How can I allow a web socket client to connect to tyrus 1.8.1 on glassfish
4.1 b13 using wss through a load balancer (specifically an amazon aws elb)?
ws works properly through the elb, and both ws & wss work when connecting
directly to the glassfish server (circumventing the elb).
When I try to open a web socket using wss from chrome to glassfish through
my elb, however, I get the following error in the chrome developer console:
WebSocket connection to 'wss://<host>:<port>/<path>' failed: Error in
connection establishment: net::ERR_TIMED_OUT
Where <host>, <port> & <path> are the host, port & path of my web socket
server endpoint, respectively.
My elb can accept connections from the client as either: http, https, tcp,
or ssl.
It can also connect to my glassfish server using one of those four
protocols.
ws works through the elb using: client > tcp > elb > tcp > glassfish
ws does not work through the elb using other protocol combinations that
I've tried (but I haven't tried all 16 combinations).
Should I also use (client > tcp > elb > tcp > glassfish) to pass wss from
the client through the elb to glassfish, and terminate the ssl connection
on glassfish rather than on the elb? (I assume that this is correct, but I
could be wrong)
The other option would be to terminate the client ssl connection on the
elb, and to either communicate between the elb & glassfish using a
different ssl connection, or to not encrypt between the elb & glassfish.
I have setup the proxy protocol on the elb, so that glassfish can obtain
the actual ip address of the client instead of the ip address of the elb,
which might be necessary to establish ssl from the client to glassfish
through the elb.
I do not know if glassfish / tyrus will automatically read the client ip
address from the proxy protocol header instead of the ip address of the
elb, or if I must configure glassfish and/or tyrus to use the proxy
protocol.
I can supply more information if you need it.
Thanks.