为运行 tomcat 的私有子网 EC2 实例设置 Application Load Balancer
[英]Setting up Application Load Balancer for Private Subnet EC2 instances running tomcat
问题描述
I have setup a VPC with two public subnets and two private subnets.
我已经设置了一个具有两个公共子网和两个私有子网的 VPC。 The two private subnets have two EC2 instates and each has tomcat server running on port 8080.这两个私有子网有两个 EC2 状态,每个都有 tomcat 服务器在端口 8080 上运行。
I have set up a load balancer (terraform) as following but the health check is always failing.我已经设置了一个负载均衡器(terraform),但运行状况检查总是失败。 Can someone help me with what's wrong here.有人可以帮我解决这里的问题。
Security Groups:安全组:
# Create Security Group for the Application Load Balancer
# terraform aws create security group
resource "aws_security_group" "alb-security-group" {
name = "ALB Security Group"
description = "Enable HTTP/HTTPS access on Port 80/443"
vpc_id = aws_vpc.OrchVPC.id
ingress {
description = "HTTP Access"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS Access"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "ALB Security Group"
}
}
# Create Security Group for the Bastion Host aka Jump Box
# terraform aws create security group
resource "aws_security_group" "ssh-security-group" {
name = "SSH Security Group"
description = "Enable SSH access on Port 22"
vpc_id = aws_vpc.OrchVPC.id
ingress {
description = "SSH Access"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "SSH Security Group"
}
}
# Create Security Group for the Web Server
# terraform aws create security group
resource "aws_security_group" "webserver-security-group" {
name = "Web Server Security Group"
description = "Enable HTTP/HTTPS access on Port 80/443 via ALB and SSH access on Port 22 via SSH SG"
vpc_id = aws_vpc.OrchVPC.id
ingress {
description = "HTTP Access"
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = ["${aws_security_group.alb-security-group.id}"]
}
ingress {
description = "HTTPS Access"
from_port = 443
to_port = 443
protocol = "tcp"
security_groups = ["${aws_security_group.alb-security-group.id}"]
}
ingress {
description = "HTTP/HTTPS Access"
from_port = 8080
to_port = 8080
protocol = "tcp"
security_groups = ["${aws_security_group.alb-security-group.id}"]
}
ingress {
description = "SSH Access"
from_port = 22
to_port = 22
protocol = "tcp"
security_groups = ["${aws_security_group.ssh-security-group.id}"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Web Server Security Group"
}
}
Load Balancer:负载均衡器:
# Target group for application load balancer
resource "aws_lb_target_group" "targetgroup" {
health_check {
interval = 5
path = "/"
protocol = "HTTP"
timeout = 2
healthy_threshold = 2
unhealthy_threshold = 2
}
stickiness {
type = "lb_cookie"
enabled = true
}
name = "targetgroup"
port = 8080
protocol = "HTTP"
target_type = "instance"
vpc_id = aws_vpc.OrchVPC.id
}
# Load Balancer Target Group attachment for first instance
resource "aws_lb_target_group_attachment" "myec2vm1tg1" {
target_group_arn = aws_lb_target_group.targetgroup.arn
target_id = aws_instance.myec2vm1.id
port = 8080
}
# Load Balancer Target Group attachment for second instance
resource "aws_lb_target_group_attachment" "myec2vm2tg1" {
target_group_arn = aws_lb_target_group.targetgroup.arn
target_id = aws_instance.myec2vm2.id
port = 8080
}
# Applicaiton Load Balancer
resource "aws_lb" "alb" {
name = "alb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.alb-security-group.id]
subnets = [aws_subnet.PublicSubnet1.id, aws_subnet.PublicSubnet2.id]
tags = {
Name = "alb"
}
timeouts {
create = "30m"
delete = "30m"
}
}
# Load Balancer Listener
resource "aws_lb_listener" "alblistener" {
load_balancer_arn = aws_lb.alb.arn
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.targetgroup.arn
}
}
1 个解决方案
解决方案1
0 2022-01-11 04:16:46
Can you check in console -> security group of those instances to ensure, it has given inbound rule so that load balancer can do the HTTP request to your web server.您能否检查这些实例的控制台 -> 安全组以确保它已提供入站规则,以便负载均衡器可以向您的 web 服务器执行 HTTP 请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何负载均衡AWS私有子网EC2实例 - How to load balance AWS private subnet EC2 instances
在AWS的EC2实例上设置负载均衡器 - Setting up load balancer at my EC2 instance at AWS
在负载均衡器上推送多个EC2实例 - Pushing to multiple EC2 instances on a load balancer
EC2实例已从负载均衡器中删除 - EC2 instances removed from load balancer
AWS:为什么对我的私有子网 EC2 实例进行负载平衡需要公共 IP? - AWS: Why is a public IP required for load-balancing to my private subnet EC2 instances?
在私有子网中设置 Redash 实例。 EC2 状态检查失败 - Setting up Redash Instance in private subnet. EC2 status check failed
如何将面向公共的负载均衡器连接到私有VPC中的EC2实例 - How do I connect a public-facing load balancer to EC2 instances in a private VPC
将静态私有IP地址设置为向AWS Elastic Load Balancer注册的AWS EC2实例 - Set static private IP addresses to AWS EC2 Instances registered with an AWS Elastic Load Balancer
用于 VPC 私有子网中 EC2 实例的 Amazon ELB - Amazon ELB for EC2 instances in private subnet in VPC
在私有子网中的EC2实例之间切换的AWS最佳方法 - AWS best method to ssh between EC2 instances in private subnet
相关标签