英文:
AWS ECS 503 Service Temporarily Unavailable error
问题
我正在按照教程如何使用Terraform在AWS ECS上部署Docker化应用程序进行操作,但在尝试访问我的应用程序时遇到503错误。
应用程序在本地容器中正常运行(http://localhost:3000/contacts),但通过ECS部署无法访问。当我检查AWS控制台时,我发现健康检查失败,因此应用程序没有成功部署。
我已经阅读过/观看过许多教程,它们都与上述教程中的配置相同。我认为AWS这边可能有一些变化,但我搞不清楚。
我还阅读了一些与503错误相关的帖子,并尝试了各种方法,例如打开不同的端口,设置SG入口完全开放,但都无济于事。
如果有人有兴趣进行故障排除并有机会,这是我的代码链接:https://github.com/CumulusCycles/tf-cloud-demo
感谢任何人对此的见解!
问候,
Rob
英文:
I'm following a tutorial How to Deploy a Dockerised Application on AWS ECS With Terraform and running into a 503 error trying to hit my App.
The App runs fine in a local Container (http://localhost:3000/contacts), but is unreachable via ECS deployment. When I check the AWS Console, I see health checks are failing, so there's no successful deployment of the App.
I've read through / watched a number of tutorials, and they all have the same configuration as in the tutorial mentioned above. I'm thinking something must have changed on the AWS side, but I can't figure it out.
I've also read a number of 503-related posts here, and tried various things such as opening different ports, and setting SG ingress wide open, but to no avail.
If anyone is interested in troubleshooting, and has a chance, here's a link to my code: https://github.com/CumulusCycles/tf-cloud-demo
Thanks for any insights anyone may have on this!
Cheers,
Rob
答案1
得分: 1
你的目标组配置为将流量转发到容器上的端口 80。你的容器正在监听端口 3000。你需要修改你的目标组,以便将流量转发到容器实际正在监听的端口:
resource "aws_lb_target_group" "target_group" {
name = "target-group"
port = 3000
protocol = "HTTP"
target_type = "ip"
vpc_id = "${aws_default_vpc.default_vpc.id}" # 引用默认VPC
}
你的负载均衡器端口是外部用户将看到的唯一端口。你的负载均衡器正在监听端口 80,因此人们可以通过HTTP访问它而不需要指定端口。当负载均衡器在该端口上接收流量时,它将其转发到目标组。目标组接收流量,然后将其转发到目标组中的实例,使用配置的端口。
这似乎有点冗余,但你需要在ECS任务定义中指定容器监听的端口,然后在目标组配置和ECS服务的负载均衡器配置中再次配置相同的端口。如果默认的健康检查对你的应用程序不起作用,甚至可能需要在目标组的健康检查配置中再次配置它。
注意:如果你查看你链接的那篇博客文章的评论,你会看到有几个人关于目标组端口映射发表了相同的看法。
英文:
Your target group is configured to forward traffic to port 80 on the container. Your container is listening on port 3000. You need to modify your target group to forward traffic to the port your container is actually listening on:
resource "aws_lb_target_group" "target_group" {
name = "target-group"
port = 3000
protocol = "HTTP"
target_type = "ip"
vpc_id = "${aws_default_vpc.default_vpc.id}" # Referencing the default VPC
}
Your load balancer port is the only port external users will see. Your load balancer is listening on port 80 so people can hit it over HTTP without specifying a port. When the load balancer receives traffic on that port it forwards it to the target group. The target group receives traffic and then forwards it to an instance in the target group, on the configured port.
It does seem a bit redundant, but you need to specify the port(s) that your container listens on in the ECS task definition, and then configure that same port again in both the target group configuration, and the ECS service's load balancer configuration. You may even need to configure it again in the target group's health check configuration if the default health checks don't work for your application.
Note: If you look at the comments on that blog post you linked, you'll see several people saying the same thing about the target group port mapping.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论