WebSocket Port 80 / 443 EC2 and Erlang's Cowboy
Question
WebSocket Port 80 / 443 EC2 and Erlang's Cowboy
My production environment is CentOS 6.0 over an EC2 instance, I am writing a video communication app these days, I decided to go with Erlang as it is the best language for communication based apps.
I am using Cowboy's WebSocket for realtime communication & I decided to use Port 80 for its highly available chances over corporate networks, a few days back it was working without any problem but recently it just stopped working.
And when I am switching it to any other port than 80 / 443 / 21 or 22 it works like charm but not on these standard ports, I disabled all the firewall and allowed all kind of traffic from amazon security groups but nothing worked for me.
But this problem is only happening with WebSocket, I installed and used apache its working fine on Port 80, one more thing which I tried is that I installed haproxy listing on Port 80 and setup a forwarding for the WebSocket requests on a different Port which is 8088 in this case I noticed that I received request on socket server but as soon it receives it gets disconnected automatically.
Please help.
1 answers
solution1
0 ACCPTED 2017-03-17 20:56:48
I've put my thoughts as an answer rather than writing series of comments, so the main idea would be more clear and solid.
The initial assumption is that there is some "transparent proxy" somewhere between you and your server (probably, on the ISP or on the company's network gate if you're at work). The word "transparent" here means that it intercepts your web traffic without even asking you. Usually, ISPs use such transparent proxies for caching client's traffic and so use less network bandwidth. You can google for keywords "squid transparent proxy" for more technical details.
Now, if the proxy is configured not properly, it just breaks WebSockets protocol, so that your application doesn't work as expected. The key moment here is that this is an HTTP proxy , so it intercepts only that traffic that is related to HTTP protocol (by default, it is port 80) and it doesn't intercept traffic on other ports, - this is why your application works fine on other ports.
Unfortunately, there is no solid way to fight with this issue other than just use different ports.
Personally, I would suggest you to just use TLS/SSL connections. WebSockets do support TLS (because WS works inside HTTP/HTTPS). And transparent proxies usually not configured to intercept TLS traffic: you wrote that your app works fine via port 443 so it means that there is no transparent proxy on that port. If you don't want (or can't) use TLS connection (wss:// for websockets), you can use the app as it is with unencrypted connection but just using port 443 - it is not correct in sense of application architecture, but in your case it is acceptable and probably safe.
update
Regarding alternative HTTP ports like 8080, if there is a transparent proxy which intercepts traffic on port 80 then there is a big chance that those guys also want to intercept the alternative HTTP ports like 8080 or 81 or 8081 or others. So, even if the app works fine via say 8080 there is no guarantee at all that it will keep working tomorrow, - so you will need to change the port again if that happened.
From my point of view, making it working via TLS (so it will work via port 443 by default) is most correct idea. Or, if you can't introduce TLS, just make it working via 443 with no encryption (as it is) - this options, again, is not actually correct but it will work and hardly will be broken by the proxy.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.