WebSockets Client Connections Time Out When Trying to Open a Connection with Tornado Server

Question

I have a Tornado server with a WebSocketHandler, and when I connect to the handler on localhost everything works correctly. However, the server is being moved to a new environment and now must run on wss instead of ws protocol. Since moving to the new environment, all client connections to my WebSocketHandler time out without ever opening. telnet connects just fine, however. The issue occurs in all major browsers, afaik.

The firewall has an exception for the port my server is running on, and I've enabled TLS in the Tornado server by sending in my .cer and .key files, but to no avail. I also tried following the advice here regarding ProxyPass in an Apache server running on the same environment, and connections are still timing out.

Environment: CentOS Linux release 7.2.1511

Relevant Tornado Code:

import tornado.websocket
import tornado.ioloop
import tornado.auth
import tornado.escape
import tornado.concurrent

class WSHandler(tornado.websocket.WebSocketHandler)
    def check_origin(self, origin):
        return True

    def open(self, arg1, arg2):
        self.stream.set_nodelay(True)
        self.arg2 = arg2
        self.write_message("Opened the connection")

class WSApp(tornado.web.Application):
    def __init__(self, arg1=None, arg2=None, handlers=None,
                 default_host='', transforms=None, **settings):
        print("Starting WSApp application")
    super(WSApp, self).__init__(handlers=handlers,
                                       default_host=default_host,
                                       transforms=transforms,
                                       **settings)

if __name__ == "__main__":
    settings = {
        "cookie_secret": b'om nom nom' # /s,
        "ssl_options": {
            "certfile": "path/to/certfile.cer",
            "keyfile": "path/to/keyfile.key"
    }

    application = AMQPWSTunnel(handlers=[
                                (r"/(resource)/(.+)", AMQPWSHandler)
                            ],
                            debug=True,
                            **settings)

    application.listen(8930)

    try:
        tornado.ioloop.IOLoop.current().start()
    except KeyboardInterrupt:
        application.shutdown()

ProxyPass Settings

ProxyPass /resource/<resource_name> wss://127.0.0.1:8930/resource/<resource_name>
ProxyPassReverse /resource/<resource_name> wss://127.0.0.1:8930/resource/<resource_name>

WebSocket Connection

var ws = new Websocket("wss://my-domain:8930/resource/<resource_id>");

Any help would be appreciated!

Answer 1

The issue was with ProxyPass settings and the post used in my wss url.

Tornado Update:

The ssl cert and key files were removed from Tornado configuration.

ProxyPass Update:

ProxyPass /resource/<resource_name> ws://127.0.0.1:8930/resource/<resource_name>
ProxyPassReverse /resource/<resource_name> ws://127.0.0.1:8930/resource/<resource_name>

The second argument must be a non-ssl protocol (changed from wss:// to ws:// ), though by keeping the cert in place I probably could have used wss . This is a non-issue, though, because Apache catches incoming WebSocket requests to my server.

Client Update:

The client must send requests to Apache, which then tunnels them to the Tornado server. So just remove the port from the url (or add Apache's port number)

var ws = new Websocket("wss://my-domain/resource/<resource_id>");

Those three changes did the trick! Hopefully this is helpful to anyone else stuck on the same issue.