Kubernetes nginx ingress proxy pass to websocket

Question

We are running rails application with unicorn and websocket. We are using AWS ELB as ingress SSL terminates on ELB and forwards traffic to application.

Nginx ingress routes traffic to web app running unicorn/puma on port 8080.

App works but our websocket responds with 200 instead of 101. We have enabled CORS and used required annotations in ingress.

This are annotations used for the ingress controller service

service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
service.beta.kubernetes.io/aws-load-balancer-ssl-cert::arn:aws:iam::xxx:server-certificate/staging
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https

When we use aws loadbalancer protocol as tcp and load balancer ports as 443 it fails on infinite redirect loop.

Following are the annotations used in the ingress:

nginx.ingress.kubernetes.io/service-upstream: true      
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
ingress.kubernetes.io/force-ssl-redirect: "true"

Our sample nginx configuration we used earlier without ingress is here

How to get websockets working with nginx ingress controller with AWS ELB ?

Answer 1

Is it possible to try without CORS?

Part of the handshake is the client must send at least these headers:

Sec-WebSocket-Key
Sec-WebSocket-Version

And maybe something else. Look at https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_servers#The_WebSocket_Handshake