I have to migrate an app that needs to send data encrypted between public network and AWS. Currently it uses stunnel client and the server end sits on a DMZ and acts as a web proxy ( terminating the SSL and redirecting port 443 to 8085)
In short I would like the load balancer to handle stunnel traffic from the client ( or some other non-native encrypted traffic) and then redirect to a server in the private
Thanks
Related
According to the AWS documentation, "WebSockets and Secure WebSockets support is available natively and ready for use on an Application Load Balancer."
However, when I select Application Load Balancer in EC2, I don't have any option other than HTTP and HTTPS:
I would like to use the secure websocket protocol (wss://) which I believe would be over TLS:8888.
How can I input this option?
The solution was to use HTTPS for the listener protocol, even though the browser is making requests to wss://.
For port number, configuring both the listener and environment instance to port 8888 works.
I've created a server using c++ and crow that uses webSockets to communicate with the client (which is an ionic app). I've been do everything through localhost but now I want to deploy the webapp to my iphone and have it communicate with the server. How do I get the URL for the server for the client to use in it's websocket so it can talk to the server?
In most cases when you want to host it for production you would upload it to a hosting provider (e.g. Azure, AWS, Heroku...).
Once you set up a server with the hosting provider they will provide you with the IP address and/or a URL to connect to the hosted service which you can use in your application.
Well, if your server is like webhost,VPS,CLOUD,or dedicated server, it has static ip address which you can use in your client websocket as the address. Also, the better approach is to point a domain name to the ip address of the server (or host) so that your client can always find the server.
In case you are trying to connect it to your local machine behind a router or modem, then your server might be behind NAT. Find appropriate port-forwarding configuration for your router and forward incoming and outgoing TCP public ports to your local address. then use your public ip address for websocket address (what is my ip).
Also, in case your public ip address is dynamic and might change over time, there are services like noip.com that help you create a free domain and use it in your client which helps you find the right ip address all the time.
I have a springboot web application that is running in an AWS EC2. The application is running behind a classic ELB. I am using HTTPS between the client and the ELB so traffic coming in on port 443 is being routed to port 8080 I have deployed the certificate to the ELB.
In the same application I have an embedded ActiveMQ running on port 61616. It is running as part of the JVM. Clients connect to it using TCP (TCP://domain.com:61616).
I want the client to connect to my AMQ using SSL similar to the way they connect to the application (through HTTPS).
I have added a listener to the ELB where the client connects to the ELB using SSL (SSL://domain.com:61616) and the ELB routes to the internal port using TCP and I have deployed the same certificate to the ELB as the one I used for the application. for example here is what I have:
Basically I want to use SSL between the client and the ELB and TCP from ELB to the instance.
Why this doesn't work? when I try to connect using openssl
openssl s_client -connect domain.com:61616
I get the following:
`CONNECTED(00000003)
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 247 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---`
Why I cannot use a different port other than 443 to use SSL?
I developed our websocket project on wildfly. When we test it on localhost or within our local network, everything work fine. But when I deployed it on AWS, websocket don't work any longer. We can access other html pages. But when we conenct to "ws://ip/project location ", chrome just says hand shake error. I have experienced the same web socket problem on jelastic hosting too. My question is
Why it is happening like this?
Is websocket protocol not stable enough?
Is there any suitable hosting for websocket projects in java?
So far balancers don't forward websocket headers. To make WS working you must have a public IP address and no other services in front of your application.
I suggest you try deploying to the cloud provider : Heroku - their sample app code using node.js and websockets will get you up and running quickly. A locally running websocket app which uses a specific port - say 8888 will run fine on heroku with :
var port = process.env.PORT || 8888;
as heroku internally will deploy your app with a run-time generated port visible via PORT .
If you are using node.js with websockets I suggest using the einaros ws implementation
var WebSocketServer = require("ws").Server;
which seamlessly handles the notion of ws port -vs- the http port
Currently ELB doesn't support Websocket in HTTP mode. To be able to handle Websocket you need to configure the ELB in tcp mode (the payload of the tcp connection will be send directly to the server, so the ELB doesn't impact the http and ws flow). With this set up you won't be able to see the caller ip.
Without the ELB Websocket works perfectly (AWS only sees ip traffic and the OS only tcp one), we haven't change any thing for a plain old http server in order to use WS (except the WS handling code in the web server).
To know if you are using ELB look at the bill, AWS can provide you a lot of very interesting services, for a fee.
I am trying to setup an Elastic load balancer to route requests to a cluster of node.js servers running Primus.io with sockjs to manage real time communications.
I have set up the load balancer to listen with the following configuration:
HTTPS 8084 -> HTTPS 8084 (The port used on my node.js servers)
SSL 443 -> TCP 80
My understanding is that the only way to get websockets to work through ELB is via SSL->TCP, hence the above configuration.
I have correctly enabled the new proxy protocol for ELB as described here:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html
When trying to connect to the server from a client an HTTPS request is initially sent and then from what I can gather it should be upgraded to websockets. But the request is simply failing when I send it to the loadbalancer address.
If I send the initial Primus connection request to the ip of a single nodejs server like so:
var primus = new Primus('https://ip.address.of.single.server:8084');
The request is correctly returned and is upgraded to websockets correctly.
When I switch the ip address to that of the balancer, it fails and the initial https request to the node.js server returns nothing. I assume this means that the websocket transfer could not be established, but to be honest I have little experience in this area so could be completely wrong.
Does anyone have any idea what I am doing wrong?
Thanks in advance
Do you have clustered your NodeJS-instances? For example, if you use SocketIO you should use a clustered session store. Actually, I'm also currently investigating the same with SockJS running on top of Vertx.
The problem behind is Amazon ELB won't respect any forwards in the past (in opposite to Sticky Session on top of HTTP) which means that a connections via TCP level can be forwarded at any cluster's node. Yes, one tcp channel would be okay. But frameworks like SocketIO do a little bit more to support sessions (does not exist in WebSockets) and multiple transport layers (http, polling, sockets, and so on).