堆栈内存溢出
  简体   繁体   English

来自 ec2 实例的端口 80 的 ELB 连接问题

[英]ELB connection issue for port 80 from ec2 instance

 原文  2022-01-09 10:22:51       amazon-web-services/ amazon-ec2/ amazon-elb

问题描述

I have a loadbalancer classic2-**.us-east-1.elb.amazonaws.com and its public, i have whitelisted the port 443 and 80 for all connection and was connecting fine from another public ec2 server as expected:我有一个负载均衡器 classic2-**.us-east-1.elb.amazonaws.com 及其公共,我已将所有连接的端口 443 和 80 列入白名单,并且按预期从另一个公共 ec2 服务器连接良好:

...
ec21~]#telnet classic2-**.us-east-1.elb.amazonaws.com 80
Trying ***...
Connected to ec2-***.compute-1.amazonaws.com.
Escape character is '^]'.
...

Later I changed the incoming security gruop for the loadbalancer for port 80 and allowed only ec2 to access port 80 for the loadbalancer.后来我将负载均衡器的传入安全组更改为端口 80,并且只允许 ec2 访问负载均衡器的端口 80。 For that I have edited the security group for the loadbalancer inbound rule and added source as ec2 security grop name (sg-****).为此,我编辑了负载均衡器入站规则的安全组,并将源添加为 ec2 安全组名称 (sg-****)。 After saving that rule I tried telnet to port 80 from ssh to loadbalancer but its not accespting the connection:保存该规则后,我尝试从 ssh 远程登录到端口 80 到负载均衡器,但它不接受连接:

....
# telnet classic2-**.us-east-1.elb.amazonaws.com 80
Trying ****...
telnet: connect to address ****: Connection timed out
....

Not sure why its rejecting.不知道为什么它拒绝。 Both instance and elb are in public subnet and elb not working with ec2 instance security group as source.实例和 elb 都在公共子网中,并且 elb 不使用 ec2 实例安全组作为源。

Any advice, thanks任何建议,谢谢

1 个解决方案

解决方案1
 0  2022-01-09 10:44:45

I suspect that the Load Balancer is configured as a Public Load Balancer .我怀疑负载均衡器被配置为公共负载均衡器 As a result, the DNS Name will resolve to a Public IP address .因此,DNS 名称将解析为公共 IP 地址 Therefore, the telnet connection will be connecting to the Public IP address of the load balancer.因此,telnet 连接将连接到负载均衡器的公共 IP 地址。 (You can test this by resolving the DNS Name to an IP address, such as using nslookup or even ping .) (您可以通过将 DNS 名称解析为 IP 地址来进行测试,例如使用nslookup甚至ping 。)

However, when one security group refers to another security group, it permits the connection via a Private IP address because it expects the connections to happen totally within the VPC.但是,当一个安全组引用另一个安全组时,它允许通过私有 IP 地址进行连接,因为它希望连接完全发生在 VPC 内。

There are two ways to resolve this:有两种方法可以解决这个问题:

  • Change the Load Balancer to be an Internal Load Balancer , OR将负载均衡器更改为内部负载均衡器或者
  • Change the security group to permit inbound connections from the Public IP address of the instance, rather than the Security Group identifier更改安全组以允许来自实例的公共 IP 地址的入站连接,而不是安全组标识符

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 EC2端口80:连接被拒绝 - EC2 port 80: Connection refused AWS EC2 端口 80 连接被拒绝 - Aws EC2 port 80 connection refused AWS将端口8000从Elb转发到EC2的端口8000 - AWS forward port 8000 from elb to port 8000 of EC2 终止时如何自动从AWS ELB注销EC2实例? - How to automatically deregister EC2 instance from AWS ELB on termination? 从EC2实例内部获取ELB名称 - Get ELB name from inside EC2 instance 如何允许从EC2实例连接到我的ELB - How allow connection to my ELB from my EC2 instances AWS EC2 实例连接超时问题 - AWS EC2 instance connection timeout issue AWS EC2 实例连接问题 - AWS EC2 instance connection issue 从 AWS EC2 和负载均衡器上的端口 80 到 8000 - From port 80 to 8000 on AWS EC2 and Load Balancer 使用 ELB 的 EC2 实例运行状况 - EC2 Instance Health Using ELB
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM