0

I am trying to get a websocket communication working through a classic ELB with ssl termination to wowza, a java based media server.

Setup

VPC

R53
test.myTld.com 
IPv4, Alias=Yes, Target myElb, Routing Simple

CLASSIC ELB: myElb
listeners: SSL 64443 -> TCP 64443 : SSL Cert managed by AWS Certificate Manager (ACM)
security group [sg-xxxxx] : Custom TCP Rule TCP (6) 64443 0.0.0.0/0

EC2 
security group [sg-xxxxx] : Custom TCP Rule TCP (6) 64443 0.0.0.0/0

Non wss traffic is reaching instance as expected. When connecting to ec2 wowza using direct ip, the connection works and stream connects

wss://xxx.xxx.xxx.xxx:64443/webrtc-session.json

Frames = {status: 200, statusDescription: "OK", direction: "publish", command: "sendOffer",…}

However connecting through the ELB I get different errors being reported

WebSocket connection to 'wss://test.myTld.com:64443/webrtc-session.json' failed: Error during WebSocket handshake: net::ERR_RESPONSE_HEADERS_TRUNCATED

So following several tutorials & docs such as AWS ELB CLI I added the following

aws elb create-load-balancer-policy --load-balancer-name myElb --policy-name wowza --policy-type-name ProxyProtocolPolicyType --policy-attributes AttributeName=ProxyProtocol,AttributeValue=True
aws elb set-load-balancer-policies-for-backend-server --load-balancer-name myElb --instance-port 64443 --policy-names wowza

Confriming the policy has been updated,

aws elb describe-load-balancers --load-balancer-name myElb
"VPCId": "vpc-xxxxxxxx", 
"BackendServerDescriptions": [
 {
   "InstancePort": 64443, 
   "PolicyNames": [
                   "wowza"
                  ]
                }
            ], 
            "Instances": [
                {
                    "InstanceId": "i-xxxxxxx"
                }
            ],

I then try a connection using the test.myTld.com & ELB, the first try reports

WebSocket connection to 'wss://test.myTld.com:64443/webrtc-session.json'
failed: Error during WebSocket handshake: Invalid status line

Frames = (Opcode -1)

then subsiquent tries report

WebSocket connection to 'wss://test.myTld.com:64443/webrtc-session.json'
failed: Error during WebSocket handshake: net::ERR_RESPONSE_HEADERS_TRUNCATED
Frames = (Opcode -1)

For what it is worth, here is the logs from wowza

server  INFO    200 -   WebSocketSession.create[94728968]   -   -   -   9432.997
server  INFO    200 -   WebSocketSession.destroy[926674790]: source:server status:-1 description:Unknown    -   -   -   9490.999

So my questions is what else do I need to set for the ELB to pass the wss headers to establish the websocket.

art vanderlay
  • 171
  • 1
  • 3
  • Your ELB is probably associated with some "Security Group". You should make sure such group allows your ELB access to your EC2 instance. You should also make sure your EC2 instance is in the same VPC as your ELB. Are we sure the logs from wowza you're giving match your ELB request? Do you see health checks coming in? – SYN Nov 13 '16 at 15:32
  • As per post Security groups are already set and non wws traffic is reaching instance fine. – art vanderlay Nov 13 '16 at 16:29
  • You might try increasing the idle connection timeout (defaults to 60s) in the ELB, to see if that changes the behavior, per [this related StackOverflow post](http://stackoverflow.com/questions/25730368/websockets-wss-from-client-to-amazon-aws-ec2-instance-through-elb). – Castaglia Nov 13 '16 at 17:56
  • @Castaglia have tried that with no luck. There is actually no sign of connection on the wowza server when using the ELB. When using direct IP it logs a connection within milliseconds, so it seems it is not a wait issue, rather a negotiation issue due to incorrect/malformed/truncated headers. Round trip success with direct ip is under 100ms – art vanderlay Nov 13 '16 at 19:37

0 Answers0