我们需要使用ec2创建一个ecs集群,并使用现有的应用程序负载均衡器。
经过多次尝试和错误,我设法使它工作,但它总是在端口80上创建一个额外的默认目标组。
这是我的代码(根据需要使用java):
cluster = Cluster.Builder.create(scope, "my-ecs-cluster").vpc(awsNetwork.getVpc()).capacity(AddCapacityOptions.builder().instanceType(new InstanceType("m5n.xlarge")).minCapacity(1).maxCapacity(1).desiredCapacity(1).associatePublicIpAddress(true).vpcSubnets(SubnetSelection.builder().subnetType(SubnetType.PUBLIC).availabilityZones(Arrays.asList("us-west-2a", "us-west-2c")).build()).build()).build();taskDefinition = Ec2TaskDefinition.Builder.create(scope, "my-taskDefinition").executionRole(Role.fromRoleArn(scope, "my-exec-role", "role-arn...")).build();containerDef = ContainerDefinition.Builder.create(scope, "my-ecs-container").essential(true).memoryLimitMiB(2048).memoryReservationMiB(2048).image(ContainerImage.fromEcrRepository(Repository.fromRepositoryName(scope,"my-ecr","my-image"),"latest")).taskDefinition(taskDefinition).build();containerDef.addPortMappings(PortMapping.builder().hostPort(0).containerPort(443).protocol(Protocol.TCP).build());taskDefinition.setDefaultContainer(containerDef);ApplicationLoadBalancerLookupOptions balancerLookupOptions = ApplicationLoadBalancerLookupOptions.builder().loadBalancerArn("arn:aws:my-alb-arn").build();loadBalancer = ApplicationLoadBalancer.fromLookup(scope, "my-alb", balancerLookupOptions);balancedEc2Service = ApplicationLoadBalancedEc2Service.Builder.create(scope, "my-ec2-service").cluster(cluster).desiredCount(1).taskDefinition(taskDefinition).loadBalancer(loadBalancer).cpu(1).memoryLimitMiB(2048).build();balancedEc2Service.getService().addPlacementStrategies(PlacementStrategy.spreadAcross("attribute:ecs.availability-zone", "instanceId"));HealthCheck healthCheck = HealthCheck.builder().path("/healthCheck").protocol(software.amazon.awscdk.services.elasticloadbalancingv2.Protocol.HTTPS).port("traffic-port").unhealthyThresholdCount(2).interval(Duration.seconds(30)).healthyThresholdCount(5).timeout(Duration.seconds(5)).build();balancedEc2Service.getTargetGroup().setHealthCheck(healthCheck);ListenerCertificate listenerCertificate = ListenerCertificate.fromCertificateManager(Certificate.fromCertificateArn(scope, "dis-certificate-1", "arn:aws:acm:us-west-2:245459132561:certificate/d2962594-8a40-4f36-abd4-62a6d91d0250"));ApplicationTargetGroup targetGroup = ApplicationTargetGroup.Builder.create(scope, "dis-receiver-targetGroup").protocol(ApplicationProtocol.HTTPS).port(443).healthCheck(healthCheck).vpc(awsNetwork.getVpc()).build();ApplicationListener.Builder.create(scope, "dis-receiver-listener").loadBalancer(loadBalancer).defaultTargetGroups(Collections.singletonList(targetGroup)).protocol(ApplicationProtocol.HTTPS).port(443).certificates(Collections.singletonList(listenerCertificate)).build();balancedEc2Service.getService().attachToApplicationTargetGroup(targetGroup);
其中一个目标组是我在代码中创建的。
另一个是自动创建的,它指向端口80:
如果不使用 balancedEc2Service.getService().attachToApplicationTargetGroup(targetGroup); 我将其直接设置到服务中,例如:
balancedEc2Service = ApplicationLoadBalancedEc2Service.Builder.create(scope, "my-ec2-service").cluster(cluster).desiredCount(1).taskDefinition(taskDefinition).loadBalancer(loadBalancer).cpu(1).memoryLimitMiB(2048)// New code.listenerPort(443).protocol(ApplicationProtocol.HTTPS).certificate(myCertificate).domainName(myDomainName).domainZone(myDomainZone)//.build();
它只创建一个targetgroup,并链接到ecs上的端口443:
但是,目标组本身位于端口80上,因此应用程序超时:
如何使用https配置单个目标组?
暂无答案!
目前还没有任何答案,快来回答吧!