Hi Ross,
I don't know much about AWS and ELB, but.. Tyrus is integrated to
Glassfish via Servlet layer, so if standard request can reach Glassfish,
websocket upgrade request should be able to reach it too.
I haven't found anything specific to websocket in ELB manual, but that
does mean it does not need additional configuration. You might want to
ask on sone ELB/AWS forum, since it seems that you are dealing with
configuration issue - I believe that Glassfish does not need to know
about the real origin of the connection (in terms of tcp address and
port), so there should not be anything special required on appserver side.
Only issue I can see is the SSL part of your scenario, especially if you
use certificate authentication. Again, this is more AWS/ELB config issue
and does not really have anything to do with Tyrus - it should be
similar to any other requests.
Anyway, if you manage to solve your problem, feel free to post the
solution (or link to your blogpost) here, it might be useful for others..
Thanks,
Pavel
On 07/09/14 23:01, Ross Goldberg wrote:
> How can I allow a web socket client to connect to tyrus 1.8.1 on
> glassfish 4.1 b13 using wss through a load balancer (specifically an
> amazon aws elb)?
>
> ws works properly through the elb, and both ws & wss work when
> connecting directly to the glassfish server (circumventing the elb).
>
> When I try to open a web socket using wss from chrome to glassfish
> through my elb, however, I get the following error in the chrome
> developer console:
>
> WebSocket connection to 'wss://<host>:<port>/<path>' failed: Error in
> connection establishment: net::ERR_TIMED_OUT
>
> Where <host>, <port> & <path> are the host, port & path of my web
> socket server endpoint, respectively.
>
> My elb can accept connections from the client as either: http, https,
> tcp, or ssl.
>
> It can also connect to my glassfish server using one of those four
> protocols.
>
> ws works through the elb using: client > tcp > elb > tcp > glassfish
>
> ws does not work through the elb using other protocol combinations
> that I've tried (but I haven't tried all 16 combinations).
>
> Should I also use (client > tcp > elb > tcp > glassfish) to pass wss
> from the client through the elb to glassfish, and terminate the ssl
> connection on glassfish rather than on the elb? (I assume that this
> is correct, but I could be wrong)
>
> The other option would be to terminate the client ssl connection on
> the elb, and to either communicate between the elb & glassfish using a
> different ssl connection, or to not encrypt between the elb & glassfish.
>
> I have setup the proxy protocol on the elb, so that glassfish can
> obtain the actual ip address of the client instead of the ip address
> of the elb, which might be necessary to establish ssl from the client
> to glassfish through the elb.
>
> I do not know if glassfish / tyrus will automatically read the client
> ip address from the proxy protocol header instead of the ip address of
> the elb, or if I must configure glassfish and/or tyrus to use the
> proxy protocol.
>
> I can supply more information if you need it.
>
> Thanks.