ELB access log

ELBでアクセスログが取得できる。

2014-03-07T07:25:38.285777Z elber 130.0.237.XX:37522 172.31.4.218:80 0.000066 0.00105 0.000037 404 404 0 570 "GET http://54.249.27.XX:80/actus4/ HTTP/1.1"
2014-03-07T07:26:43.731149Z elber 77.50.22.XXX:53477 172.31.4.218:80 0.000053 0.000866 0.000053 200 200 0 10 "GET http://54.249.27.XX:80/ HTTP/1.0"
2014-03-07T07:26:44.410747Z elber 77.50.22.XXX:53656 172.31.4.218:80 0.000052 0.000853 0.000039 404 404 0 168 "GET http://54.249.27.XX:80/foltia/ HTTP/1.0"
2014-03-07T07:26:45.084730Z elber 77.50.22.XXX:53839 172.31.4.218:80 0.000061 0.000874 0.000035 404 404 0 168 "GET http://54.249.27.XX:80/epgrec/do-record.sh HTTP/1.0"
2014-03-07T07:28:12.386207Z elber 189.206.75.XX:64289 172.31.4.218:80 0.000062 0.000924 0.000035 404 404 0 168 "GET http://54.249.27.XX:80/manager/html HTTP/1.1"

問題は、項目。

timestamp
The time accessed by the Client. UTC time, recorded in ISO 8601 format.
2014-02-15T23: 39: 43. 945958 Z

Name of ELB
ELB Name: test-loadbalancer

Client
Port Client IP address and port number
192.168.131.39.2817

Backend
port IP address and port number of the instance to which communication was distributed by ELB. This will tell you which server it was assigned to 10.0.0.0:80

request_processing_time
The time between the ELB receiving a request from the client and sending the request to the instance
0.000073

backend_processing_time
The time it takes for the ELB to send a request to an instance and the instance returns a response.
0.001048

response_processing_time
The time from when the ELB receives a response from an instance to when it returns a response to the client.
0.000057

elb_status_code
response status code.
200

backend_status_code
Response status code of the instance to which the ELB sent the request.
200

received_bytes
Size of received request (bytes)
0

sent_bytes
Size of sent request (bytes)
29

request
request from a client
“GET http://www.example.com:80/HTTP/1.1”

ELB http 460

What is HTTP 460 on ELB
The load balancer received a request from a client, but the client closed the connection with the load balancer before the idle timeout expired.

Check if the client timeout period is longer than the load balancer idle timeout period. Before the client timeout period expires, make sure that target returns a response to the client, or if the client supports it, increase the client timeout period to match the load balancer idle timeout.

AWS health check

Health check function checks whether the load balancer and the target server are connected. It check every certain time whether we can see the website via load balancer.

For AWS, it is judged whether it can access the health check URL set on the console screen. It is OK if the HTTP status 200 is returned from the URL. If inadvertent 404 comes back, even if you access the URL set by the load balancer, the the site will not displayed.

It seems that it becomes OutOfService somewhat when restarting the EC2 instance in the state attached to the ELB. Also, as it is said that 200 should be returned by health check, if you do not do BASIC certification naturally, it will be OutOfService. 401 error comes back. If you are using ELB and need to make Basic authentication, only URLs for health checks must be in a state where authentication is ineffective.

AWS ec2で複数ドメインを管理する

まずお名前.comでサブドメインを取得します。
valueにはインスタンスのipアドレスを入力する。

今回は、ここに置くとする
/var/www/dev/html/

NameVirtualHost *:80


ServerName hoge # 今まで使っていたドメイン
DocumentRoot “/var/www/html”


ServerName hogehoge # 新しいドメイン
DocumentRoot “/var/www/dev/html”

$ sudo service httpd restart
Starting httpd: AH00548: NameVirtualHost has no effect and will be removed in the next release

なんじゃこりゃー どないなってんねん。
do not stop, keep going

curl http://www.yahoo.co.jp
これは動いている。
/etc/resolv.conf ではなさそう。

Elastic Load Balancer

https通信でも使っていますが、ELB
概念図

Amazon Elastic Load Balancer
An Amazon Elastic Load Balancer (Amazon ELB) is a service that automatically distributes incoming application traffic across multiple Amazon EC2 instances. It enables you to achieve even greater fault tolerance in your applications, seamlessly providing the amount of load balancing capacity needed in response to incoming application traffic. Elastic Load Balancing detects unhealthy instances within a pool and automatically reroutes traffic to healthy instances until the unhealthy instances have been restored.

select instance

load balancer 負荷分散

なるほど~

Route53

Amazon Route 53
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other, often using a process called recursion.

CNAME Record
A Canonical Name record (CNAME) is a type of resource record in the Domain Name System (DNS) used to specify that a domain name is an alias for another domain, the “canonical” domain. All information, including subdomains, IP addresses, etc. are defined by the canonical domain.

Canonical Domain
Canonical Domain is another name for the CNAME DNS record type. The CNAME record is used to create an alias for the canonical domain.

Alias Record
Alias resource record sets provide an Amazon Route 53 specific extension to DNS functionality. Instead of an IP address or a domain name, an alias resource record set contains a pointer to a CloudFront distribution, an ELB load balancer, an Amazon S3 bucket that is configured as a static website, or another Amazon Route 53 resource record set in the same hosted zone. When Amazon Route 53 receives a DNS query that matches the name and type in an alias resource record set, Amazon Route 53 follows the pointer and responds with the applicable value.

Resource Record Set
Resource record sets are the basic information elements of the domain name system. Each record set includes the name of a domain or a subdomain, a record type, and other information applicable to the record type.

The Name Server (NS) Resource Record Set
Amazon Route 53 automatically creates a name server (NS) resource record set when you create a new hosted zone with the same name as your hosted zone. It lists the four name servers that are the authoritative name servers for your hosted zone. Do not add, change, or delete name servers in this resource record set.

For Example:

  • ns-2048.awsdns-64.com
  • ns-2049.awsdns-65.net
  • ns-2050.awsdns-66.org
  • ns-2051.awsdns-67.co.uk

Health check

AWS ELB(ロードバランサ)を設定していく

ロードバランサーの種類の選択で、3種類ありますね。
1. Application Load Balancer
2. Network Load Balancer
3. Classic Load Balancer

TCPとは? ->IPと同様にインターネットにおいて標準的に利用されている プロトコルです。TCPは、IPの上位プロトコルでトランスポート層で動作するプロトコル。

HTTPSを選択します。

きた~~~~~~~~~~~~~~~!!!!!!!!!!!!!!!!!!!
きゃ~ わ~い、わ~い。 これは嬉しいぞ。

azureも簡単だったが、AWSも簡単だ! これは凄い!
httpsが開通したので、早速javascriptの位置情報取得を試したいですね。

AWS Certificate Manager

コンソールにログインし、Certificate Managerへ行きます。

証明書のプロビジョニング を押下します。
>お客様のサイトの名前を指定し、ID を設定してください。残りの手順は ACM が行います。ACM は Amazon またはお客様のプライベート認証機関が発行する SSL/TLS 証明書の更新を管理します。

ACMは、SSL/TLS証明書を管理すると記載があります。ACMってなんかヨーロッパのサッカーチーム名のようですね。
すると、

証明書のリクエストページに遷移します。
>新しい証明書をリクエストするのではなく既存の証明書をインポートするには、[証明書のインポート] を選択します。
>パブリック証明書のリクエスト
> プライベート証明書のリクエスト

Amazonからリクエストするので、パブリック証明書のリクエストでいいのかな。

ドメイン名の入力画面になります。

Route53で設定したドメインを入力していくと、

あれ、検証保留中だ。
あ、発行済みになりました。大体2~3分です。

Route 53のhosted zoneで、ドメインに、CNAMEが追加されていればOKです。

AWSのELBとクライアント間でhttps通信

概念図はこちら

※AWSのアイコンにも少し慣れてきました。

以下のパターンで実装できるとのこと
1.AWSの証明書管理サービスであるACM(AWS Certificate Manager)発行のもの
2.シマンテックなどの外部CAで発行したもの

AWSコンソールにログインします。
セキュリティ、アイデンティティ、コンプライアンスに、Certificate Managerがありますね。
こいつか!?

流れとしては、
1. Route 53にサブドメイン作成
2. ACM証明書設定
2.1. ACMから証明書発行
3. EC2インスタンス作成
4. ELB作成
5. 動作確認

サブドメインですか?
一応、Elastic IPを設定して、EC2とRoute 53は既に作成済みです。

ELBとは?
Elastic Load Balancingですね。