[英]Microservice running inside docker container(on EC2 instance) is not reaching AWS ALB
I am trying to add AWS Application load balancer in front of Microservices(Running on EC2 node inside VPC and public subnet).我正在尝试在微服务前面添加 AWS 应用程序负载均衡器(在 VPC 和公共子网内的 EC2 节点上运行)。 Those are running inside docker container.
那些在 docker 容器内运行。 I noticed that, If microservice is running on directly on EC2 instance.
我注意到,如果微服务直接在 EC2 实例上运行。 It able to communicate with ALB.
它能够与ALB通信。 When started microservice inside a docker container.
在 docker 容器内启动微服务时。 It is not communicate with ALB.
它不与 ALB 通信。
I am able to reproduce with curl:我可以用 curl 重现:
1) Hit curl directly on EC2 instance - Working 1) 直接在 EC2 实例上点击 curl - 工作
$ curl http://vpc-elb-url/alive
Response:回复:
ok
2) Hit curl from inside docker container - not working 2) 从 docker 容器内部点击 curl - 不工作
$ docker run --rm byrnedo/alpine-curl http://vpc-elb-url/alive
Response:回复:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1120 100 1120 0 0 65882 0 --:--:-- --:--:-- --:--:-- 65882
<!DOCTYPE html>
<html lang="en">
<head>
<title>Not Found</title>
<style>
html, body, pre {
margin: 0;
padding: 0;
font-family: Monaco, 'Lucida Console', monospace;
background: #ECECEC;
}
h1 {
margin: 0;
background: #AD632A;
padding: 20px 45px;
color: #fff;
text-shadow: 1px 1px 1px rgba(0,0,0,.3);
border-bottom: 1px solid #9F5805;
font-size: 28px;
}
p#detail {
margin: 0;
padding: 15px 45px;
background: #F6A960;
border-top: 4px solid #D29052;
color: #733512;
text-shadow: 1px 1px 1px rgba(255,255,255,.3);
font-size: 14px;
border-bottom: 1px solid #BA7F5B;
}
</style>
</head>
<body>
<h1>Not Found</h1>
<p id="detail">
For request 'GET /alive'
</p>
</body>
</html>
Any help would be appreciated.任何帮助,将不胜感激。 Thanks.
谢谢。
The thing is that the container is not sharing the same AIM role with the EC2 instance问题是容器没有与 EC2 实例共享相同的 AIM 角色
There is a project called IAM-docker that shares the host IAM role with the container (you can read about how it works in the repo)有一个名为 IAM-docker 的项目,它与容器共享主机 IAM 角色(您可以在 repo 中阅读它是如何工作的)
In addition it lets you manage what container will get what access此外,它还可以让您管理哪些容器将获得哪些访问权限
https://github.com/swipely/iam-docker https://github.com/swipely/iam-docker
I don't think this is a valid question.我不认为这是一个有效的问题。 I am answering this, maybe it will help other.
我正在回答这个,也许它会帮助其他人。 If somebody doing the same mistake:(
如果有人犯同样的错误:(
We are routing all traffic from 80 to 9000 using this command:我们使用以下命令将所有流量从 80 路由到 9000:
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 9000
Because this ALB becomes unreachable.因为此 ALB 变得无法访问。 We simply removed this rule using below command
我们只是使用以下命令删除了此规则
sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 9000
Everything is working fine!一切正常!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.