ECS
创建ECS,不需要公网IP。
记录VPC信息。
安全组策略,添加VPC白名单(保证仅有LB可以访问ECS的80/443端口)
负载均衡
创建多个LB,以CLB为例。默认服务器组添加以上ECS。
注意:
- 添加https证书
- 监听80/443端口
- 不打开 健康检查
- 保证和上述ECS在同一个VPC中
ECS的Nginx配置
server {
listen 80;
server_name 47.117.186.147 47.117.35.34;
return 301 https://$host$request_uri;
}
# HTTPS 服务
server {
listen 443;
server_name xxx.xxx.xxx.xxx;
access_log /var/log/nginx/access-33.log main;
error_log /var/log/nginx/error-33.log error;
location / {
proxy_pass https://host-a;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
}
}
server {
listen 443;
server_name xxx.xxx.xxx.xxx;
access_log /var/log/nginx/access-34.log main;
error_log /var/log/nginx/error-34.log error;
location / {
proxy_pass https://host-b;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
}
}
