Amazon web services 如何修复负载平衡器中的504错误
我是terraform的新手,我正在尝试创建一个简单的结构,一个ALB 2服务器,一个简单的应用程序和一个db实例,但是我在访问ALB的DNS时遇到了一个504错误,检查amazon文档意味着负载平衡器建立了与目标的连接,但目标在空闲超时时间之前没有响应。我已经检查了代码100次,但找不到错误。这是我的alb配置:Amazon web services 如何修复负载平衡器中的504错误,amazon-web-services,terraform,Amazon Web Services,Terraform,我是terraform的新手,我正在尝试创建一个简单的结构,一个ALB 2服务器,一个简单的应用程序和一个db实例,但是我在访问ALB的DNS时遇到了一个504错误,检查amazon文档意味着负载平衡器建立了与目标的连接,但目标在空闲超时时间之前没有响应。我已经检查了代码100次,但找不到错误。这是我的alb配置: #ASG resource "aws_launch_configuration" "web-lc" { name
#ASG
resource "aws_launch_configuration" "web-lc" {
name = "web-lc"
image_id = "ami-0fc970315c2d38f01"
instance_type = "t2.micro"
security_groups = [aws_security_group.ec2-webServers-sg.id]
key_name = "practica_final_kp"
user_data = <<-EOF
#!/bin/bash
sudo yum update -y
sudo yum install -y docker
sudo service docker start
sudo docker run -d --name rtb -p 8080:8080 vermicida/rtb
EOF
}
resource "aws_autoscaling_group" "ec2-web-asg" {
name = "ec2-web-asg"
max_size = 2
min_size = 2
force_delete = true
launch_configuration = aws_launch_configuration.web-lc.name
vpc_zone_identifier = [aws_subnet.public-subnet1.id, aws_subnet.public-subnet2.id]
tag {
key = "Name"
value = "ec2-web-asg"
propagate_at_launch = "true"
}
}
#ALB
resource "aws_alb_target_group" "tg-alb" {
name = "tg-alb"
port = 80
protocol = "HTTP"
target_type = "instance"
vpc_id = aws_vpc.final-vpc.id
}
resource "aws_alb" "web-alb" {
name = "web-alb"
internal = false
subnets = [aws_subnet.public-subnet1.id, aws_subnet.public-subnet2.id]
security_groups = [aws_security_group.lb-sg.id]
}
resource "aws_alb_listener" "front_end" {
load_balancer_arn = aws_alb.web-alb.id
port = "80"
protocol = "HTTP"
default_action {
target_group_arn = aws_alb_target_group.tg-alb.id
type = "forward"
}
}
resource "aws_autoscaling_attachment" "asg_attachment" {
autoscaling_group_name = aws_autoscaling_group.ec2-web-asg.id
alb_target_group_arn = aws_alb_target_group.tg-alb.arn
}
看起来您在EC2实例上的服务正在端口
8080
上运行,但您的目标组指向端口80
。您需要将目标组端口更改为8080
安全组和VPC网络ACL也可能存在阻止流量的问题,但是您的问题中没有包含
aws\u security\u group.ec2 webServers sg.id
的定义。感谢您的回答,我已经添加了安全组,我将其更改为端口8080,现在我收到了无法访问站点的消息…我是否还必须更改alb侦听器的端口?我想没有,但只是为了确保…没有ALB侦听器应该保持端口80。我建议登录EC2服务器并通过执行类似于curl的操作来验证应用程序是否正在运行http://localhost:8080
resource "aws_security_group" "ec2-webServers-sg" {
name = "ec2-webServers-sg"
vpc_id = aws_vpc.final-vpc.id
ingress {
description = "APP"
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = ["10.0.1.0/24", "10.0.2.0/24"]
}
egress {
description = "SQL"
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = ["10.0.10.0/24", "10.0.20.0/24"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "F-web-servers-sg"
}
}