daphne SSL through AWS Application Load Balancer


I’m building an app on an aws ec2 (amazon linux 2) instance that sits behind an ALB. The ALB hosts our ssl certificate. I’m using Okta to authenticate user logins. I’m also behind an akamai layer that redirects all http traffic to https (I didn’t set up a lot of the internals. Honestly I’m still trying to figure out most of this. haha).
I’ve been testing daphne because I want to use websockets but I’m having trouble with the okta login redirect - it wants to default to http when it should be https.
I’m running daphne like:

daphne -b x.x.x.x -p 80 myapp.asgi:application

Everything seems to funnel to https except for this and it’s giving me a false sense that things are working. Would the reason that the redirect is http have anything to do with the fact that I’m not running daphne with a private/cert key? There’s no easy way for me to do that since all that information is provided by the ALB itself as far as I’ve been told.

Here’s a screenshot of the redirect error info:

I’ve tried this with uwsgi and it works with pretty basic settings. I don’t have to provide a private/cert key. It just handles the redirect no questions asked.

I’m not sold on daphne so if any of the other asgi providers would make this easier (or if there is a way around this with daphne, great) then I’d be happy to try that.

Otherwise is there no way to use websockets with wsgi? Because that much seems to work for me.


I don’t have any specifics that will help, because I’m not familiar with most of what you’re describing, but, I do have a couple of tidbits that might fill in some gaps.

When you want to establish a websockets connection using ssl, it’s a wss connection, not a ws connection.

Daphne is capable of serving ssl-based connections. (I don’t have any details on that because I don’t serve websockets over ssl directly by daphne.)

You’re telling daphne to listen to port 80. SSL connections use port 443 by default.

The whole purpose of asgi is to allow for asynchronous communications, which wsgi doesn’t support. (The very concept of the request/response cycle in http is contrary to an asynchronous socket connection.)

What I do is run both daphne and uwsgi behind nginx. Nginx serves as the endpoint for all connections and as the ssl endpoint. Everything behind nginx is not ssl.

The ALB in my case is doing sort of what nginx does for you as far as I understand it.
When I was running uwsgi (port 80, not 443) I didn’t have to do any special configuration for ssl. My assumption is that the same would work for daphne since it’s sitting behind the ALB.

How are you running daphne and uwsgi? Can this configuration use Channels?

I run daphne pretty much as the docs describe at Deploying — Channels 3.0.3 documentation
and the uwsgi instance is run like we use any other uwsgi instance. (Since nginx is listening on port 80, uwsgi is listening on 8080 and daphne is listening on 8088.)

Yes, the entire purpose of our configuration was to add websocket support to an application. Since the application was already running under uwsgi behind nginx, we added daphne as a separate component to minimize how much we needed to change.

Issue wasn’t related to Daphne. Incorrect okta configuration. Thanks for your help!