My goal is to socket io connect from my public server to my private server via
const socket = io("10.0.2.50:3001")
both of which are connected to my vpc. the private server has the socket/server code for my app, the public server displays the front end. I would like users to be able to link to/connect to other private servers on the private subnet.
i have a basic aws vpc setup -
- vpc with public and private subnet
- one server connected to public subnet that connects to the public internet via a public route table and internet gateway. this is running @ public ip x.x.x.x:3000 private ip 10.0.1.50:3000
- one private server that i can connect to through a private route table from my public server at 10.0.2.50:3001
What is working -
- i can visit the public facing server and see the front end assets load in but it never connects.
- i can curl the private server - curl 10.0.2.50:3001 when i'm sshed in the public server.
- i can connect to a public clone of the private server on a public ip. this confirms the code is correct for connecting.
const socket = io("x.x.x.x:3001")
- if i set the nginx reverse proxy_pass = http:10.0.2.50:3001; it works, i have a testing page setup for debugging the server side code
- i've tested cors as mentioned in the socket io cors docs - curl "http://10.0.2.50:3001/socket.io/?EIO=4&transport=polling" and it gives expected results. for testing i have an open cors policy attached to the private server.
- I've made my security settings very open for testing. most of them have all inbound and outbound open.
My feeling is that connecting to a private server in a vpc is a socket io limitation, but i'm not sure why that would be the case and was curious if there's a workaround.
Thanks in advance
CodePudding user response:
"My feeling is that connecting to a private server in a vpc is a socket io limitation"
No, it is just how networks work. Your front-end code runs in the web browser on your laptop, not in the VPC. Your laptop is not inside the VPC. Your laptop can only connect to public resources in your VPC, it can not connect to private resources in your VPC. That is the very definition of public and private VPC resources.
For Socket.IO connections to work between web browsers on the public Internet and your back-end servers, those servers must be in a public subnet and have a public IP address, or the traffic must be proxied through either a public server or a public load balancer.