Fork me on GitHub
#aws
<
2016-01-24
>
luposlip17:01:40

Anyone managed to setup a Clojure app with Sente (https://github.com/ptaoussanis/sente/) based web sockets with AWS ELB in front?

luposlip17:01:58

In my setup with HTTPS the browser never connects the web socket, and best case (without the SSL endpoint encryption) the server returns status 200 ok instead of 101 (changing protocols).

luposlip17:01:42

..considering installing nginx and completely dropping the ELB

jaen17:01:18

IIRC ELB cannot into websockets

jaen17:01:06

At best you can do a pass-through the load balancer

luposlip17:01:25

Couldn’t get the pass-through to work, but will look at your link, thanks @jaen.

luposlip17:01:07

What setup would you suggest - ELB on port 80 through to a nginx with SSL, reverse proxying to the application?

luposlip17:01:11

Or no ELB at all?

jaen17:01:39

I think I got to work with my previous Ruby+node/socket.io project, but can't check how it was setup now unfortunately. It was done similarly to the link above and it worked, so this hopefully should work for you.

jaen17:01:45

Depends if you plan to scale easily.

jaen17:01:03

If you do, then it makes sense to either a) keep using ELB, b) consider setting up something like HAProxy

jaen17:01:26

And you can terminate SSL on ELB if you want, I think.

jaen17:01:54

Though I think I was doing what you described and terminating SSL with nginx on the same machine Ruby was running on.

luposlip17:01:21

Yes, but I don’t think SSL termination on ELB works with websockets (as far as I’ve been able to read out there).

luposlip17:01:34

Well, on to the link simple_smile

jaen17:01:49

As I understand, though it's been a while - you can terminate SSL on the ELB, but you can't do anything HTTP/WSS-specific (like adding headers), since you proxy on the transport layer (and I just may be mistaken and TLS is negotiated above that level, then you would be right).

jaen17:01:42

Ha, and you seem to be right, TLS works on the layer above transport. My bad.

luposlip17:01:24

Please bear in mind I’m sort-of a newbie with most of AWS. Have been using EC2 for a while, but not ECS/ELB etc.

luposlip17:01:45

Could it be an idea to install nginx reverse proxy directly in my container instance running my app?

jaen18:01:04

Yup, I guess you could, and then just register that endpoint in ELB.

jaen18:01:47

A thing to keep in mind - ELB treats only a direct 200 as a healthy instance. In particular a 3xx to a URL serving a 2xx will be considered unhealthy.

jaen18:01:39

I've had to add a specific conditional for ELB in my nginx config.

jaen18:01:46

# if you're not ELB then here, have a redirect
if ($http_user_agent !~* "ELB-HealthChecker") {
    rewrite ^(.*) $scheme://<%= fetch(:site_domain) %>$1 permanent;
}

luposlip23:01:15

Great news! The AWS ELB can actually be used with web sockets, if you set it to Secure TCP -> TCP instead of HTTPS -> HTTP. So everything works now, out of the box, no need for nginx or other low level tricks for SSL termination! simple_smile