Configure websockets behind an AWS ELB.

websocket-elb.md

Websockets behind AWS ELB

Nginx

See Configuring NGINX to accept the PROXY Protocol - NGINX

upstream wsserver {
    server 127.0.0.1:9000;
}

server {
    # proxy_protocol is necessary,
    # if we want info of the client from ELB
    listen 80 proxy_protocol;

    location / {
        proxy_pass http://wsserver;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";

        proxy_set_header Host            $host;
        proxy_set_header X-Real-IP       $proxy_protocol_addr;
        proxy_set_header X-Forwarded-For $proxy_protocol_addr;
        
        # Very important, controls proxied websocket connection timeout
        proxy_read_timeout 600s;
    }
}

ELB

Use SSL (Secure TCP) for Load Balancer Protocol and TCP for Instance Protocol.

Use the following AWS CLI commands to configure proxy protocol on an ELB:

To create a ELB policy that enables proxy protocol

aws elb create-load-balancer-policy \
    --load-balancer-name $ELB \
    --policy-name $ELB-proxy-protocol \
    --policy-type-name ProxyProtocolPolicyType \
    --policy-attributes AttributeName=ProxyProtocol,AttributeValue=True

To check the created policy

aws elb describe-load-balancer-policies \
    --load-balancer-name $ELB \
    --policy-names $ELB-proxy-protocol

To attach the policy to ELB

Note the --instance-port parameter.

aws elb set-load-balancer-policies-for-backend-server \
    --load-balancer-name $ELB \
    --instance-port 80 \
    --policy-names $ELB-proxy-protocol

To detach the policy from ELB

aws elb set-load-balancer-policies-for-backend-server \
    --load-balancer-name $ELB \
    --instance-port 80 \
    --policy-names []

To check if policy is attached to the ELB

aws elb describe-load-balancers \
    --load-balancer-name $ELB \
    --query LoadBalancerDescriptions[0].BackendServerDescriptions

Just create Application Load Balancer and that's all you have to do :)