Amazon web services 使用NLB时,仅指定HTTPS有效,而不指定HTTP
我对在AWS中配置LoadBalancer(NLB)感到困惑。在如下配置LB时(它是Terraform文件),我从未指定HTTPS协议。然而,在LB启动后,我只能通过Amazon web services 使用NLB时,仅指定HTTPS有效,而不指定HTTP,amazon-web-services,terraform,amazon-elb,aws-load-balancer,Amazon Web Services,Terraform,Amazon Elb,Aws Load Balancer,我对在AWS中配置LoadBalancer(NLB)感到困惑。在如下配置LB时(它是Terraform文件),我从未指定HTTPS协议。然而,在LB启动后,我只能通过https://LB_ARN:80当我点击http://LB_ARN:80。我对原因很困惑,而且更让人困惑的是使用https://LB_ARN:80作为DNS,我的浏览器(Chrome)告诉我该站点不安全(尽管它是HTTPS)。需要帮忙吗 resource "aws_lb" "boundary"
https://LB_ARN:80
当我点击http://LB_ARN:80
。我对原因很困惑,而且更让人困惑的是使用https://LB_ARN:80
作为DNS,我的浏览器(Chrome)告诉我该站点不安全(尽管它是HTTPS)。需要帮忙吗
resource "aws_lb" "boundary" {
name = "boundary-nlb"
load_balancer_type = "network"
internal = false
subnets = data.terraform_remote_state.network.outputs.tokyo_vpc_main.public_subnet_ids
tags = merge(local.common_tags, {
Name = "boundary-${terraform.workspace}-controller-nlb"
})
}
resource "aws_lb_target_group" "boundary" {
name = "boundary-nlb"
port = 9200
protocol = "TCP"
vpc_id = data.terraform_remote_state.network.outputs.tokyo_vpc_main.vpc_id
stickiness {
enabled = false
type = "source_ip"
}
tags = merge(local.common_tags, {
Name = "boundary-${terraform.workspace}-controller-nlb-tg"
})
}
resource "aws_lb_target_group_attachment" "boundary" {
count = var.num_controllers
target_group_arn = aws_lb_target_group.boundary.arn
target_id = aws_instance.controller[count.index].id
port = 9200
}
resource "aws_lb_listener" "boundary" {
load_balancer_arn = aws_lb.boundary.arn
port = "80"
protocol = "TCP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.boundary.arn
}
}
resource "aws_security_group" "boundary_lb" {
vpc_id = data.terraform_remote_state.network.outputs.tokyo_vpc_main.vpc_id
tags = merge(local.common_tags, {
Name = "boundary-${terraform.workspace}-controller-nlb-sg"
})
}
resource "aws_security_group_rule" "allow_9200" {
type = "ingress"
from_port = 9200
to_port = 9200
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.boundary_lb.id
}
在我看来,这是后端服务器的配置错误。具体来说,它们似乎在端口80上提供HTTPS连接 由于您将NLB与TCP协议一起使用,因此任何HTTPS连接都会转发到后端服务器。也就是说,NLB上没有SSL终止。因此,即使您没有在NLB设置中指定HTTPS,HTTPS连接也会在TCP的基础上转发到后端实例。后端实例在错误的端口上使用自签名SSL证书(而不是NLB)处理HTTPS。这将解释来自浏览器的警告 我建议您检查后端服务的配置,并确保在端口80上提供HTTP服务,而不是像现在这样提供HTTPS服务