如何在 ECS 中使用前端和后端分离的负载均衡器?

tag-icon tag-icon load-balancing terraform amazon-ecs
如何在 ECS 中使用前端和后端分离的负载均衡器?

对于在 ECS 中部署的 django 应用程序容器,我对在 ECS AWS 中运行的负载均衡器进行了以下 terraform 配置:

resource "aws_lb" "api" {
  name               = "${local.prefix}-api"
  load_balancer_type = "application"
  subnets = [
    aws_subnet.public_a.id,
    aws_subnet.public_b.id
  ]

  security_groups = [aws_security_group.lb_api.id]

  tags = local.common_tags
}

resource "aws_lb_target_group" "api" {
  name        = "${local.prefix}-api"
  protocol    = "HTTP"
  vpc_id      = aws_vpc.main.id
  target_type = "ip"
  port        = 8000

  health_check {
    path = "/admin/login/"
  }
}

resource "aws_lb_listener" "api" {
  load_balancer_arn = aws_lb.api.arn
  port              = 80
  protocol          = "HTTP"

  default_action {
    type = "redirect"

    redirect {
      port        = "443"
      protocol    = "HTTPS"
      status_code = "HTTP_301"
    }
  }
}

resource "aws_lb_listener" "api_https" {
  load_balancer_arn = aws_lb.api.arn
  port              = 443
  protocol          = "HTTPS"

  certificate_arn = aws_acm_certificate_validation.cert.certificate_arn

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.api.arn
  }
}


resource "aws_security_group" "lb_api" {
  description = "Allow access to Application Load Balancer"
  name        = "${local.prefix}-lb-api"
  vpc_id      = aws_vpc.main.id

  ingress {
    protocol    = "tcp"
    from_port   = 80
    to_port     = 80
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol    = "tcp"
    from_port   = 443
    to_port     = 443
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    protocol    = "tcp"
    from_port   = 8000
    to_port     = 8000
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = local.common_tags
}

我有一个几乎相同的 React Frontend 容器文件。唯一的区别是将单词“api”替换为“frontend”,目标组端口(对于前端负载均衡器,端口为 80)和健康检查路径(对于前端,仅使用“/”)

当我仅部署 API 时,我可以在浏览器上正常访问应用程序。但是,当我添加前端负载均衡器时,我无法在浏览器中访问前端(错误“503 服务暂时不可用”)。django 应用程序继续运行,但过了一段时间,它也崩溃了。

我查看了 ECS UI,发现集群、任务和容器运行正常。但我在健康检查中不断收到错误。我认为这个错误可能与端口映射有关。但映射与容器定义文件。

这可能的原因是什么?

相关内容