wss from client to Amazon AWS EC2 instance through ELB
问题描述
我如何通过ELB将ssl连接到Amazon FS EC2实例上的GlassFish服务的websocket?
我在GlassFish 4.1中使用Tyrus 1.8.1 b13 pre-release作为我的websocket实现。
端口8080不安全,端口8181以ssl保护。
- ELB dns名称:elb.xyz.com
- EC2 DNS名称:ec2.xyz.com
- websocket路径:/ web / socket
我已成功使用ws& wss直接连接到我的EC2实例(绕过我的ELB)。即以下两个网址工作:
- ws://ec2.xyz.com:8080 / web / socket
- wss://ec2.xyz.com:8181 / web / socket
我已成功使用ws non-ssl)通过使用tcp 80> tcp 8080侦听器在我的ELB上。即以下网址:
- ws://elb.xyz.com:80 / web / socket
然而,我还没有找到通过我的ELB使用wss的方法。
我已经尝试了很多东西。
我假设通过我的ELB获取wss的最可能方式是在我的ELB上创建一个tcp 8181> tcp 8181侦听器启用代理协议并使用以下URL:
不幸的是,这不起作用。我想我可能必须在glassfish上启用代理协议,但是我一直无法知道如何做到这一点(或者如果可能,或者需要wss来处理我的ELB)。
另一个选项可能是以某种方式让ws或wss运行在ELB上终止的ssl连接,并通过使用ssl> tcp 8080监听程序继续解除对glassfish的不安全感。这也不适用于我,但也许一些设置是不正确的。
有人对我的两个上述试验有任何修改。或者是否有人有其他建议?
谢谢。
我有一个类似的设置,最初配置我的ELB侦听器,如下所示:
- HTTP 80 HTTP 80
- HTTPS 443 HTTPS 443
/ b>
虽然这对网站本身运行正常,但websocket连接失败。在监听器中,您需要允许所有安全的TCP连接,而不仅限于SSL,以允许wss通过:
- HTTP 80 HTTP 80
- SSL(安全TCP)443 SSL(安全TCP)443
也建议提高ELB的空闲超时。
How can I connect over ssl to a websocket served by GlassFish on an Amazon AWS EC2 instance through an ELB?
I am using Tyrus 1.8.1 in GlassFish 4.1 b13 pre-release as my websocket implementation.
Port 8080 is unsecured, and port 8181 is secured with ssl.
- ELB dns name: elb.xyz.com
- EC2 dns name: ec2.xyz.com
- websocket path: /web/socket
I have successfully used both ws & wss to connect directly to my EC2 instance (bypassing my ELB). i.e. both of the following urls work:
- ws://ec2.xyz.com:8080/web/socket
- wss://ec2.xyz.com:8181/web/socket
I have successfully used ws (non-ssl) over my ELB by using a tcp 80 > tcp 8080 listener. i.e. the following url works:
- ws://elb.xyz.com:80/web/socket
I have not, however, been able to find a way to use wss though my ELB.
I have tried many things.
I assume that the most likely way of getting wss to work through my ELB would be to create a tcp 8181 > tcp 8181 listener on my ELB with proxy protocol enabled and use the following url:
- wss://elb.xyz.com:8181/web/socket
Unfortunately, that does not work. I guess that I might have to enable the proxy protocol on glassfish, but I haven't been able to find out how to do that (or if it's possible, or if it's necessary for wss to work over my ELB).
Another option might be to somehow have ws or wss run over an ssl connection that's terminated on the ELB, and have it continue unsecured to glassfish, by using an ssl > tcp 8080 listener. That didn't work for me, either, but maybe some setting was incorrect.
Does anyone have any modifications to my two aforementioned trials. Or does anyone have some other suggestions?
Thanks.
解决方案I had a similar setup and originally configured my ELB listeners as follows:
- HTTP 80 HTTP 80
- HTTPS 443 HTTPS 443
Although this worked fine for the website itself, the websocket connection failed. In the listener, you need to allow all secure TCP connection as opposed to SSL only to allow wss to pass through as well:
- HTTP 80 HTTP 80
- SSL (Secure TCP) 443 SSL (Secure TCP) 443
I would also recommend raising the Idle timeout of the ELB.
这篇关于WebSockets:通过ELB从客户端到Amazon AWS EC2实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
