Stellen Sie die PHP -App im AWS -ECS -Cluster mit ALB bereitPhp

PHP-Programmierer chatten hier
Guest
 Stellen Sie die PHP -App im AWS -ECS -Cluster mit ALB bereit

Post by Guest »

Ich versuche, eine Symfony -PHP -Anwendung für AWS -ECS mit Nginx als Webserver bereitzustellen. Ein Anwendungslastausgleich (ALB) übernimmt die SSL -Kündigung und leitet den HTTPS -Verkehr an den ECS -Dienst weiter. Mein Nginx -Container kann jedoch keine Anforderungen an den PHP -Container weiterleiten, was zu Fehlern in den Nginx -Containerprotokollen führt: < /p>
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: exiting, bye-bye!
php
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: Terminating ...
php
February 08, 2025 at 16:57 (UTC-8:00)2025/02/09 00:57:54 [emerg] 1#1: host not found in upstream "php:9000" in /etc/nginx/conf.d/default.conf:2
nginx
February 08, 2025 at 16:57 (UTC-8:00)nginx: [emerg] host not found in upstream "php:9000" in /etc/nginx/conf.d/default.conf:2
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Configuration complete; ready for start up
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
nginx
February 08, 2025 at 16:57 (UTC-8:00)10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
nginx
February 08, 2025 at 16:57 (UTC-8:00)10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
nginx
February 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
nginx
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: ready to handle connections
php
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: fpm is running, pid 1
< /code>
Ich verwende diese nginx default.conf -Datei: < /h2>
upstream php {
server php:9000;
}

server {
listen 8080;
server_name _;

root /var/www/html/public;
index index.php index.html;

location / {
try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php:9000;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
}
< /code>
und diese Docker -Datei für Nginx: < /h2>
FROM nginx:1.24-alpine
WORKDIR /var/www/html
COPY ./docker/nginx/default.conf /etc/nginx/conf.d/default.conf
COPY ./public /var/www/html
EXPOSE 8080
CMD ["nginx", "-g", "daemon off;"]
< /code>
Und dies ist die Docker -Datei für PHP: < /h2>
FROM php:8.2-fpm
RUN apt-get update && apt-get install -y \
unzip git curl libpng-dev libjpeg-dev libfreetype6-dev \
&& docker-php-ext-configure gd --with-freetype --with-jpeg \
&& docker-php-ext-install pdo pdo_mysql gd opcache \
&& rm -rf /var/lib/apt/lists/* # Reduce image size
WORKDIR /var/www/html
COPY . /var/www/html
COPY ./docker/php/conf.d/custom.ini /usr/local/etc/php/conf.d/custom.ini
RUN chown -R www-data:www-data /var/www/html \
&& chmod -R 755 /var/www/html
RUN sed -i 's/^user = ./user = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^group = ./group = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.owner = ./listen.owner = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.group = ./listen.group = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.mode = .*/listen.mode = 0660/' /usr/local/etc/php-fpm.d/www.conf
CMD ["php-fpm", "-F"]
< /code>
Und dies ist die Definition der ECS -Aufgaben: < /h2>
{
"taskDefinitionArn": "arn:aws:ecs:ca-central-1:537124965615:task-definition/outlier-academy-backend:88",
"containerDefinitions": [
{
"name": "php",
"image": "537124965615.dkr.ecr.ca-central-1.amazonaws.com/backend/php:latest",
"cpu": 512,
"memory": 1024,
"portMappings": [
{
"containerPort": 9000,
"hostPort": 9000,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "APP_DEBUG",
"value": "false"
},
{
"name": "APP_ENV",
"value": "prod"
}
],
"mountPoints": [
{
"sourceVolume": "efs-volume",
"containerPath": "/var/www/html"
}
],
"volumesFrom": [],
"secrets": [
{
"name": "MYSQL_HOST",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_HOST::"
},
{
"name": "MYSQL_DATABASE",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_NAME::"
},
{
"name": "MYSQL_USER",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_USERNAME::"
},
{
"name": "MYSQL_PASSWORD",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_PASSWORD::"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/outlier-academy-backend",
"awslogs-region": "ca-central-1",
"awslogs-stream-prefix": "php"
}
},
"healthCheck": {
"command": [
"CMD-SHELL",
"curl -f http://localhost/health-check || exit 1"
],
"interval": 30,
"timeout": 10,
"retries": 3
},
"systemControls": []
},
{
"name": "nginx",
"image": "537124965615.dkr.ecr.ca-central-1.amazonaws.com/backend/nginx:latest",
"cpu": 512,
"memory": 1024,
"portMappings": [
{
"containerPort": 8080,
"hostPort": 8080,
"protocol": "tcp"
}
],
"essential": true,
"environment": [],
"mountPoints": [
{
"sourceVolume": "efs-volume",
"containerPath": "/var/www/html"
}
],
"volumesFrom": [],
"dependsOn": [
{
"containerName": "php",
"condition": "START"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/outlier-academy-backend",
"awslogs-region": "ca-central-1",
"awslogs-stream-prefix": "nginx"
}
},
"systemControls": []
}
],
"family": "outlier-academy-backend",
"taskRoleArn": "arn:aws:iam::537124965615:role/ecsTaskRole",
"executionRoleArn": "arn:aws:iam::537124965615:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 88,
"volumes": [
{
"name": "efs-volume",
"efsVolumeConfiguration": {
"fileSystemId": "fs-0eb470888836bb681",
"rootDirectory": "/",
"transitEncryption": "ENABLED",
"authorizationConfig": {
"accessPointId": "fsap-0bb93651afb6e5a92",
"iam": "ENABLED"
}
}
}
],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.container-health-check"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
},
{
"name": "ecs.capability.efsAuth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "ecs.capability.secrets.asm.environment-variables"
},
{
"name": "ecs.capability.efs"
},
{
"name": "ecs.capability.container-ordering"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "2048",
"registeredAt": "2025-02-09T00:56:30.287Z",
"registeredBy": "arn:aws:iam::537124965615:user/ahmed-elkhouly",
"tags": []
}
< /code>
und diese GitHub -Aktions -Pipeline für CICD: < /h2>
on:
push:
branches:
- deploy-on-cloud

env:
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_PHP_REPOSITORY: backend/php
ECR_NGINX_REPOSITORY: backend/nginx
IMAGE_TAG: ${{ github.sha }}

jobs:
deploy:
name: Deploy to AWS ECS
runs-on: ubuntu-latest

steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Build & Push Docker Images
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
for service in php nginx; do
docker build -t $ECR_REGISTRY/backend/$service:$IMAGE_TAG \
-t $ECR_REGISTRY/backend/$service:latest \
-f docker/$service/Dockerfile .
docker push $ECR_REGISTRY/backend/$service --all-tags
done

- name: Download ECS Task Definition
run: aws ecs describe-task-definition \
--task-definition ${{ secrets.ECS_TASK_DEFINITION }} \
--query taskDefinition > task-definition.json

- name: Update ECS Task Definition (PHP)
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: php
image: ${{ steps.login-ecr.outputs.registry }}/backend/php:${{ env.IMAGE_TAG }}

- name: Update ECS Task Definition (Nginx)
id: task-def-updated
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
container-name: nginx
image: ${{ steps.login-ecr.outputs.registry }}/backend/nginx:${{ env.IMAGE_TAG }}

- name: Deploy to ECS
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def-updated.outputs.task-definition }}
service: ${{ secrets.ECS_SERVICE }}
cluster: ${{ secrets.ECS_CLUSTER }}
wait-for-service-stability: true

- name: Clean Up Old Images
if: always()
run: |
for repo in backend/php backend/nginx; do
aws ecr list-images --repository-name $repo \
--query 'imageIds[?imageTag!=`latest`]|[0].imageDigest' --output text | \
head -n -5 | while read digest; do
[ -n "$digest" ] && aws ecr batch-delete-image --repository-name $repo --image-ids imageDigest=$digest
done
done
< /code>
Ich habe den ALB in 2 öffentlichen Subnetzen und den ECS -Cluster in 2 privaten Subnetzen erstellt, und ich habe eine SG für ALB und SG für ECs und eine SG für EFS und ich habe den gesamten Verkehr dazwischen zugelassen sie fürs Erste, bis ich mein Problem behebte. Habe ich in meiner Konfiguration etwas falsch, das es nicht zulässt, dass Nginx Container mit PHP -Container sprechen kann. Ich nehme an, sie können normalerweise mithilfe des Containernamens auflösen, da beide in derselben ECS -Aufgabe sind? < /P>
Ich habe versucht, die Nginx -Konfigurationen viele Male zu ändern, aber das Problem nicht gelöst, und ich erwarte einen Experten hier, der mir bei allen Hinweisen hilft.

Quick Reply

Change Text Case: 
   
  • Similar Topics
    Replies
    Views
    Last post