我已尝试关注此特定文档
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-tcp-passthrough.html
我的特殊需求没有运气。需要的是从我们的代理服务器通过 ELB 的第 4 层 TCP 直通,直到 Tomcat 后端才终止 SSL。入口端口是 TCP 443,出口是 8443。还需要使用自定义 VPC 而不是默认值。这如何利用配置文件来实现?
【问题讨论】:
标签: amazon-web-services tcp amazon-vpc amazon-elastic-beanstalk elastic-load-balancer
我能够使用以下配置文件解决:
https-instance-balancer.config
{
"Resources": {
"AWSEBSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": "vpc-xxxxxxxx",
"GroupDescription": "EC28443Ingress",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 8443,
"ToPort": 8443,
"CidrIp": "0.0.0.0/0"
}
]
}
},
"AWSEBLoadBalancerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": "vpc-xxxxxxxx",
"GroupDescription": "ELB443and8443Ingress",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 443,
"ToPort": 443,
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": 8443,
"ToPort": 8443,
"CidrIp": "0.0.0.0/0"
}
]
}
},
"AWSEBLoadBalancer": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Listeners": [
{
"LoadBalancerPort": 443,
"Protocol": "TCP",
"InstancePort": 8443,
"InstanceProtocol": "TCP"
}
],
"SecurityGroups": [
{
"Fn::GetAtt": [
"AWSEBLoadBalancerSecurityGroup",
"GroupId"
]
}
]
}
}
}
}
https-lb-passthrough.config
{
"option_settings": {
"aws:elb:listener:443": {
"ListenerProtocol": "TCP",
"InstancePort": 8443,
"InstanceProtocol": "TCP"
},
"aws:elb:healthcheck": {
"Target": "TCP:8443"
}
}
}
使用 Terraform 等软件可能更容易实现这一点,但对于某些人来说,这可能不是一个选择。
【讨论】: