WebSockets: wss from client to Amazon AWS EC2 instance through ELB

Question

How can I connect over ssl to a websocket served by GlassFish on an Amazon AWS EC2 instance through an ELB?

I am using Tyrus 1.8.1 in GlassFish 4.1 b13 pre-release as my

Answer 1

I had a similar setup and originally configured my ELB listeners as follows:

• HTTP 80 HTTP 80
• HTTPS 443 HTTPS 443

Although this worked fine for the website itself, the websocket connection failed. In the listener, you need to allow all secure TCP connection as opposed to SSL only to allow wss to pass through as well:

• HTTP 80 HTTP 80
• SSL (Secure TCP) 443 SSL (Secure TCP) 443

I would also recommend raising the Idle timeout of the ELB.

Answer 2

I recently enabled wss between my browser and an EC2 Node.js instance. There were 2 things to consider:

• in the ELB listeners tab, add a row for the wss port with SSL as load balancer protocol.
• in the ELB description tab, set an higher idle timeout (connection settings), which is 60 sec by default. The ELB was killing the websocket connections after 1 minute, setting the idle timeout to 3600 (the max value) enables much longer communication.

It is obviously not the ultimate solution since the timeout is still there, but 1 hour is probably good enough for what we usually do.

hope this help