WebSockets: wss from client to Amazon AWS EC2 instance through ELB

How can I connect over ssl to a websocket served by GlassFish on an Amazon AWS EC2 instance through an ELB?

I am using Tyrus 1.8.1 in GlassFish 4.1 b13 pre-release as my websocket implementation.

Port 8080 is unsecured, and port 8181 is secured with ssl.

• ELB dns name: elb.xyz.com
• EC2 dns name: ec2.xyz.com
• websocket path: /web/socket

I have successfully used both ws & wss to connect directly to my EC2 instance (bypassing my ELB). i.e. both of the following urls work:

• ws://ec2.xyz.com:8080/web/socket
• wss://ec2.xyz.com:8181/web/socket

I have successfully used ws (non-ssl) over my ELB by using a tcp 80 > tcp 8080 listener. i.e. the following url works:

• ws://elb.xyz.com:80/web/socket

I have not, however, been able to find a way to use wss though my ELB.

I have tried many things.

I assume that the most likely way of getting wss to work through my ELB would be to create a tcp 8181 > tcp 8181 listener on my ELB with proxy protocol enabled and use the following url:

• wss://elb.xyz.com:8181/web/socket

Unfortunately, that does not work. I guess that I might have to enable the proxy protocol on glassfish, but I haven't been able to find out how to do that (or if it's possible, or if it's necessary for wss to work over my ELB).

Another option might be to somehow have ws or wss run over an ssl connection that's terminated on the ELB, and have it continue unsecured to glassfish, by using an ssl > tcp 8080 listener. That didn't work for me, either, but maybe some setting was incorrect.

Does anyone have any modifications to my two aforementioned trials. Or does anyone have some other suggestions?

Thanks.