Search code examples
sslamazon-ec2django-channelsdaphne

Is it possible to deploy Daphne SSL on EC2 without the need for Nginx?

I'm trying to prototype with Django-channels via Daphne. The structure is shown in the picture. When I deploy it without SSL (wss) everything works normal (it connects, messages are sent, etc). I proceeded to do it with wss locally, with self-signed certificates, and it works too. But when testing it by deploying it in EC2 (cloud) it waits for a long moment and at the end it says that the connection failed, in the backend log, it doesn't even show that a connection request attempt arrived.

enter image description here

This is how I'm deploying on Daphne - EC2, with self signed certificates (because it's a test). Note: Port 8000 is open in the security group.

daphne -e ssl:8000:privateKey=key.pem:certKey=cert.pem prototype.asgi:application

And using a local front-end (Angular) I'm using:

angular.json

[...]

"serve": {
[...]

    "options": {
        "sslKey": "src/assets/key.pem",
        "sslCert": "src/assets/cert.pem"
    }

[...]

}

[...]

Websocket call

private initChannel(arg: string, arg2: string) { 
    this.webSocketSubject = webSocket('wss://' + this.EC2_IP + ':8000/prototype/?arg=' + arg + '&arg2=' + arg2);
}

Deploy command:

ng serve --ssl

Suddenly do you have a idea of what may be happening?

I have seen that most deploy it through nginx but the prototype is purely by websocket (channels) so it is not necessary at the moment balancer or proxy. Is Nginx mandatory for this deployment?

Solution

  • My problem was the SSL / TLS certificate. To be able to make the connection via HTTPS, it need a SSL/TLS certificate that works on the domain that is called/consumed. This is why locally when I generated the test certificate it worked because I was the owner of my localhost. But in the cloud, each instance manages its own domain, that belongs to the cloud company that manages the instance, so requests cannot be received over HTTPS.

    Therefore, if it can be deployed without the need for a reverse proxy (nginx) and for this you must generate a DNS domain that points to the IP of your instance in the cloud (for example in GoDaddy, AWS has Route 53 and there are many). Since the domain is yours and points to an instance that you have the privileges to manage, you can generate a free certificate from Let's Encrypt (or any certificate authority but paying). In the case of Let's Encrypt I used the Lego library. With the certificate and key that this library generated for me in the domain that I acquired and that points to the IP of my instance, I ran the command below and it worked correctly.

    daphne -e ssl:8000:privateKey=my.domain.key:certKey=my.domain.crt prototype.asgi:application

    Remember that if you want to run the ASGI server Daphne for a specific IP (the one that linked to the DNS domain) you can run the following command.

    daphne -e ssl:port=8002:interface=192.168.1.70:privateKey=my.domain.key:certKey=my.domain.crt chat.asgi:application