Skip to content

Instantly share code, notes, and snippets.

@5290charlie
Forked from zhiguangwang/websocket-elb.md
Created April 14, 2017 23:53
Show Gist options
  • Save 5290charlie/7e9f351c355403a7c56163a0f3ea1d5d to your computer and use it in GitHub Desktop.
Save 5290charlie/7e9f351c355403a7c56163a0f3ea1d5d to your computer and use it in GitHub Desktop.
Configure websockets behind an AWS ELB.

Websockets behind AWS ELB

Nginx

See Configuring NGINX to accept the PROXY Protocol - NGINX

upstream wsserver {
    server 127.0.0.1:9000;
}

server {
    # proxy_protocol is necessary,
    # if we want info of the client from ELB
    listen 80 proxy_protocol;

    location / {
        proxy_pass http://wsserver;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";

        proxy_set_header Host            $host;
        proxy_set_header X-Real-IP       $proxy_protocol_addr;
        proxy_set_header X-Forwarded-For $proxy_protocol_addr;
        
        # Very important, controls proxied websocket connection timeout
        proxy_read_timeout 600s;
    }
}

ELB

Use SSL (Secure TCP) for Load Balancer Protocol and TCP for Instance Protocol.

Use the following AWS CLI commands to configure proxy protocol on an ELB:

To create a ELB policy that enables proxy protocol

aws elb create-load-balancer-policy \
    --load-balancer-name $ELB \
    --policy-name $ELB-proxy-protocol \
    --policy-type-name ProxyProtocolPolicyType \
    --policy-attributes AttributeName=ProxyProtocol,AttributeValue=True

To check the created policy

aws elb describe-load-balancer-policies \
    --load-balancer-name $ELB \
    --policy-names $ELB-proxy-protocol

To attach the policy to ELB

Note the --instance-port parameter.

aws elb set-load-balancer-policies-for-backend-server \
    --load-balancer-name $ELB \
    --instance-port 80 \
    --policy-names $ELB-proxy-protocol

To detach the policy from ELB

aws elb set-load-balancer-policies-for-backend-server \
    --load-balancer-name $ELB \
    --instance-port 80 \
    --policy-names []

To check if policy is attached to the ELB

aws elb describe-load-balancers \
    --load-balancer-name $ELB \
    --query LoadBalancerDescriptions[0].BackendServerDescriptions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment