This topic explains how Cloud Foundry (CF) uses WebSockets, why developers use WebSockets in their applications, and how operators can configure their load balancer to support WebSockets.
Operators who use a load balancer to distribute incoming traffic across CF router instances must configure their load balancer for WebSockets. Otherwise, the Loggregator system cannot stream application logs to developers, or application event data and component metrics to third-party aggregation services. Additionally, developers cannot use WebSockets in their applications.
The WebSocket protocol provides full-duplex communication over a single TCP connection. Applications can use WebSockets to perform real-time data exchange between a client and a server more efficiently than HTTP.
CF uses WebSockets for the following metrics and logging purposes:
To stream application logs from the Traffic Controller to developers using the Cloud Foundry Command Line Interface (cf CLI)
To stream all application event data and component metrics from the Traffic Controller over the Firehose endpoint to external applications or services
For more information about these Loggregator components, see the Overview of the Loggregator System topic.
To form a WebSocket connection, the client sends an HTTP request that contains an
Upgrade header and other headers required to complete the WebSocket handshake. You must configure your load balancer to not upgrade the HTTP request, but rather to pass the
Upgrade header through to the CF router. The procedures required to configure your load balancer depends on your IaaS and load balancer. The following list includes several possible approaches:
- Some load balancers can recognize the
Upgradeheader and pass these requests through to the CF router without returning the WebSocket handshake response. This may or may not be default behavior, and may require additional configuration.
- Some load balancers do not support passing WebSocket handshake requests containing the
Upgradeheader to the CF router. For instance, the Amazon Web Services (AWS) Elastic Load Balancer (ELB) does not support this behavior. In this scenario, you must configure your load balancer to forward TCP traffic to your CF router to support WebSockets. If your load balancer does not support TCP pass-through of WebSocket requests on the same port as other HTTP requests, you can do one of the following:
- Configure your load balancer to listen on a non-standard port (the built-in CF load balancer listens on 8443 by default for this purpose), and forward requests for this port in TCP mode. Application clients must make WebSockets upgrade requests to this port. If you choose this strategy, you must follow the steps below in the Set Your Loggregator Port section of this topic
- If a non-standard port is not acceptable, add a load balancer that will handle WebSocket traffic (or another IP on an existing load balancer) and configure it to listen on standard ports 80 and 443 in TCP mode. Configure DNS with a new hostname, such as
ws.cf.example.com, to be used for WebSockets. This hostname should resolve to the new load balancer interface.
Note: Regardless of your IaaS and configuration, you must configure your load balancer to send the X-Forwarded-For and X-Forwarded-Proto headers for non-WebSocket HTTP requests on ports 80 and 443. See the Securing Traffic into Cloud Foundry topic for more information.
By default, the CF release manifest assigns port 4443 for TCP/WebSocket communications. If you have configured your load balancer to use a port other than 4443 for TCP/WebSocket traffic, you must edit your CF manifest to set the value of
properties.logger_endpoint.port to the correct port. Locate the following section of your CF manifest and replace
YOUR-WEBSOCKET-PORT with the appropriate value:
Create a pull request or raise an issue on the source for this page in GitHub
properties: logger_endpoint: port: YOUR-WEBSOCKET-PORT