u1.sh
1.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/bash
echo "=== 深入诊断 NLB 502 错误 ==="
# NLB ARN
NLB_ARN="arn:aws:elasticloadbalancing:us-east-1:319998871902:loadbalancer/net/k8s-ecommerc-microser-9e1de5bd30/ce9aa5e2135f0fd9"
echo "1. 检查监听器配置..."
aws elbv2 describe-listeners \
--load-balancer-arn $NLB_ARN \
--query 'Listeners[*].{Port:Port, Protocol:Protocol, DefaultActions:DefaultActions}' \
--output table
echo ""
echo "2. 检查目标组详细配置..."
TARGET_GROUPS=$(aws elbv2 describe-target-groups --load-balancer-arn $NLB_ARN --query 'TargetGroups[*].TargetGroupArn' --output text)
for TG_ARN in $TARGET_GROUPS; do
echo ""
echo "目标组详细配置:"
aws elbv2 describe-target-groups \
--target-group-arns $TG_ARN \
--query 'TargetGroups[0].{Port:Port, Protocol:Protocol, HealthCheck:HealthCheck}' \
--output table
done
echo ""
echo "3. 检查目标实例的网络可达性..."
echo "注意:以下命令需要在 VPC 内部执行"
cat << EOF
需要在 VPC 内部实例上执行的诊断命令:
# 测试目标实例的端口连通性
for IP in 10.0.103.133 10.0.101.188; do
echo "测试 \$IP:"
nc -zv \$IP 80
nc -zv \$IP 443
done
# 测试 HTTP 响应
for IP in 10.0.103.133 10.0.101.188; do
echo "测试 http://\$IP/"
curl -v --connect-timeout 5 http://\$IP/
echo "---"
done
EOF
echo ""
echo "4. 可能的根本原因:"
echo " - 后端服务未在目标端口监听"
echo " - 应用服务崩溃或未启动"
echo " - 目标实例的安全组阻止了 NLB 流量"
echo " - 应用返回错误的 HTTP 状态码"