AWS Load Balancer到同一服务器上的多个端口，没有PAT [英] AWS Load Balancer to multiple ports on the same server with no PAT

问题描述

我有一个EC2网络服务器，该服务器正在提供一个监听端口80、8080、443和8443的应用程序.外部客户端需要在这些端口上与其通信(无端口转换).我正在尝试将其放在负载均衡器后面，但是过多的必需端口使我感到困惑.

I have an EC2 webserver which is serving up an app that listens on ports 80,8080, 443 and 8443. Outside clients need to talk to it on those ports (no port translations). I'm trying to put this behind a load balancer but the plethora of required ports is confusing me.

我有一个ALB监听4个端口，所有端口都转发到同一目标组. 目标"组的默认端口为443，但已将Web服务器注册为4个不同的目标，每个目标一个(80,8080,443,8443).

I have one ALB listening on the 4 ports, all forwarding to the same Target Group. The Target group has a default port of 443 but has the web server registered as 4 different targets, one for each of the ports (80,8080,443,8443).

这是解决此问题的正确方法吗?流量似乎无法正确流动.我担心ALB在443上接收流量，并将其转发到服务器的另一个端口，从注册目标中选择端口.我是否需要4个不同的目标组，每个目标组只有1个注册目标?

Is this the correct way to go about this? Traffic doesn't seem to be flowing correctly. I'm concerned the ALB is receiving traffic on 443 and fowarding it to the server a different port, picking ports from the Registered targets. Do I need 4 different target groups, each with only 1 registered target?

推荐答案

如果需要，您需要设置侦听器以使用相同的端口号(80-> 80，443-> 443，...)连接到后端.您不需要任何端口转换.

You will need to setup your listeners to connect to the backend using the same port numbers (80->80, 443->443, ...) if you do not want any port translations.

因此，在您的设置中，您将需要在80、443、8080、8443端口上侦听后端.

So in your setup you will need your backend listening on ports 80, 443, 8080, 8443.

您将需要设置ALB侦听器以侦听80、443、8080、8443.您的侦听器会将请求转发到正在侦听的同一端口(80-> 80、443-> 443，...).

You will need ALB listeners setup to listen on 80, 443, 8080, 8443. Your listeners will forward requests to the same port that it is listening on (80 -> 80, 443 -> 443, ....)

确保正确设置侦听器的类型以匹配您的协议(HTTP或HTTTP).如果您的侦听器配置为443-> 443和HTTPS-> HTTPS，那么您将需要在后端配置SSL证书.否则，您可以将您的侦听器配置为SSL终止，并对HTTP(443)执行HTTPS(443)，但请确保在这种情况下未为HTTPS配置后端.

Make sure that you set the type of listener correctly to match your protocols (HTTP or HTTTP). If your listeners are configured for 443 -> 443 and HTTPS -> HTTPS then you will need SSL certificates configured on the backend. Otherwise you can configure your listeners to SSL terminate and do HTTPS (443) to HTTP (443) but make sure that the backend is not configured for HTTPS in this case.

乍一看似乎令人困惑-事实并非如此.只需将侦听器视为中间人即可.他可以重复您的请求(HTTPS-> HTTPS)或翻译(HTTPS-> HTTP).侦听器可以在一个端口(80)上侦听并转发到另一端口(8080).每个项目都是可配置的.

This may seem confusing at first - it is not. Just think of a Listener as the middle-man. He can either repeat your request (HTTPS -> HTTPS) or translate (HTTPS -> HTTP). Listeners can listen on one port (80) and forward to another port (8080). Each of these items is configurable.

这篇关于AWS Load Balancer到同一服务器上的多个端口，没有PAT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！