amazon-web-services - 无法使用 https 通过 EC2 上的画面进行连接
问题描述
我正在实例tableau server 2021-1-2上运行。我可以使用端口上EC2的默认公共 ip 进行连接80,也可以使用. 使用我定义的主机名也是如此。我遇到的唯一问题是尽管遵循了几条准则,但我无法使用 https 进行连接。8050Tableau TSM UI
我在安全组、负载均衡器、证书上设置了端口,我等了好几个小时,因为我看到 ssl 证书可能需要半个多小时而什么也没有。
我可以使用以下方式连接:
http://my_domain.domain
但不是:
https://my_domain.domain
我在浏览器中收到以下错误:无法连接到服务器https://my_domain.domain。
我运行curl -i https://my_domain.domain
它返回:
curl: (7) Failed to connect to my_domain.domainport 443: Connection refused
我的实例的安全组具有以下端口(您也可以在 tf 中看到它):
这里有我的 tf 设置。
我做了EC2设置:
resource "aws_instance" "tableau" {
ami = var.ami
instance_type = var.instance_type
associate_public_ip_address = true
key_name = var.key_name
subnet_id = compact(split(",", var.public_subnets))[0]
vpc_security_group_ids = [aws_security_group.tableau-sg.id]
root_block_device{
volume_size = var.volume_size
}
tags = {
Name = var.namespace
}
}
我使用以下方法创建了负载均衡器设置:
resource "aws_lb" "tableau-lb" {
name = "${var.namespace}-alb"
load_balancer_type = "application"
internal = false
subnets = compact(split(",", var.public_subnets))
security_groups = [aws_security_group.tableau-sg.id]
ip_address_type = "ipv4"
enable_cross_zone_load_balancing = true
lifecycle {
create_before_destroy = true
}
idle_timeout = 300
}
resource "aws_alb_listener" "https" {
depends_on = [aws_alb_target_group.target-group]
load_balancer_arn = aws_lb.tableau-lb.arn
protocol = "HTTPS"
port = "443"
ssl_policy = "my_ssl_policy"
certificate_arn = "arn:xxxx"
default_action {
target_group_arn = aws_alb_target_group.target-group.arn
type = "forward"
}
lifecycle {
ignore_changes = [
default_action.0.target_group_arn,
]
}
}
resource "aws_alb_target_group" "target-group" {
name = "${var.namespace}-group"
port = 80
protocol = "HTTP"
vpc_id = var.vpc_id
target_type = "instance"
health_check {
healthy_threshold = var.health_check_healthy_threshold
unhealthy_threshold = var.health_check_unhealthy_threshold
timeout = var.health_check_timeout
interval = var.health_check_interval
path = var.path
}
tags = {
Name = var.namespace
}
lifecycle {
create_before_destroy = false
}
depends_on = [aws_lb.tableau-lb]
}
resource "aws_lb_target_group_attachment" "tableau-attachment" {
target_group_arn = aws_alb_target_group.target-group.arn
target_id = aws_instance.tableau.id
port = 80
}
安全组:
resource "aws_security_group" "tableau-sg" {
name_prefix = "${var.namespace}-sg"
tags = {
Name = var.namespace
}
vpc_id = var.vpc_id
# HTTP from the load balancer
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# HTTP from the load balancer
ingress {
from_port = 8850
to_port = 8850
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# HTTP from the load balancer
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# 443 secure access from anywhere
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}
还使用以下方法设置主机名域:
resource "aws_route53_record" "tableau-record-dns" {
zone_id = var.route_53_zone_id
name = "example.hostname"
type = "A"
ttl = "300"
records = [aws_instance.tableau.public_ip]
}
resource "aws_route53_record" "tableau-record-dns-https" {
zone_id = var.route_53_zone_id
name = "asdf.example.hostname"
type = "CNAME"
ttl = "300"
records = ["asdf.acm-validations.aws."]
}
解决方案
终于解决了这个问题,它与记录 A 相关。我在那里分配了一个 ip,它不可能通过那里的负载均衡器重定向到一个特定的 ip。我将流量重定向到一个ELB并且工作正常
推荐阅读
- c++ - Cout.width() 添加意外的 0
- javascript - 直接从浏览器进行视频直播
- r - 使用 fwrite 在 R 中包含字符字段的引号
- php - 错误:SQLSTATE[HY000] 字段 'comment_id' 没有默认值(SQL:插入到 `products` (..)
- powerbi - 如何更改 Power BI 按日期而不是按字母顺序排序?
- excel - VBA 中无法识别的定义名称
- r - 计数保存另一列
- apache-kafka - Apache Kafka 中的分区领导者是什么?
- r - R - 加权和
- oracle - SOA maven 原型不允许我使用 Maven 创建项目。请指教