如何使用证书经理制作的证书在AWS上创建与MongoDB实例的TLS/SSL连接？健康检查失败

with用户data.sh为：

#!/bin/bash # Install docker apt-get update -y apt-get install -y docker.io systemctl start docker usermod -aG docker ubuntu DEVICE="${device_name}" MOUNT_POINT="/var/lib/mongodb" # Wait for the device to become available while [ ! -e "$DEVICE" ]; do echo "$DEVICE not yet available, waiting..." sleep 5 done mkdir -p $MOUNT_POINT # Format the volume if it's not formatted yet if ! blkid $DEVICE | grep ext4 > /dev/null; then mkfs.ext4 $DEVICE fi mount $DEVICE $MOUNT_POINT # Ensure the volume mounts automatically after reboot echo "$DEVICE $MOUNT_POINT ext4 defaults,nofail,x-systemd.device-timeout=10s 0 2" >> /etc/fstab resize2fs $DEVICE chown -R 999:999 $MOUNT_POINT # Create a systemd service for MongoDB cat > /etc/systemd/system/mongodb.service <<EOL [Unit] Description=MongoDB container After=docker.service Requires=docker.service [Service] Restart=always ExecStartPre=-/usr/bin/docker rm -f mongodb ExecStart=/usr/bin/docker run --name=mongodb \ -p 27017:27017 \ -v $MOUNT_POINT:/data/db \ -e MONGO_INITDB_ROOT_USERNAME=${MONGO_USER} \ -e MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD} \ --user 999:999 \ mongo:${MONGO_VERSION} ExecStop=/usr/bin/docker stop mongodb [Install] WantedBy=multi-user.target EOL # Enable and start MongoDB systemd service systemctl daemon-reload sysemctl enable mongodb systemctl start mongodb

我可以看到该实例正在运行MongoDB Docker容器，并在端口27017上聆听：

ubuntu@ip:~$ docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 49e5ed319c76 mongo:latest "docker-entrypoint.s…" 10 minutes ago Up 10 minutes 0.0.0.0:27017->27017/tcp, :::27017->27017/tcp mongodb

健康检查失败了：

我考虑过的替代解决方案是使用应用程序负载平衡器，但它们不适用于TCP连接，我已经考虑在Mongo实例上执行证书，但是我无法下载用于域的.pem文件证书是由亚马逊证书经理颁发的。如何在AWS中与我的MongoDB实例进行TLS/SSL连接？

您有两个具有相同安全组规则的安全组。然后，您将拥有一个仅允许来自alb_sg安全组的MongoDB流量的安全组。 您正在将

lb_sg

分配给网络负载平衡器，然后将

mongodb_sg

alb_sg

mongodb_sg

您需要删除

或