aws(学习笔记第六课) AWS的虚拟私有,共有子网以及ACL,定义公网碉堡主机子网以及varnish反向代理

aws(学习笔记第六课)

  • AWS的虚拟私有,共有子网以及ACL,定义公网碉堡主机子网以及varnish反向代理

学习内容:

  • AWS的虚拟私有,共有子网以及ACL
  • 定义公网碉堡主机子网,私有子网和共有子网以及varnish反向代理

1. AWS的虚拟私有,共有子网以及ACL

  1. AWS的虚拟私有子网,共有云以及ACL
    • AWS的虚拟私有子网
      用户可以在AWS上定义自己的私有子网,比如数据库,应用程序和apache的server,可以在私有网络上构建,之后通过共有网络,进行访问,向外提供服务。其实和C++的面向对象中,private的变量和方法,一定不要定义成public的,对终端用户公开,如出一辙。能在私有云中定义,不需要公开的服务,都要定义要私有云中。
    • AWS的虚拟共有云
      与上面的AWS私有云对应的就是共有云,共有云最终提供给用户服务,对于终端客户开发网络端口,共有网络的服务承上启下,既可以提供服务给用公户,同时能够访问私有子网的应用服务,数据库服务等其他服务。
      ,
    • ACL(network access control list)和SecuityGroup的区别
      • 应用的对象不同
        ACL的设定对象是Subnet,对于Subnet设定网络访问规则。注意,默认的场合,同一个VPC之间的网络都是相通的,但是如果定义了ACL,那么就会根据ACL的限制,没有允许的网络是不通的
        SecurityGroup的设定对象是ec2 server等服务,而不是Subnet在这里插入图片描述
      • 有状态(state)和无状态(stateless)
        • ACL没有状态,允许入站的包,如果没有符合出站规则,那么也不能出站。
        • SecurityGroup有状态,允许入站的包,那么都会出站允许。

2. 定义公网碉堡主机子网,私有子网和共有子网

  1. 整体网络拓扑(这里右边的共有子网使用varnish进行反向代理,公开私有子网的apache server)
    在这里插入图片描述

  2. 逐步创建VPC以及其他服务

    • 创建VPCIGW (Internet GateWay)

      		"VPC": {"Type": "AWS::EC2::VPC","Properties": {"CidrBlock": "10.0.0.0/16","EnableDnsHostnames": "true"}},"InternetGateway": {"Type": "AWS::EC2::InternetGateway","Properties": {}},"VPCGatewayAttachment": {"Type": "AWS::EC2::VPCGatewayAttachment","Properties": {"VpcId": {"Ref": "VPC"},"InternetGatewayId": {"Ref": "InternetGateway"}}},

    • 创建堡垒机子网(共有子网) Bastion
      CidrBlock10.0.1.0/24
      RoutePublicSSHBastionToInternet定义,堡垒机子网能够访问internet
      NetworkAclEntryInPublicSSHBastionSSH,定义internet的其他主机能够访问使用22端口访问(入站规则,egress = true)。
      NetworkAclEntryInPublicSSHBastionEphemeralPorts,定义VPC主机能够访问使用随机端口访问(入站规则,egress = true)。
      NetworkAclEntryOutPublicSSHBastionSSH,定义堡垒子网的主机能够通过22端口访问其他主机(出站规则,egress = false)。
      NetworkAclEntryOutPublicSSHBastionEphemeralPorts,定义internet的主机,能够访问使用随机端口访问(出站规则,egress = false)。

      		"SubnetPublicSSHBastion": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.1.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicSSHBastion": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicSSHBastion": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicSSHBastion"},"RouteTableId": {"Ref": "RouteTablePublicSSHBastion"}}},"RoutePublicSSHBastionToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicSSHBastion"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicSSHBastion": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicSSHBastion": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicSSHBastion"},"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"}}},"NetworkAclEntryInPublicSSHBastionSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryInPublicSSHBastionEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryOutPublicSSHBastionSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "true","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryOutPublicSSHBastionEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},

    • 创建varnish子网(共有子网) varnish

      		"SubnetPublicVarnish": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.2.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicVarnish": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicVarnish": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicVarnish"},"RouteTableId": {"Ref": "RouteTablePublicVarnish"}}},"RoutePublicVarnishToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicVarnish"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicVarnish": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicVarnish": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicVarnish"},"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"}}},"NetworkAclEntryInPublicVarnishSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.1.0/24"}},"NetworkAclEntryInPublicVarnishHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryInPublicVarnishEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},

    • 创建私有子网

      		"SubnetPrivateApache": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.3.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePrivateApache": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPrivateApache": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPrivateApache"},"RouteTableId": {"Ref": "RouteTablePrivateApache"}}},"RoutePrivateApacheToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePrivateApache"},"DestinationCidrBlock": "0.0.0.0/0","InstanceId": {"Ref": "NatServer"}}},"NetworkAclPrivateApache": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPrivateApache": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPrivateApache"},"NetworkAclId": {"Ref": "NetworkAclPrivateApache"}}},"NetworkAclEntryInPrivateApacheSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.1.0/24"}},"NetworkAclEntryInPrivateApacheHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.2.0/24"}},"NetworkAclEntryInPrivateApacheEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "10.0.0.0/16"}},

    • 创建整体的AWSstack

      {"AWSTemplateFormatVersion": "2010-09-09","Description": "(VPC)","Parameters": {"KeyName": {"Description": "Key Pair name","Type": "AWS::EC2::KeyPair::KeyName","Default": "my-cli-key"}},"Mappings": {"EC2RegionMap": {"ap-northeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-cbf90ecb", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-03cf3903"},"ap-southeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-68d8e93a", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-b49dace6"},"ap-southeast-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-fd9cecc7", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-e7ee9edd"},"eu-central-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a8221fb5", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-46073a5b"},"eu-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a10897d6", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-6975eb1e"},"sa-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-b52890a8", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-fbfa41e6"},"us-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-1ecae776", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-303b1458"},"us-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-d114f295", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-7da94839"},"us-west-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-e7527ed7", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-69ae8259"}}},"Resources": {"SecurityGroup": {"Type": "AWS::EC2::SecurityGroup","Properties": {"GroupDescription": "My security group","VpcId": {"Ref": "VPC"}}},"SecurityGroupIngress": {"Type": "AWS::EC2::SecurityGroupIngress","Properties":{"IpProtocol": "-1","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0","GroupId": {"Ref": "SecurityGroup"}}},"SecurityGroupEgress": {"Type": "AWS::EC2::SecurityGroupEgress","Properties":{"IpProtocol": "-1","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0","GroupId": {"Ref": "SecurityGroup"}}},"VPC": {"Type": "AWS::EC2::VPC","Properties": {"CidrBlock": "10.0.0.0/16","EnableDnsHostnames": "true"}},"InternetGateway": {"Type": "AWS::EC2::InternetGateway","Properties": {}},"VPCGatewayAttachment": {"Type": "AWS::EC2::VPCGatewayAttachment","Properties": {"VpcId": {"Ref": "VPC"},"InternetGatewayId": {"Ref": "InternetGateway"}}},"SubnetPublicSSHBastion": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.1.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicSSHBastion": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicSSHBastion": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicSSHBastion"},"RouteTableId": {"Ref": "RouteTablePublicSSHBastion"}}},"RoutePublicSSHBastionToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicSSHBastion"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicSSHBastion": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicSSHBastion": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicSSHBastion"},"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"}}},"NetworkAclEntryInPublicSSHBastionSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryInPublicSSHBastionEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryOutPublicSSHBastionSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "true","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryOutPublicSSHBastionEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"SubnetPublicVarnish": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.2.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicVarnish": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicVarnish": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicVarnish"},"RouteTableId": {"Ref": "RouteTablePublicVarnish"}}},"RoutePublicVarnishToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicVarnish"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicVarnish": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicVarnish": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicVarnish"},"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"}}},"NetworkAclEntryInPublicVarnishSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.1.0/24"}},"NetworkAclEntryInPublicVarnishHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryInPublicVarnishEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"SubnetPrivateApache": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.3.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePrivateApache": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPrivateApache": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPrivateApache"},"RouteTableId": {"Ref": "RouteTablePrivateApache"}}},"NetworkAclPrivateApache": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPrivateApache": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPrivateApache"},"NetworkAclId": {"Ref": "NetworkAclPrivateApache"}}},"NetworkAclEntryInPrivateApacheSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.1.0/24"}},"NetworkAclEntryInPrivateApacheHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.2.0/24"}},"NetworkAclEntryInPrivateApacheEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "10.0.0.0/16"}},"BastionHost": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicSSHBastion"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}]},"DependsOn": "VPCGatewayAttachment"},"VarnishServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicVarnish"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","yum -y install varnish-3.0.7\n","cat > /etc/varnish/default.vcl << EOF\n","backend default {\n","  .host = \"", {"Fn::GetAtt": ["ApacheServer", "PrivateIp"]} ,"\";\n","  .port = \"80\";\n","}\n","EOF\n","sed -i.bak \"s/^VARNISH_LISTEN_PORT=.*/VARNISH_LISTEN_PORT=80/\" /etc/sysconfig/varnish\n","service varnish start\n","/opt/aws/bin/cfn-signal --stack ", {"Ref": "AWS::StackName"}, " --resource VarnishServer --region ", {"Ref": "AWS::Region"}, "\n"]]}}},"DependsOn": "VPCGatewayAttachment"},"ApacheServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "false","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPrivateApache"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","yum -y install httpd\n","service httpd start\n","/opt/aws/bin/cfn-signal --stack ", {"Ref": "AWS::StackName"}, " --resource ApacheServer --region ", {"Ref": "AWS::Region"}, "\n"]]}}}}},"Outputs": {"BastionHostPublicName": {"Value": {"Fn::GetAtt": ["BastionHost", "PublicDnsName"]},"Description": "connect via SSH as user ec2-user"},"VarnishServerPublicName": {"Value": {"Fn::GetAtt": ["VarnishServer", "PublicDnsName"]},"Description": "handles HTTP requests"},"VarnishServerPrivateIp": {"Value": {"Fn::GetAtt": ["VarnishServer", "PrivateIp"]},"Description": "connect via SSH from bastion host"},"ApacheServerPrivateIp": {"Value": {"Fn::GetAtt": ["ApacheServer", "PrivateIp"]},"Description": "connect via SSH from bastion host"}}
}

    • 测试创建结果

      • 执行结果
        在这里插入图片描述

      • 一点注意
        不要认为连接ec2 server使用的用户就是ec2-user,有的AMI使用的是ubuntu用户
        最好在ec2 server的连接画面进行确认。 在这里插入图片描述

      • 通过堡垒机SSH访问apache server(私有子网)
        ssh -A ubuntu@ec2-13-230-4-241.ap-northeast-1.compute.amazonaws.com通过AgentForward模式进行访问堡垒机。
        ssh 10.0.3.198直接就可以访问私有子网的apache主机。

        Dell@DESKTOP-DHMQMJG MINGW64 /
$ eval `ssh-agent`
Agent pid 2195Dell@DESKTOP-DHMQMJG MINGW64 /
$ ssh-add ~/.ssh/my-cli-key.pem
Identity added: /c/Users/Dell/.ssh/my-cli-key.pem (/c/Users/Dell/.ssh/my-cli-key.pem)Dell@DESKTOP-DHMQMJG MINGW64 /
$ ssh -A ubuntu@ec2-13-230-4-241.ap-northeast-1.compute.amazonaws.com
Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-1016-aws x86_64)ubuntu@ip-10-0-1-169:~$ ssh 10.0.3.198
Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-1016-aws x86_64)

      • 通过堡varnish反向代理HTTP访问apache server(私有子网)

        ubuntu@ip-10-0-1-169:~$ ssh ec2-52-195-182-135.ap-northeast-1.compute.amazonaws.com
The authenticity of host 'ec2-52-195-182-135.ap-northeast-1.compute.amazonaws.com (10.0.2.170)' can't be established.
ED25519 key fingerprint is SHA256:r4A9nVkEUhL1ovBuKc90hnYZUNilz/xxFKlPYj0kyOQ.

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.rhkb.cn/news/450722.html

如若内容造成侵权/违法违规/事实不符,请联系长河编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

深入理解WPF中的命令机制

深入理解WPF中的命令机制

Windows Presentation Foundation&#xff08;WPF&#xff09;是微软推出的一种用于构建桌面客户端应用程序的技术。它被认为是现代Windows应用程序的基础&#xff0c;具有强大的图形和媒体处理能力。在WPF中&#xff0c;“命令”是一个重要的概念&#xff0c;它为应用程序开发…
阅读更多...
如何在算家云搭建Video-Infinity(视频生成)

如何在算家云搭建Video-Infinity(视频生成)

一、模型介绍 Video-Infinity是一个先进的视频生成模型&#xff0c;使用多个 GPU 快速生成长视频&#xff0c;无需额外训练。它能够基于用户提供的文本或图片提示&#xff0c;创造出高质量、多样化的视频内容。 二、模型搭建流程 1.大模型 Video-Infinity 一键使用 基础环境…
阅读更多...
Nest.js 实战 (十四):如何获取客户端真实 IP

Nest.js 实战 (十四):如何获取客户端真实 IP

问题解析 在 Nest.js 应用中&#xff0c;当你试图通过 request.ip 获取客户端的 IP 地址时&#xff0c;如果总是返回 ::1 或者 ::ffff:127.0.0.1&#xff0c;这通常意味着请求来自本地主机。 因为在前后端分离应用中&#xff0c;前端请求后端服务一般的做法都是通过代理&…
阅读更多...
SQL进阶技巧:如何删除第N次连续出现NULL值所存在的行?

SQL进阶技巧:如何删除第N次连续出现NULL值所存在的行?

目录 0 场景描述 1 数据准备 2 问题分析 问题拓展:如何删除第2次、第3次、第N次连续出现NULL值所在的行? 3 小结 0 场景描述 有下面的场景: 我们希望删除某id中连续存在NULL值的所有行,但是保留第一次出现不为NULL值的以下所有存在NULL值的行。具体如下图所示: 如…
阅读更多...
Leetcode 判断子序列

Leetcode 判断子序列

通过双指针来判断字符串s是否是字符串t的子序列。 算法思想&#xff1a; 双指针法&#xff1a; 我们使用两个指针i和j分别遍历字符串s和t。初始时&#xff0c;i指向s的第一个字符&#xff0c;j指向t的第一个字符。 匹配字符&#xff1a; 每次比较s[i]和t[j]&#xff1a; 如果…
阅读更多...
大数据治理-数据质量管理

大数据治理-数据质量管理

目录 一、定义数据质量 1.1 数据质量的定义 1.2 数据质量的重要性 二、常见的数据质量问题 2.1 数据不准确 2.2 数据不完整 2.3 数据不一致 2.4 数据不及时 2.5 数据无效 2.6 数据重复 三、数据清洗与转换 3.1 数据清洗 3.1.1 数据审计 3.1.2 数据验证 3.1.3 数…
阅读更多...
uniapp小程序自定义聚合点

uniapp小程序自定义聚合点

注&#xff1a; 1.默认的聚合点可以点击自动展示子级点位&#xff0c;但是自定义的聚合点在ios上无法触发markerClusterClick的监听&#xff0c;至今未解决&#xff0c;不知啥原因 2.ios和安卓展示的点位样式还有有差别 源码附上 <template><view class"marke…
阅读更多...
Linux - 环境变量 | 命令行参数 | 进程基础

Linux - 环境变量 | 命令行参数 | 进程基础

文章目录 一、了解冯诺依曼体系结构1、概念2、对数据层面3、实例二、操作系统1、概念2、设计OS的目的3、定位4、操作系统怎么管理&#xff1f; 三、进程1、概念2、怎么管理进程3、描述进程-PCB4、描述进程怎么运行&#xff08;粗略&#xff09;5、进程属性6、创建子进程7、创建…
阅读更多...
PDF文件为什么不能编辑是?是啥原因导致的,有何解决方法

PDF文件为什么不能编辑是?是啥原因导致的,有何解决方法

PDF文件格式广泛应用于工作中&#xff0c;但有时候我们可能遇到无法编辑PDF文件的情况。这可能导致工作效率降低&#xff0c;特别是在需要修改文件内容时显得尤为棘手。遇到PDF不能编辑时&#xff0c;可以看看是否以下3个原因导致的。 一、文件受保护 有些PDF文件可能被设置了…
阅读更多...
ChatGPT 现已登陆 Windows 平台

ChatGPT 现已登陆 Windows 平台

今天&#xff0c;OpenAI 宣布其人工智能聊天机器人平台 ChatGPT 已开始预览专用 Windows 应用程序。OpenAI 表示&#xff0c;该应用目前仅适用于 ChatGPT Plus、Team、Enterprise 和 Edu 用户&#xff0c;是一个早期版本&#xff0c;将在今年晚些时候推出"完整体验"。…
阅读更多...
[每周一更]-(第119期):“BP”大揭秘:生物学与金融学中的微小单位竟有如此大不同!

[每周一更]-(第119期):“BP”大揭秘:生物学与金融学中的微小单位竟有如此大不同!

最近&#xff08;2024.09.29&#xff09;央行要把存量房贷在LPR&#xff08;贷款市场报价利率&#xff09;基础上&#xff0c;降低30BP&#xff0c;刚好基因行业内&#xff0c;也有bp的概念&#xff0c;通过发音无法区分&#xff0c;以下就讲解下生物学的bp和金融学的BP的概念的…
阅读更多...
汽车零部件行业CRM应用数字化解决方案解析

汽车零部件行业CRM应用数字化解决方案解析

1.行业背景与挑战分析 近年来&#xff0c;随着国家对新能源汽车行业的大力支持&#xff0c;国内汽车产业不仅在国内市场实现了弯道超车&#xff0c;而且新能源汽车的海外出口也开拓了新的市场&#xff0c;为自主品牌的新能源战略贡献了新的增长点&#xff1b;这一迅猛发展的趋…
阅读更多...
最新版快递小程序源码 独立版快递系统 附教程

最新版快递小程序源码 独立版快递系统 附教程

内容目录 一、详细介绍二、效果展示1.部分代码2.效果图展示 三、学习资料下载 一、详细介绍 懂得都懂&#xff0c;现在电商平台退换货量大&#xff0c;快递需求量大&#xff0c;对接物流一个单子4块到6块之间 其中间是例如润 其余的 就不说了吧 互站上买的源码 分享一下 还有…
阅读更多...
如何查看默认网关地址:详细步骤

如何查看默认网关地址:详细步骤

在日常的网络配置与故障排查中&#xff0c;了解并正确查看默认网关地址是一项基础且至关重要的技能。默认网关是连接本地网络与外部网络&#xff08;如互联网&#xff09;的关键节点&#xff0c;它扮演着数据包转发的重要角色。无论是家庭网络、办公室网络还是更复杂的网络环境…
阅读更多...
SSM框架学习(六、快速启动框架:SpringBoot3实战)

SSM框架学习(六、快速启动框架:SpringBoot3实战)

目录 一、SpringBoot3介绍 1.SpringBoot3简介 2.快速入门 3.入门总结 &#xff08;1&#xff09;Question1&#xff1a;为什么依赖不需要写版本&#xff1f; &#xff08;2&#xff09;Question2&#xff1a;启动器&#xff08;starter&#xff09;是什么&#xff1f; &a…
阅读更多...
震惊!OpenAI突破性进展,清华天才联手破解扩散模型难题!

震惊!OpenAI突破性进展,清华天才联手破解扩散模型难题!

扩散模型很成功&#xff0c;但也有一块重大短板&#xff1a;采样速度非常慢&#xff0c;生成一个样本往往需要执行成百上千步采样。为此&#xff0c;研究社区已经提出了多种扩展蒸馏&#xff08;diffusion distillation&#xff09;技术&#xff0c;包括直接蒸馏、对抗蒸馏、渐…
阅读更多...
如何将LiDAR坐标系下的3D点投影到相机2D图像上

如何将LiDAR坐标系下的3D点投影到相机2D图像上

将激光雷达点云投影到相机图像上做数据层的前融合&#xff0c;或者把激光雷达坐标系下标注的物体点云的3d bbox投影到相机图像上画出来&#xff0c;都需要做点云3D点坐标到图像像素坐标的转换计算&#xff0c;也就是LiDAR 3D坐标转像素坐标。 看了网上一些文章都存在有错误或者…
阅读更多...
利用Llama3、CrewAI与Groq打造高效智能邮件客服系统

利用Llama3、CrewAI与Groq打造高效智能邮件客服系统

一、唠嗑 如果说AI的到来&#xff0c;哪个行业最有危机感&#xff0c;我觉得电商客服应该是榜上有名的。目前像淘宝、京东其实也是先用AI客服进行回复&#xff0c;客户不满意才使用人工客服&#xff0c;从而达到降本增效的目的。 而本次&#xff0c;就是使用 Llama3 CrewAI …
阅读更多...
顺序表的查找

顺序表的查找

. GetElem(L,i):按位查找。获取L中的第i个位置元素的值。 静态查找&#xff1a; #define MaxSzie 10 typedef struct{ElemType data[MaxSize];int length; }Sqlist;ElemType GetElem(Sqlist L,int i) {return L.data[i-1]; }动态分配&#xff1a; #define InitSzie 10 type…
阅读更多...
公司新来一个同事,把枚举运用得炉火纯青...

公司新来一个同事,把枚举运用得炉火纯青...

1.概览 在本文中&#xff0c;我们将看到什么是 Java 枚举&#xff0c;它们解决了哪些问题以及如何在实践中使用 Java 枚举实现一些设计模式。 enum关键字在 java5 中引入&#xff0c;表示一种特殊类型的类&#xff0c;其总是继承java.lang.Enum类&#xff0c;更多内容可以自行…
阅读更多...
最新文章
推荐文章

Copyright @ 2022~2023