AWS Application Load Balancer上的Websocket + SSL

MaxBlax360

我在ElastickBeanstalk上部署了Django应用程序。为了支持Websocket（由Django-channels（〜= 1.1.8，channels-api == 0.4.0组成），Redis Elasticache AWS和Daphne（〜= 1.4））。HTTP，HTTPS和Web套接字协议运行正常。

但是我找不到在安全SSL上部署Websocket的方法。它杀了我，并且正在阻止，因为来自浏览器的HTTPS连接将切断不安全的ws：//对等请求。

这是我的ALB配置有人可以作为解决方案吗？

MaxBlax360

经过2天的调查，我终于破解了此配置！

答案是：

The right, and MINIMUM, aws - ALB Config: Indeed, we need to
- Decode SSL ( this is not a End-to-End encryption )
- Forward All traffic to Daphne. The reason why I did not go for the very spread among the web conf : "/ws/*" routing to Daphne, is that It provided me indeed the HandShake OK, but afterward, nothing, nada, websocket could not be pushed back to the subscriber. The reason, I believe, is that the push back from Daphne does not respect the custom base trailing URL you customize in your conf. Also, I cannot be sure of this interpretation. What I am sure of however is that if I don't forward all traffic to Daphne, it doesn't work after handshake.
  1. The minimum Deployment CONF
- NO NEED of complet .ebextension override proxy in deployment:

.ebextensions/05_channels.config

files:
  "/opt/elasticbeanstalk/hooks/appdeploy/post/start_supervisor.sh":
  mode: "000755"
  owner: root
  group: root
  content: |
    #!/usr/bin/env bash
    sudo virtualenv -p /usr/bin/python2.7 /tmp/senv
    source /tmp/senv/bin/activate && source /opt/python/current/env
    sudo python --version > /tmp/version_check.txt
    sudo pip install supervisor

    sudo /usr/local/bin/supervisord -c /opt/python/current/app/fxf/custom_eb_deployment/supervisord.conf
    sudo /usr/local/bin/supervisorctl -c /opt/python/current/app/fxf/custom_eb_deployment/supervisord.conf reread
    sudo /usr/local/bin/supervisorctl -c /opt/python/current/app/fxf/custom_eb_deployment/supervisord.conf update
    sudo /usr/local/bin/supervisorctl -c /opt/python/current/app/fxf/custom_eb_deployment/supervisord.conf restart all
    sudo /usr/local/bin/supervisorctl -c /opt/python/current/app/fxf/custom_eb_deployment/supervisord.conf status

start_daphne.sh（根据我的ALB conf，备注我选择的是8001端口）

#!/usr/bin/env bash source /opt/python/run/venv/bin/activate && source /opt/python/current/env /opt/python/run/venv/bin/daphne -b 0.0.0.0 -p 8001 fxf.asgi:channel_layer
start_worker.sh

#!/usr/bin/env bash source /opt/python/run/venv/bin/activate && source /opt/python/current/env python /opt/python/current/app/fxf/manage.py runworker
主管

[unix_http_server]
file=/tmp/supervisor.sock   ; (the path to the socket file)

[supervisord]
logfile=/tmp/supervisord.log ; supervisord log file
loglevel=error ; info, debug, warn, trace
logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10           ; (num of main logfile rotation backups;default 10)
pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
nodaemon=false               ; (start in foreground if true;default false)
minfds=1024                  ; (min. avail startup file descriptors;default 1024)
minprocs=200                 ; (min. avail process descriptors;default 200)

; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket

[program:Daphne]
environment=PATH="/opt/python/run/venv/bin"
command=sh /opt/python/current/app/fxf/custom_eb_deployment/start_daphne.sh --log-file /tmp/start_daphne.log
directory=/opt/python/current/app
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/tmp/daphne.out.log
stderr_logfile=/tmp/daphne.err.log

[program:Worker]
environment=PATH="/opt/python/run/venv/bin"
command=sh /opt/python/current/app/fxf/custom_eb_deployment/start_worker.sh --log-file /tmp/start_worker.log
directory=/opt/python/current/app
process_name=%(program_name)s_%(process_num)02d
numprocs=2
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/tmp/workers.out.log
stderr_logfile=/tmp/workers.err.log

; When resorting to send SIGKILL to the program to terminate it
; send SIGKILL to its whole process group instead,
; taking care of its children as well.
killasgroup=true

如果有些人仍在为此会议上挣扎，我可能会在中等或类似的东西上发布一个tuto。请毫不犹豫地在答案上逼我;）

本文收集自互联网，转载请注明来源。

如有侵权，请联系 [email protected] 删除。

编辑于 2020-11-24

我来说两句

0 条评论

登录后参与评论

上一篇：Web Scraping mit Rvest - NA zurückgeben, wenn der Knoten nicht gefunden wird?

使用AWS Application Load Balancer的Websocket超时

在AWS Application Load Balancer上使用Go时，WebSocket连接失败并显示301

在Elastic Beanstalk前面的Application Load Balancer上终止SSL

AWS Application Load Balancer上的Websocket + SSL

AWS Application Load Balancer上的Websocket + SSL

验证REST API参数

带有错误“ where”条件的查询如何返回结果？

使用SciPy的最小值来找到图中的最短路径

OpenGL纹理格式的颜色错误

未捕获的SyntaxError：带有Ajax帖子的意外令牌u

如何清除已撤销的GPG密钥？

OpenCv：改变 putText() 的位置

Python PIL putdata颜色必须为int或tuple

如何通过 iOS SDK 通过蓝牙将字体发送到 Zebra 打印机 (Zebra imz320)

如何从JavaScript中的MP3文件读取元数据属性？

如何根据Azure中的部署名称删除所有部署的资源

IE 11中的FormData未定义

混乱的EFI分区，启动时没有启动选项

如何在R中转置数据

Redux动作正常，但减速器无效

在 Python 2.7 中。如何从文件中读取特定文本并分配给变量

超过时间限制错误C ++

如何使用HttpClient的在使用SSL证书，无论多么“糟糕”是

如何对treeView的子节点进行排序

去噪自动编码器和常规自动编码器有什么区别？

在where子句中使用AVG函数和DATEADD进行嵌套查询