WebSockets behind AWS ELB with Proxy Protocol Enabled

Fredrik Slättman

unread,

Feb 10, 2015, 7:25:58 AM2/10/15

to nod...@googlegroups.com

Hi,

first time poster, be gentle! :)

I have a problem related to a WebSocket server behind AWS ELB, that's configured with TCP over SSL. The problem I'm experiencing is that I loose the origin IP of the connection, which I need for my application. So, to get the origin IP of the connection I need to enable Proxy Protocol Support for my ELB instance, which directly breaks the handshake for the WebSocket connections. I know that this issue can be solved by putting a nginx instance between the ELB and the WebSocket server, but I'm wondering if there is any other way? I would love to fix this with my current stack without adding another layer to it.

The module I've found (node-proxywrap) seems to not be maintained anymore and consist one critical issue related to a memory leak, therefore that one is not an option.

Anyone having any suggestions? I thought of piping the TCP connection in the http.on('connection' ...) event, but found quickly that the connection don't emit any events.

Cheers,

Fredrik Slättman

Jimb Esser

unread,

Feb 12, 2015, 2:26:10 PM2/12/15

to nod...@googlegroups.com

Hi!

We ran into a similar thing a long time ago... I think the ELB Proxy Protocol is the same as HAProxy's protocol which we were using (ELB did not support the Proxy protocol back then). We solved this problem by implementing a pre-parse event in node that let us pull data out of the stream before handing it off to Node's http parser. I've put up a gist of our preparse event handler [1] which pulls out the proxy protocol if it's there, and it references the two commits to modify node to support this, however that was on an earlier version of node and might take a little work to get working (additionally, it requires maintaining a fork of node, which is a pain). The product that used that code has since been shut down, so we're not doing that anymore.

More recently on an unrelated project, I've hooked the on('connection') event [2] to munge some data before sending it to node's http parser (since it was crashing on some requests), and, though I didn't do it with piping, it does seem to work, and I suspect a similar approach would work for intercepting the Proxy protocol.

[1] https://gist.github.com/Jimbly/ec6126da15bf0e6f9a63

[2] https://gist.github.com/Jimbly/d996bd8c80ae1a376a0b#file-webroot-js-L141

Hope this helps!

Jimb Esser

Fredrik Slättman

unread,

Feb 23, 2015, 3:07:39 AM2/23/15

to nod...@googlegroups.com

Thanks Jimb. The ELB Proxy Protocol is indeed the same protocol. The net module differs a bit from HTTP when it comes to emitting events and overriding events, which is my main problem. Right now I'll just check for the first chunk of data from the tcp connection and parse it if it's a PROXY header.