![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2021-08-12
一共有3類 Load Balancer
- Application Load Balancer
- Network Load Balancer
- Gateway Load Balancers
Application vs Network Load Balancer
* Both support an SSL certificate install on your load balancer.
* SNI is automatically enabled when you associate more than one TLS certificate
Application Load Balancer
* Support weighted target
Network Load Balancer
* For each associated subnet that a Network Load Balancer is in,
the Network Load Balancer can only support a single public/internet facing IP address.
* The Elastic IP Addresses that were associated with your load balancer
will be returned to your allocated pool and made available for future use.
Note:
* If the Choose an Elastic IP option is unavailable,
you must allocate an Elastic IP address for the Network Load Balancer elastic network interfaces.
* After you create the load balancer, you cannot disable the enabled subnets,
but you can enable additional ones.
Network Load Balancer
ALB Rule priority order
Rules are evaluated in priority order, from the lowest value to the highest value.
The default rule is evaluated last.
A path pattern is case-sensitive, can be up to 128 characters in length,
and can contain any of the following characters.
- A-Z, a-z, 0-9
- _ - . $ / ~ " ' @ : +
- & (using &)
- * (matches 0 or more characters)
- ? (matches exactly 1 character)
ALB TLS Offload
Support
- WebSockets
-
HTTP/2 with HTTPS listeners.
(You can't use the server-push feature of HTTP/2)
Header
- X-Forwarded-For (http_x_forwarded_for)
- X-Forwarded-Proto
- X-Forwarded-Port
X-Forwarded-Proto
server {
listen 80;
server_name _;
if ($http_x_forwarded_proto = 'http'){
return 301 https://$host$request_uri;
}
}
Health Check
Error
Health checks failed with these codes: [301]原因: http redirect to https
nginx
server {
listen 80;
server_name datahunter.org;
root /usr/share/nginx/html;
set $notHealthCheck 0;
set $redirectHttp 0;
if ($request_uri != "/server-check/server.php"){
set $notHealthCheck 1;
}
if ($http_x_forwarded_proto = 'http'){
set $redirectHttp 1;
}
if ($notHealthCheck = $redirectHttp){
return 301 https://$host$request_uri;
}
include /etc/nginx/snippets/datahunter.org.conf;
}Health Checker User Agent
nginx 的 $http_user_agent
"ELB-HealthChecker/2.0"
Sticky sessions & Cookie
Cookie: AWSALB
* To use sticky sessions, the client must support cookies.
* The content of load balancer generated cookies are encrypted using a rotating key.
(You cannot decrypt or modify load balancer generated cookies. )
Application-based stickiness
When the Application Load Balancer receives the custom application cookie from the target,
it automatically generates a new encrypted application cookie to capture stickiness information.
The load balancer generated application cookie does not copy the attributes of the custom cookie set by the target.
(expiry attribute)
P.S.
curl with cookie
--cookie "AWSALB=...."
Slow start duration
It gives targets time to warm up before the load balancer sends them a full share of requests.
The load balancer linearly increases the number of requests that it can send to a target in slow start mode.
After a healthy target exits slow start mode, the load balancer can send it a full share of requests.