Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 使用NLB时,仅指定HTTPS有效,而不指定HTTP_Amazon Web Services_Terraform_Amazon Elb_Aws Load Balancer - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 使用NLB时,仅指定HTTPS有效,而不指定HTTP

Amazon web services 使用NLB时,仅指定HTTPS有效,而不指定HTTP

amazon-web-services terraform

Amazon web services 使用NLB时,仅指定HTTPS有效,而不指定HTTP,amazon-web-services,terraform,amazon-elb,aws-load-balancer,Amazon Web Services,Terraform,Amazon Elb,Aws Load Balancer,我对在AWS中配置LoadBalancer(NLB)感到困惑。在如下配置LB时(它是Terraform文件),我从未指定HTTPS协议。然而,在LB启动后,我只能通过https://LB_ARN:80当我点击http://LB_ARN:80。我对原因很困惑,而且更让人困惑的是使用https://LB_ARN:80作为DNS,我的浏览器(Chrome)告诉我该站点不安全(尽管它是HTTPS)。需要帮忙吗 resource "aws_lb" "boundary"

我对在AWS中配置LoadBalancer(NLB)感到困惑。在如下配置LB时(它是Terraform文件),我从未指定HTTPS协议。然而,在LB启动后,我只能通过
https://LB_ARN:80
当我点击
http://LB_ARN:80
。我对原因很困惑,而且更让人困惑的是使用
https://LB_ARN:80
作为DNS,我的浏览器(Chrome)告诉我该站点不安全(尽管它是HTTPS)。需要帮忙吗

resource "aws_lb" "boundary" {
  name               = "boundary-nlb"
  load_balancer_type = "network"
  internal           = false
  subnets            = data.terraform_remote_state.network.outputs.tokyo_vpc_main.public_subnet_ids

  tags = merge(local.common_tags, {
    Name = "boundary-${terraform.workspace}-controller-nlb"
    })
}

resource "aws_lb_target_group" "boundary" {
  name     = "boundary-nlb"
  port     = 9200
  protocol = "TCP"
  vpc_id   = data.terraform_remote_state.network.outputs.tokyo_vpc_main.vpc_id

  stickiness {
    enabled = false
    type    = "source_ip"
  }
  tags = merge(local.common_tags, {
    Name = "boundary-${terraform.workspace}-controller-nlb-tg"
    })
}

resource "aws_lb_target_group_attachment" "boundary" {
  count            = var.num_controllers
  target_group_arn = aws_lb_target_group.boundary.arn
  target_id        = aws_instance.controller[count.index].id
  port             = 9200
}

resource "aws_lb_listener" "boundary" {
  load_balancer_arn = aws_lb.boundary.arn
  port              = "80"
  protocol          = "TCP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.boundary.arn
  }
}

resource "aws_security_group" "boundary_lb" {
  vpc_id = data.terraform_remote_state.network.outputs.tokyo_vpc_main.vpc_id

  tags = merge(local.common_tags, {
    Name = "boundary-${terraform.workspace}-controller-nlb-sg"
    })
}

resource "aws_security_group_rule" "allow_9200" {
  type              = "ingress"
  from_port         = 9200
  to_port           = 9200
  protocol          = "tcp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.boundary_lb.id
}
在我看来,这是后端服务器的配置错误。具体来说,它们似乎在端口80上提供HTTPS连接

由于您将NLB与TCP协议一起使用,因此任何HTTPS连接都会转发到后端服务器。也就是说,NLB上没有SSL终止。因此,即使您没有在NLB设置中指定HTTPS,HTTPS连接也会在TCP的基础上转发到后端实例。后端实例在错误的端口上使用自签名SSL证书(而不是NLB)处理HTTPS。这将解释来自浏览器的警告

我建议您检查后端服务的配置,并确保在端口80上提供HTTP服务,而不是像现在这样提供HTTPS服务