Route53 – ECS Fargate 负载均衡器 – “无法访问此站点”

Route53 – ECS Fargate Load Balancer – "This site can't be reached"

提问人:busuu 提问时间:11/15/2023 更新时间:11/15/2023 访问量:48

问:

我正在尝试将我的 ECS Fargate 负载均衡器附加到 Route53,但域已失效。

负载均衡器 DNS 名称工作正常。它很健康。后端已通过 ECS Fargate DNS 名称部署并正常工作。

但是由于某种原因,我的域名不起作用。

  1. 我已将 A 记录设置为我的托管区域并附加了 ECS Fargate LB:

enter image description here

  1. 当我尝试访问我的网站时,它根本无法加载:

enter image description here

  1. 证明我的 ECS Fargate 负载均衡器 + 自定义部署的后端通过其 DNS 名称工作正常:

enter image description here

  1. 这是我在 Terraform 中写的:/modules/ecs/main.tf
# ECS cluster
resource "aws_ecs_cluster" "notes_ecs_cluster" {
    name = "notes-api-dev-cluster"

    tags = {
        Name        = "${var.environment}-ecs-cluster"
        Environment = var.environment
    }
}

# Configure the above ECS Cluster to support FARGATE_SPOT instead of FARGATE
resource "aws_ecs_cluster_capacity_providers" "notes_ecs_cluster_capacity_providers" {
    cluster_name       = aws_ecs_cluster.notes_ecs_cluster.name
    capacity_providers = ["FARGATE_SPOT", "FARGATE"]

    default_capacity_provider_strategy {
        base              = 0
        weight            = 1
        capacity_provider = "FARGATE_SPOT"
    }
}

# For service discovery
resource "aws_service_discovery_http_namespace" "notes_service_discovery_http_namespace" {
    name = aws_ecs_cluster.notes_ecs_cluster.name

    tags = {
        AmazonECSManaged = "true"
    }
}

# Task definition
resource "aws_ecs_task_definition" "notes_ecs_task_definition" {
    # Task definition configuration
    family = "notes-api-task-definition"

    # Infrastructure requirements
    requires_compatibilities = ["FARGATE"]
    network_mode             = "awsvpc"
    execution_role_arn       = "arn:aws:iam::396280700779:role/ecsTaskExecutionRole"
    cpu                      = "1 vCPU"
    memory                   = "3 GB"

    runtime_platform {
        operating_system_family = "LINUX"
        cpu_architecture        = "X86_64"
    }

    # Container – 1
    container_definitions = jsonencode([
        {
            name         = "notes-api-container"
            image        = "${var.ecr_image_uri}:latest"
            cpu          = 0
            portMappings = [
                {
                    name          = "notes-api-container-8080-tcp",
                    containerPort = 8080
                    hostPort      = 8080,
                    protocol      = "tcp",
                    appProtocol   = "http"
                }
            ],
            essential   = true
            environment = [
                {
                    name  = "AWS_RDS_DATABASE_HOST",
                    value = var.rds_database_host_name
                },
                {
                    name  = "AWS_RDS_DATABASE",
                    value = "notes_db"
                },
                {
                    name  = "AWS_RDS_DATABASE_USERNAME",
                    value = "postgres"
                },
                {
                    name  = "AWS_RDS_DATABASE_PASSWORD",
                    value = "password"
                }
            ],
            environmentFiles = [],
            mountPoints      = [],
            volumesFrom      = [],
            ulimits          = []
        }
    ])

    tags = {
        Name        = "${var.environment}-task-definition"
        Environment = var.environment
    }
}

resource "aws_lb" "notes_lb" {
    name                       = "notes-api-ecs-lb"
    load_balancer_type         = "application"
    security_groups            = [var.notes_lb_security_group_id]
    subnets                    = var.public_subnets_cidr
    enable_deletion_protection = false

    tags = {
        Name        = "${var.environment}-ecs-lb"
        Environment = var.environment
    }
}

resource "aws_lb_target_group" "notes_lb_target_group" {
    name        = "notes-api-ecs-tg"
    protocol    = "HTTP"
    target_type = "ip"
    port        = 8080
    vpc_id      = var.vpc_id

    health_check {
        path                = "/actuator/health"
        protocol            = "HTTP"
        enabled             = true
        interval            = 30
        timeout             = 5
        healthy_threshold   = 10
        unhealthy_threshold = 2
    }

    lifecycle {
        create_before_destroy = true
    }

    tags = {
        Name        = "${var.environment}-ecs-tg"
        Environment = var.environment
    }
}

resource "aws_lb_listener" "notes_lb_listener" {
    load_balancer_arn = aws_lb.notes_lb.arn
    protocol          = "HTTP"
    port              = 80

    default_action {
        type             = "forward"
        target_group_arn = aws_lb_target_group.notes_lb_target_group.arn
    }

    lifecycle {
        create_before_destroy = true
    }

    tags = {
        Name        = "${var.environment}-ecs-lb-listener"
        Environment = var.environment
    }
}

# ECS service
resource "aws_ecs_service" "notes_ecs_service" {
    # Deployment configuration
    name                              = "notes-api-service"
    cluster                           = aws_ecs_cluster.notes_ecs_cluster.id
    task_definition                   = aws_ecs_task_definition.notes_ecs_task_definition.arn
    launch_type                       = "FARGATE"
    desired_count                     = 1
    health_check_grace_period_seconds = 0

    # Networking
    network_configuration {
        subnets          = var.private_subnets_cidr
        security_groups  = [var.notes_fargate_security_group_id]
        assign_public_ip = false
    }

    # Load balancing
    load_balancer {
        container_name   = "notes-api-container"
        target_group_arn = aws_lb_target_group.notes_lb_target_group.arn
        container_port   = 8080
    }

    tags = {
        Name        = "${var.environment}-ecs-service"
        Environment = var.environment
    }
}
amazon-web-services terraform amazon-ecs aws-fargate

评论

0赞 Mark B 11/15/2023
这是浏览器中的DNS错误。浏览器找不到您在 Route53 中创建的记录。使用如下的DNS测试工具:mxtoolbox.com/DNSCheck.aspx 测试您的DNS是否正确配置和传播。
0赞 busuu 11/15/2023
@MarkB我刚刚通过该工具进行了检查。一切似乎都在绿色中传播。我还能尝试什么?有什么命令吗? 命令返回但返回错误。当我尝试访问域时,然后“无法解析 domain.com:未知主机”。如果我尝试使用 LB DNS 名称,它会开始 ping 但从未收到任何数据包,从而导致 100% 的数据包丢失dig notes-api-...-.eu-central-1.elb.amazonaws.comNOERRORdig domain.comSERVFAILpingping
1赞 Mark B 11/15/2023
由于某种原因,您正在测试的计算机无法获取 DNS 记录。如果在线测试工具说一切正常,但您无法在本地运行以查看域,则这是您的计算机或本地网络的问题。尝试重新启动计算机。dig
0赞 busuu 11/15/2023
@MarkB我尝试从我的 iPhone、Android 和笔记本电脑访问该网站。他们都不能打开网站。这是相同的错误消息。您可以尝试打开它并查看 API 是否显示吗?api.milanobrenovic.com 这是一个用于我个人开发测试的虚拟网站域名。让我知道它是否适合您,或者您是否可以在 DNS 测试工具中找到一些错误
0赞 Mark B 11/15/2023
当我转到该页面时,我从您的服务器返回了一个 404 错误页面。所以它正在攻击你的 API 服务器。

答: 暂无答案

上一个:通过启动模板中的用户数据脚本将实例连接到 ECS 集群无法正常工作

下一个:为什么从 AWS ECS 发起的请求响应超时?