我很难排除为什么不通过负载均衡器提供EC2实例上托管的静态页面的原因。
我确定EC2实例配置正确,因为: - 当关联的安全组中允许入站ICMP时,我可以ping实例 - 当我将实例的公共名称添加到Outputs部分时,我可以浏览网页(虽然我不想直接这样做,因为实例应该位于负载均衡器后面)。
所以我认为安全组和/或网络路由存在问题。
以下是CloudFormation模板的简化版本(应该在AWSTemplateFormatVersion: 2010-09-09
Resources:
VPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 10.0.0.0/16
InstanceTenancy: default
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
IGW:
Type: 'AWS::EC2::InternetGateway'
IGWAttachment:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref IGW
PublicSubnet:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.0.0/24
AvailabilityZone: eu-west-1a
MapPublicIpOnLaunch: 'True'
VpcId: !Ref VPC
App:
Type: 'AWS::EC2::Instance'
Properties:
DisableApiTermination: 'false'
InstanceInitiatedShutdownBehavior: stop
ImageId: ami-70edb016
InstanceType: t2.micro
Monitoring: 'false'
UserData: >-
IyEvYmluL2Jhc2gNCnl1bSB1cGRhdGUgLXkNCnl1bSBpbnN0YWxsIC15IGh0dHBkMjQNCnNlcnZpY2UgaHR0cGQgc3RhcnQNCmNoa2NvbmZpZyBodHRwZCBvbg0KZ3JvdXBhZGQgd3d3DQp1c2VybW9kIC1hIC1HIHd3dyBlYzItdXNlcg0KY2hvd24gLVIgcm9vdDp3d3cgL3Zhci93d3cNCmNobW9kIDI3NzUgL3Zhci93d3cNCmZpbmQgL3Zhci93d3cgLXR5cGUgZCAtZXhlYyBjaG1vZCAyNzc1IHt9ICsNCmZpbmQgL3Zhci93d3cgLXR5cGUgZiAtZXhlYyBjaG1vZCAwNjY0IHt9ICsNCmVjaG8gJzxodG1sPjxoZWFkPjx0aXRsZT5TdWNjZXNzITwvdGl0bGU+PC9oZWFkPjxib2R5PlN1Y2Nlc3MhPC9ib2R5PjwvaHRtbD4nID4gL3Zhci93d3cvaHRtbC9kZW1vLmh0bWw=
NetworkInterfaces:
- AssociatePublicIpAddress: 'true'
DeleteOnTermination: 'true'
Description: Primary network interface
DeviceIndex: 0
SubnetId: !Ref PublicSubnet
GroupSet:
- !Ref SGApp
ELB:
Type: 'AWS::ElasticLoadBalancing::LoadBalancer'
Properties:
Subnets:
- !Ref PublicSubnet
Instances:
- !Ref App
SecurityGroups:
- !Ref SGELB
Listeners:
- LoadBalancerPort: '80'
InstancePort: '80'
Protocol: HTTP
HealthCheck:
Target: 'HTTP:80/'
HealthyThreshold: '3'
UnhealthyThreshold: '5'
Interval: '15'
Timeout: '5'
SGELB:
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref VPC
AllowInboundHTTPToELB:
Type: 'AWS::EC2::SecurityGroupIngress'
Properties:
GroupId: !Ref SGELB
IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
SGApp:
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref VPC
AllowInboundHTTPFromELB:
Type: 'AWS::EC2::SecurityGroupIngress'
Properties:
GroupId: !Ref SGApp
IpProtocol: tcp
FromPort: '80'
ToPort: '80'
SourceSecurityGroupId: !Ref SGELB
RouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref VPC
PublicRoute:
Type: 'AWS::EC2::Route'
Properties:
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref RouteTable
GatewayId: !Ref IGW
SubnetRouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref PublicSubnet
Outputs:
LoadBalancerDNSName:
Value: !GetAtt ELB.DNSName
中启动):
*
答案 0 :(得分:1)
我解密了您的UserData
并且看到您没有index.html,HTTP:80/
默认会查找index.html。由于没有index.html httpd
会重定向到带有unhealthy
302响应代码的测试页,正如您在评论中提到的那样TCP:80可以正常工作或使用HTTP:80/demo.html
#!/bin/bash
yum update -y
yum install -y httpd24
service httpd start
chkconfig httpd on
groupadd www
usermod -a -G www ec2-user
chown -R root:www /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} +
find /var/www -type f -exec chmod 0664 {} +
echo '<html><head><title>Success!</title></head><body>Success!</body></html>' > /var/www/html/demo.html
答案 1 :(得分:1)
一旦您的CF模板创建了资源,请检查负载均衡器控制台下的ELB中的EC2实例是否处于正常状态。如果它不健康,它将不会将流量路由到它。