aws(学习笔记第七课) 私有子网使用NAT服务器

aws(学习笔记第七课)

  • AWS的私有子网使用NAT服务器

学习内容:

  • AWS的私有子网使用NAT服务器

1. AWS的私有子网使用NAT服务器

在上面的例子的网络构成图中,可能会发现一个问题。就是Private SubnetApache server无法访问互联网。比如,当需要软件更新的时候,或者访问其他web service的时候,不能实现互联网访问。那么有实现同时让Apache Server躲在堡垒机后面(没有公网IP地址),还能兼顾访问互联网吗,这个解决方案就是NAT服务。

在这里插入图片描述

  1. 首先学习什么是NAT

    • 学习参考

      • 全面解析NAT
      • SNATDNAT

    • NAT的概念
      网络地址转换(NAT)是一种网络技术,用于在不同网络之间转换IP地址。它主要解决了IPv4地址短缺的问题,同时也可以增强网络安全性和提高网络性能。通过在路由器或防火墙设备上配置NAT,可以实现私有网络和公共网络之间的IP地址转换,从而隐藏内部网络的真实拓扑结构。

      • 静态NAT
        静态 NAT:一对一映射,将一个私有IP地址映射到一个公共IP地址。在这里插入图片描述
      • 动态NAT
        动态分配公共IP地址给私有IP地址,使得多个私有IP地址可以共享少量公共IP地址。在这里插入图片描述

    • SNATDNAT

      • SNAT
        SNAT 又称源地址转换。源地址转换是内网地址向外访问时,发起访问的内网ip地址转换为指定的ip地址(可指定具体的服务以及相应的端口或端口范围),这可以使内网中使用保留ip地址的主机访问外部网络,即内网的多部主机可以通过一个有效的公网ip地址访问外部网络。
        • 数据包从内网发送到公网时,SNAT会把数据包的源地址由私网IP转换成公网IP。
        • 当相应的数据包从公网发送到内网时,会把数据包的目的地址由公网IP转换为私网IP。
      • DNAT
        DNAT 又称目标地址转换。将私网中web服务器映射到公网IP,使其公网IP作为目标地址被公网中主机进行访问。
        • 数据包从外网发送到内网时,DNAT会把数据包的目标地址由公网IP转换成私网IP。
        • 当相应的数据包从内网发送到公网时,会把数据包的源地址由私网IP转换为公网IP。

    • AWS中的NAT实现

      • 实现之后的网络结构
        在这个结构中,位于私有子网的Apache Server没有直接访问互联网的路由,如果访问互联网0.0.0.0的场合,将其路由到公网的NAT Server,这样经过NAT Server的网络转换,同样能访问互联网。
        在这里插入图片描述

    • 定义NAT Server以及Apache Server的路由指向

      • 定义NAT Server所在的subnet

        		"SubnetPublicNAT": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.0.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicNAT": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicNAT": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicNAT"},"RouteTableId": {"Ref": "RouteTablePublicNAT"}}},"RoutePublicNATToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicNAT"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicNAT": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicNAT": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicNAT"},"NetworkAclId": {"Ref": "NetworkAclPublicNAT"}}},"NetworkAclEntryInPublicNATHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryInPublicNATHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryInPublicNATEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},

      • 定义NAT Server

        		"NatServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxNATAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicNAT"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"SourceDestCheck": "false","UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","/opt/aws/bin/cfn-signal --stack ", {"Ref": "AWS::StackName"}, " --resource NatServer --region ", {"Ref": "AWS::Region"}, "\n"]]}}},"DependsOn": "VPCGatewayAttachment"},

      • Apache Server的互联网0.0.0.0的连接路由指向NAT Server

        		"RoutePrivateApacheToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePrivateApache"},"DestinationCidrBlock": "0.0.0.0/0","InstanceId": {"Ref": "NatServer"}}},

    • AWS中的NAT实现整体CloudFormation代码

      {"AWSTemplateFormatVersion": "2010-09-09","Description": "(VPC)","Parameters": {"KeyName": {"Description": "Key Pair name","Type": "AWS::EC2::KeyPair::KeyName","Default": "my-cli-key"}},"Mappings": {"EC2RegionMap": {"ap-northeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-03f584e50b2d32776", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-03cf3903"},"ap-southeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-68d8e93a", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-b49dace6"},"ap-southeast-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-fd9cecc7", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-e7ee9edd"},"eu-central-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a8221fb5", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-46073a5b"},"eu-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a10897d6", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-6975eb1e"},"sa-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-b52890a8", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-fbfa41e6"},"us-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-1ecae776", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-303b1458"},"us-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-d114f295", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-7da94839"},"us-west-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-e7527ed7", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-69ae8259"}}},"Resources": {"SecurityGroup": {"Type": "AWS::EC2::SecurityGroup","Properties": {"GroupDescription": "My security group","VpcId": {"Ref": "VPC"}}},"SecurityGroupIngress": {"Type": "AWS::EC2::SecurityGroupIngress","Properties":{"IpProtocol": "-1","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0","GroupId": {"Ref": "SecurityGroup"}}},"SecurityGroupEgress": {"Type": "AWS::EC2::SecurityGroupEgress","Properties":{"IpProtocol": "-1","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0","GroupId": {"Ref": "SecurityGroup"}}},"VPC": {"Type": "AWS::EC2::VPC","Properties": {"CidrBlock": "10.0.0.0/16","EnableDnsHostnames": "true"}},"InternetGateway": {"Type": "AWS::EC2::InternetGateway","Properties": {}},"VPCGatewayAttachment": {"Type": "AWS::EC2::VPCGatewayAttachment","Properties": {"VpcId": {"Ref": "VPC"},"InternetGatewayId": {"Ref": "InternetGateway"}}},"SubnetPublicNAT": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.0.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicNAT": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicNAT": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicNAT"},"RouteTableId": {"Ref": "RouteTablePublicNAT"}}},"RoutePublicNATToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicNAT"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicNAT": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicNAT": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicNAT"},"NetworkAclId": {"Ref": "NetworkAclPublicNAT"}}},"NetworkAclEntryInPublicNATHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryInPublicNATHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryInPublicNATEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"SubnetPublicSSHBastion": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.1.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicSSHBastion": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicSSHBastion": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicSSHBastion"},"RouteTableId": {"Ref": "RouteTablePublicSSHBastion"}}},"RoutePublicSSHBastionToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicSSHBastion"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicSSHBastion": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicSSHBastion": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicSSHBastion"},"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"}}},"NetworkAclEntryInPublicSSHBastionSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryInPublicSSHBastionEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryOutPublicSSHBastionSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "true","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryOutPublicSSHBastionEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"SubnetPublicVarnish": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.2.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicVarnish": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicVarnish": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicVarnish"},"RouteTableId": {"Ref": "RouteTablePublicVarnish"}}},"RoutePublicVarnishToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicVarnish"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicVarnish": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicVarnish": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicVarnish"},"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"}}},"NetworkAclEntryInPublicVarnishSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.1.0/24"}},"NetworkAclEntryInPublicVarnishHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryInPublicVarnishEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "81"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"SubnetPrivateApache": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.3.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePrivateApache": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPrivateApache": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPrivateApache"},"RouteTableId": {"Ref": "RouteTablePrivateApache"}}},"RoutePrivateApacheToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePrivateApache"},"DestinationCidrBlock": "0.0.0.0/0","InstanceId": {"Ref": "NatServer"}}},"NetworkAclPrivateApache": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPrivateApache": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPrivateApache"},"NetworkAclId": {"Ref": "NetworkAclPrivateApache"}}},"NetworkAclEntryInPrivateApacheSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.1.0/24"}},"NetworkAclEntryInPrivateApacheHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.2.0/24"}},"NetworkAclEntryInPrivateApacheEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "10.0.0.0/16"}},"NatServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxNATAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicNAT"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"SourceDestCheck": "false","UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","/opt/aws/bin/cfn-signal --stack ", {"Ref": "AWS::StackName"}, " --resource NatServer --region ", {"Ref": "AWS::Region"}, "\n"]]}}},"DependsOn": "VPCGatewayAttachment"},"BastionHost": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicSSHBastion"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}]},"DependsOn": "VPCGatewayAttachment"},"VarnishServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicVarnish"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","sudo -i\n","yum -y install nginx\n","cat > /etc/nginx/conf.d/http81.conf << EOF\n"," server {\n","      listen     81;\n","      location / {\n","               proxy_pass http://", {"Fn::GetAtt": ["ApacheServer", "PrivateIp"]} ,":80;\n","      }\n"," }\n","EOF\n","service nginx start\n"]]}}},"DependsOn": "VPCGatewayAttachment"},"ApacheServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "false","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPrivateApache"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","yum -y install httpd\n","service httpd start\n","/opt/aws/bin/cfn-signal --stack ", {"Ref": "AWS::StackName"}, " --resource ApacheServer --region ", {"Ref": "AWS::Region"}, "\n"]]}}},"DependsOn": "NatServer"}},"Outputs": {"BastionHostPublicName": {"Value": {"Fn::GetAtt": ["BastionHost", "PublicDnsName"]},"Description": "connect via SSH as user ec2-user"},"VarnishServerPublicName": {"Value": {"Fn::GetAtt": ["VarnishServer", "PublicDnsName"]},"Description": "handles HTTP requests"},"VarnishServerPrivateIp": {"Value": {"Fn::GetAtt": ["VarnishServer", "PrivateIp"]},"Description": "connect via SSH from bastion host"},"ApacheServerPrivateIp": {"Value": {"Fn::GetAtt": ["ApacheServer", "PrivateIp"]},"Description": "connect via SSH from bastion host"}}
}

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/diannao/56970.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

云计算-----单机LNMP结构WordPress网站

云计算-----单机LNMP结构WordPress网站

LNMP结构 博客网站 day1 小伙伴们&#xff0c;LNMP结构在第一二阶段浅浅的学习过&#xff0c;这里我们可以离线部署该结构。L指&#xff08;虚拟机&#xff09;服务器&#xff0c;nginx&#xff08;前端代理服务器&#xff09;mysql数据库&#xff0c;最后基于php建设动态…
阅读更多...
DockerCompose快速部署Java项目、nginx前端和mysql数据库到centos虚拟机

DockerCompose快速部署Java项目、nginx前端和mysql数据库到centos虚拟机

简介&#xff1a;整理自&#xff1a;SpringCloud微服务开发与实战&#xff0c;java黑马商城项目微服务实战开发&#xff08;涵盖MybatisPlus、Docker、MQ、ES、Redis高级等&#xff09;课程的飞书文档。 DockerCompose介绍 大家可以看到&#xff0c;我们部署一个简单的java项…
阅读更多...
黑马程序员Java笔记整理(day03)

黑马程序员Java笔记整理(day03)

1.switch 2.for与while对比 3.嵌套定义,输出的区别性 4.break与continue 5.随机数生成的两种方式 6.Random 7.随机验证码
阅读更多...
到底是微服务,还是SOA?

到底是微服务,还是SOA?

引言&#xff1a;大概正式工作有5年了&#xff0c;换了三个大厂【也是真特么世道艰难&#xff0c;中国互联网人才饱和了】。基本上每个公司有的架构都不太相同&#xff0c;干过TOC和TOB的业务&#xff0c;但是大家用的架构都不太相同。有坚持ALL in one的SB&#xff0c;最后服务…
阅读更多...
【Linux】并行与并发(含时间片)

【Linux】并行与并发(含时间片)

简单来说 并发&#xff1a;多个进程轮流使用同一个CPU&#xff0c;在逻辑层面上&#xff0c;一段时间内推进完成了多个进程 并行&#xff1a;机器中有多个CPU可以使用&#xff0c;在物理层面上&#xff0c;做到同一时间会有多个进程同时在运行 举个例子&#xff1a;一群人需要…
阅读更多...
深入理解WPF中的命令机制

深入理解WPF中的命令机制

Windows Presentation Foundation&#xff08;WPF&#xff09;是微软推出的一种用于构建桌面客户端应用程序的技术。它被认为是现代Windows应用程序的基础&#xff0c;具有强大的图形和媒体处理能力。在WPF中&#xff0c;“命令”是一个重要的概念&#xff0c;它为应用程序开发…
阅读更多...
Mybatis操作

Mybatis操作

一、Mybatis基础操作 准备 准备数据库表 emp 1.创建一个新的springboot工程&#xff0c;选择引入对应的起步依赖&#xff08;mybatis、mysql驱动、lombok&#xff09; 2.application.properties中引入数据库连接信息 3.创建对应的实体类 Emp&#xff08;实体类属性采用驼峰…
阅读更多...
②PROFINET转ModbusTCP, EtherCAT/Ethernet/IP/Profinet/ModbusTCP协议互转工业串口网关

②PROFINET转ModbusTCP, EtherCAT/Ethernet/IP/Profinet/ModbusTCP协议互转工业串口网关

EtherCAT/Ethernet/IP/Profinet/ModbusTCP协议互转工业串口网关https://item.taobao.com/item.htm?ftt&id822721028899 协议转换通信网关 PROFINET 转 Modbus TCP &#xff08;接上一章&#xff09; 配置使用 与 PROFINET 主站进行组态说明 这里介绍与西门子 PLC 的…
阅读更多...
git分支模型

git分支模型

定义分支 长期分支 指长期存在的分支&#xff0c;也叫固定分支 developmaster 短期分支 短分支没有固定的分支名。但是有分支名规范 feature分支hotfix分支 分支模型 暂时无法在文档外展示此内容 参考 分支的目的是隔离&#xff0c;但多一个分支也意味着维护成本的增加。…
阅读更多...
NFT Insider #152:The Sandbox Alpha 第4季开启

NFT Insider #152:The Sandbox Alpha 第4季开启

市场数据 加密艺术及收藏品新闻 Realm of Historia 推出首个以古老文化遗址为主题的 NFT 系列 专注于文化遗产保护的区块链平台 Realm of Historia 正通过推出首个 NFT 系列扩大其全球影响力。该系列以亚美尼亚的古代遗址 Carahunge 为主题&#xff0c;这一遗址已有 7500 多年…
阅读更多...
EDM邮件营销,如何确保高频率发送不触发限制

EDM邮件营销,如何确保高频率发送不触发限制

EDM邮件营销需选对平台&#xff0c;遵守反垃圾邮件法规&#xff0c;高效管理邮件列表&#xff0c;合理制定发送频率&#xff0c;优化内容与设计&#xff0c;用智能化工具测试与优化&#xff0c;监控送达和反馈&#xff0c;维持良好ISP关系&#xff0c;确保高效安全发送不封号。…
阅读更多...
13.3寸三防平板大尺寸+高速运行提升工业软件操作体验

13.3寸三防平板大尺寸+高速运行提升工业软件操作体验

在工业领域&#xff0c;移动设备的应用日益广泛&#xff0c;其性能直接影响着工作效率和数据安全。传统的工业平板电脑常常面临着屏幕尺寸过小、运行速度缓慢、以及抗环境能力不足等问题&#xff0c;这些都制约了工业软件的流畅运行和高效应用。而一款搭载先进硬件配置的13.3寸…
阅读更多...
线性代数基础02_矩阵(下)向量

线性代数基础02_矩阵(下)向量

目录 一、矩阵&#xff08;下&#xff09; 1、伴随矩阵 2、逆矩阵 3、初等变换 4、矩阵的标准形 4.1行阶梯形矩阵 4.2简化行阶梯型矩阵 二、向量 1、定义 2、向量的运算 3、矩阵的特征值和特征向量 4、向量的模 5、向量的内积 一、矩阵&#xff08;下&#xff09;…
阅读更多...
动态规划-子数组系列——乘积最大子数组

动态规划-子数组系列——乘积最大子数组

1.题目解析 题目来源&#xff1a;152.乘积最大子数组——力扣 测试用例 2.算法原理 1.状态表示 由于题目给的数组中可以包含负数&#xff0c;因此求最大乘积有两种情况&#xff1a; a.负数乘以最小数得出最大乘积 b.整数乘以最大数得出最大乘积 所以需要两个表分别求出最大最…
阅读更多...
Ajax(web笔记)

Ajax(web笔记)

文章目录 1.Ajax的概念2.Ajax 的作用3.原生Ajax4.Axios4.1Axios的概念4.2Axios入门 1.Ajax的概念 AsynchronousJavaScriptAndXML&#xff0c;异步的JavaScript和XML 2.Ajax 的作用 数据交换:过Ajax可以给服务器发送请求&#xff0c;并获取服务器响应的数据。异步交互:可以在…
阅读更多...
R语言医学数据分析实践-R编程环境的搭建

R语言医学数据分析实践-R编程环境的搭建

【图书推荐】《R语言医学数据分析实践》-CSDN博客 《R语言医学数据分析实践 李丹 宋立桓 蔡伟祺 清华大学出版社9787302673484》【摘要 书评 试读】- 京东图书 (jd.com) R语言编程_夏天又到了的博客-CSDN博客 R语言对编程环境的要求不高&#xff0c;可以在多种操作系统平台上…
阅读更多...
找寻孤独伤感视频素材的热门资源网站推荐

找寻孤独伤感视频素材的热门资源网站推荐

在抖音上&#xff0c;伤感视频总是能够引起观众的共鸣&#xff0c;很多朋友都在寻找可以下载伤感视频素材的地方。作为一名资深的视频剪辑师&#xff0c;今天我来分享几个提供高清无水印伤感素材的网站&#xff0c;如果你也在苦苦寻找这些素材&#xff0c;不妨看看以下推荐&…
阅读更多...
【软件运行类文档】项目试运行方案,试运行计划书(word原件)

【软件运行类文档】项目试运行方案,试运行计划书(word原件)

一、 试运行目的 &#xff08;一&#xff09; 系统功能、性能与稳定性考核 &#xff08;二&#xff09; 系统在各种环境和工况条件下的工作稳定性和可靠性 &#xff08;三&#xff09; 检验系统实际应用效果和应用功能的完善 &#xff08;四&#xff09; 健全系统运行管理体制&…
阅读更多...
RabbitMQ进阶_延迟消息

RabbitMQ进阶_延迟消息

文章目录 一、 死信交换机和延迟消息1.1、 死信交换机1.2、 延迟消息 二、 DelayExchange插件三、 实现时的优化 在电商的支付业务中&#xff0c;对于一些库存有限的商品&#xff0c;为了更好的用户体验&#xff0c;通常都会在用户下单时立刻扣减商品库存。例如电影院购票、高铁…
阅读更多...
How to install Node.js and NPM on CentOS

How to install Node.js and NPM on CentOS

How to install Node.js and NPM on CentOS Download Node.js 菜鸟教程-Node.js 安装配置 Introduction Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023