13

I'm trying to run a simple websocket echo application on Elastic Beanstalk. But if I run it I'm getting an error 400 on the Socket Upgrade from Tomcat, but this just happens on port 80 if I pass port 8080 thought the loadbalancer I can access the websocket without the error 400 on socket upgrade (on port 8080). Port 8080 and Port 80 are both on TCP not HTTP.

My question is who is doing the translation from 80 to 8080 as the default configuration on the loadbalancer just pass traffic from 80 to 80. The translation has to be on the EC2 instance. IPTables? In this translation something goes wrong.

It would be nice to get some inforamtion from amazon on how this traffic is routet.

patrick
  • 826
  • 1
  • 9
  • 28

1 Answers1

16

The solution is to configure the Loadbalacer to connect directly to the Tomcat: 

Resources:
  AWSEBSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupDescription: "Security group to allow HTTP, SSH and 8080 for all"
      SecurityGroupIngress:
        - {CidrIp: "0.0.0.0/0", IpProtocol: "tcp", FromPort: "80", ToPort: "80"}
        - {CidrIp: "0.0.0.0/0", IpProtocol: "tcp", FromPort: "8080", ToPort: "8080"}
        - {CidrIp: "0.0.0.0/0", IpProtocol: "tcp", FromPort: "22", ToPort: "22"}
  AWSEBLoadBalancer:
    Type: "AWS::ElasticLoadBalancing::LoadBalancer"
    Properties:
      Listeners:
        - {LoadBalancerPort: 443, InstanceProtocol: "TCP", InstancePort: 8080, Protocol: "SSL", SSLCertificateId: "arn:aws:iam::9999999999999:server-certificate/sslcert"}
        - {LoadBalancerPort: 80, InstanceProtocol: "TCP", InstancePort: 8080, Protocol: "TCP"}
      AppCookieStickinessPolicy:
        - {PolicyName: "lb-session", CookieName: "lb-session"}
      HealthCheck:
        HealthyThreshold: "3"
        Interval: "30"
        Target: "HTTP:8080/ping.html"
        Timeout: "5"
        UnhealthyThreshold: "5"
  1. Create a folder called .ebextensions in the WEB-INF folder Maybe in newer Version the .ebextensions has to be in the root folder, can somebody confirm this?
  2. Create a file called websocket.config in this folder with the content from above
  3. Deploy the application
  4. Rebuild the environment

For a setup without SSL remove this:

 - {LoadBalancerPort: 443, InstanceProtocol: "TCP", InstancePort: 8080, Protocol: "SSL", SSLCertificateId: "arn:aws:iam::9999999999999:server-certificate/sslcert"}

Or replace Apache by Nginx and configure Niginx to support WebSocket

patrick
  • 826
  • 1
  • 9
  • 28
  • where is this configuration done ? Somewhere in ebextensions, or in tomcat config ? – Kevin Dec 03 '13 at 19:15
  • 1
    OK - figured it out, its a ebextensions config file. – Kevin Dec 03 '13 at 21:33
  • @Kevin - could you post an example .ebextension that works for you? – Jason Mar 01 '14 at 00:33
  • Using Leiningen and `lein-beanstalk`, make the path of the file `war-resources/.ebextensions/websocket.config`. – Stig Brautaset Jun 16 '14 at 07:06
  • @patrick is the port 22 required, can you please explain the configuration mentioned in the file in your answer. – Vineeth NG Feb 04 '15 at 10:00
  • @VineethNG you will just net the port 22 if you like to be able to access your server over SSH. What can be really handy for development. – patrick Feb 04 '15 at 13:26
  • Great answer and it really helped me. One small correction though. The .ebextensions folder must be in the root folder, not inside webinf – CuriousCoder Nov 14 '17 at 19:19
  • @CuriousCoder Where i put websocket.config ? I'm confused I have a java Primeface Application. Is it configuare in Server or Application? – Araf Dec 12 '17 at 09:05
  • @Araf the config file is for the container runing your application on aws.You have to bundel the cofig file with your war which you are going to deploy on the Elastic Beanstalk. In one of the folders mentiend above. – patrick Dec 13 '17 at 09:38