从ElasticBeanstalk EC2到Redis(ElastiCache)的连接失败 [英] Connection to Redis (ElastiCache) from ElasticBeanstalk EC2 Fails
问题描述
我们正在使用ElasticBeanstalk设置一些Node.js环境.目前,我们将Redis用作会话存储,该存储在ElastiCache中设置.
We're using ElasticBeanstalk to setup a few Node.js environments. For now, we are using Redis as our session store, which is set up in ElastiCache.
当我SSH进入EC2实例并使用Netcat Redis存储时,我可以确认网络允许通过端口6379进行连接:
When I ssh into the EC2 instance, and netcat the Redis store, I can confirm that the network allows a connection over port 6379:
[ec2-user@<redacted>]$ nc -v <redacted>.usw2.cache.amazonaws.com 6379
Connection to <redacted>.usw2.cache.amazonaws.com 6379 port [tcp/*] succeeded!
EC2安全组的出站策略: 0.0.0.0/0
EC2 Security Group's Outbound Policy: 0.0.0.0/0
Redis安全组的入站策略允许从我的EC2安全组在端口6379上传入TCP.
Redis Security Group's Inbound Policy allows for incoming TCP on port 6379 from my EC2 security group.
这似乎支持我们使用netcat成功对Redis商店执行ping操作的观察结果.但是,尝试连接到Redis时,Node.js应用程序本身会挂起.我可以通过运行以下命令在EC2实例上复制它:
This seems to support the observations we see with netcat successfully pinging the Redis store. However, the Node.js app itself hangs when trying to connect to Redis. I can replicate this on the EC2 instance by running the following:
[ec2-user @
这只是挂起,我们没有收到 PONG 响应.鉴于netcat的成功,我相当有信心这不是安全组的问题,但是这里肯定有一些看似奇怪的事情.
This just stays hung and we receive no PONG response. Given netcat's success, I'm fairly confident this isn't a security group issue, but there's definitely something seemingly wonky going on over the wire here.
有什么想法吗?
推荐答案
问题是ElastiCache已配置为在传输和静止时进行加密.事实证明,对于此特定实例,我们不需要它,因此一旦删除了它,一切就开始起作用.待定,如果我们保持加密,实际的解决方案将是什么.
The issue was that ElastiCache was configured for encryption in transport and at rest. Turns out, we didn't need that for this particular instance, so once we removed that, things started working. TBD on what the actual solution would be if we had kept encryption.
这篇关于从ElasticBeanstalk EC2到Redis(ElastiCache)的连接失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
