Развернуть приложение PHP на кластере AWS ECS с ALB

Развернуть приложение PHP на кластере AWS ECS с ALB ⇐ Php

1 сообщение • Страница 1 из 1

Anonymous

Развернуть приложение PHP на кластере AWS ECS с ALB

Цитата

Сообщение Anonymous » 09 фев 2025, 08:55

Я пытаюсь развернуть приложение Symfony PHP для AWS ECS, используя Nginx в качестве веб -сервера. Балансировщик нагрузки приложения (ALB) обрабатывает завершение SSL и направляет https трафик в службу ECS. Тем не менее, мой контейнер Nginx не может перенаправить запросы в контейнер PHP, что приводит к ошибкам, зарегистрированным в журналах контейнеров Nginx: < /p>
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: exiting, bye-bye!phpFebruary 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: Terminating ...phpFebruary 08, 2025 at 16:57 (UTC-8:00)2025/02/09 00:57:54 [emerg] 1#1: host not found in upstream "php:9000" in /etc/nginx/conf.d/default.conf:2nginxFebruary 08, 2025 at 16:57 (UTC-8:00)nginx: [emerg] host not found in upstream "php:9000" in /etc/nginx/conf.d/default.conf:2nginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Configuration complete; ready for start upnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.shnginxFebruary 08, 2025 at 16:57 (UTC-8:00)10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged versionnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.shnginxFebruary 08, 2025 at 16:57 (UTC-8:00)10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.confnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.shnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configurationnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/nginxFebruary 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: ready to handle connectionsphpFebruary 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: fpm is running, pid 1
< /code>
Я использую этот файл nginx default.conf: < /h2>
upstream php {
server php:9000;
}

server {
listen 8080;
server_name _;

root /var/www/html/public;
index index.php index.html;

location / {
try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php:9000;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
}
< /code>
и этот файл Docker для nginx: < /h2>
FROM nginx:1.24-alpine
WORKDIR /var/www/html
COPY ./docker/nginx/default.conf /etc/nginx/conf.d/default.conf
COPY ./public /var/www/html
EXPOSE 8080
CMD ["nginx", "-g", "daemon off;"]
< /code>
и это файл Docker для php: < /h2>
FROM php:8.2-fpm
RUN apt-get update && apt-get install -y \
unzip git curl libpng-dev libjpeg-dev libfreetype6-dev \
&& docker-php-ext-configure gd --with-freetype --with-jpeg \
&& docker-php-ext-install pdo pdo_mysql gd opcache \
&& rm -rf /var/lib/apt/lists/* # Reduce image size
WORKDIR /var/www/html
COPY . /var/www/html
COPY ./docker/php/conf.d/custom.ini /usr/local/etc/php/conf.d/custom.ini
RUN chown -R www-data:www-data /var/www/html \
&& chmod -R 755 /var/www/html
RUN sed -i 's/^user = ./user = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^group = ./group = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.owner = ./listen.owner = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.group = ./listen.group = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.mode = .*/listen.mode = 0660/' /usr/local/etc/php-fpm.d/www.conf
CMD ["php-fpm", "-F"]
< /code>
и это определение задачи ECS: < /h2>
{
"taskDefinitionArn": "arn:aws:ecs:ca-central-1:537124965615:task-definition/outlier-academy-backend:88",
"containerDefinitions": [
{
"name": "php",
"image": "537124965615.dkr.ecr.ca-central-1.amazonaws.com/backend/php:latest",
"cpu": 512,
"memory": 1024,
"portMappings": [
{
"containerPort": 9000,
"hostPort": 9000,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "APP_DEBUG",
"value": "false"
},
{
"name": "APP_ENV",
"value": "prod"
}
],
"mountPoints": [
{
"sourceVolume": "efs-volume",
"containerPath": "/var/www/html"
}
],
"volumesFrom": [],
"secrets": [
{
"name": "MYSQL_HOST",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615

outlier-academy-secrets-uDY75N:DATABASE_HOST::"
},
{
"name": "MYSQL_DATABASE",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615

outlier-academy-secrets-uDY75N:DATABASE_NAME::"
},
{
"name": "MYSQL_USER",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615

outlier-academy-secrets-uDY75N:DATABASE_USERNAME::"
},
{
"name": "MYSQL_PASSWORD",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615

outlier-academy-secrets-uDY75N:DATABASE_PASSWORD::"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/outlier-academy-backend",
"awslogs-region": "ca-central-1",
"awslogs-stream-prefix": "php"
}
},
"healthCheck": {
"command": [
"CMD-SHELL",
"curl -f http://localhost/health-check || exit 1"
],
"interval": 30,
"timeout": 10,
"retries": 3
},
"systemControls": []
},
{
"name": "nginx",
"image": "537124965615.dkr.ecr.ca-central-1.amazonaws.com/backend/nginx:latest",
"cpu": 512,
"memory": 1024,
"portMappings": [
{
"containerPort": 8080,
"hostPort": 8080,
"protocol": "tcp"
}
],
"essential": true,
"environment": [],
"mountPoints": [
{
"sourceVolume": "efs-volume",
"containerPath": "/var/www/html"
}
],
"volumesFrom": [],
"dependsOn": [
{
"containerName": "php",
"condition": "START"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/outlier-academy-backend",
"awslogs-region": "ca-central-1",
"awslogs-stream-prefix": "nginx"
}
},
"systemControls": []
}
],
"family": "outlier-academy-backend",
"taskRoleArn": "arn:aws:iam::537124965615:role/ecsTaskRole",
"executionRoleArn": "arn:aws:iam::537124965615:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 88,
"volumes": [
{
"name": "efs-volume",
"efsVolumeConfiguration": {
"fileSystemId": "fs-0eb470888836bb681",
"rootDirectory": "/",
"transitEncryption": "ENABLED",
"authorizationConfig": {
"accessPointId": "fsap-0bb93651afb6e5a92",
"iam": "ENABLED"
}
}
}
],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.container-health-check"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
},
{
"name": "ecs.capability.efsAuth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "ecs.capability.secrets.asm.environment-variables"
},
{
"name": "ecs.capability.efs"
},
{
"name": "ecs.capability.container-ordering"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "2048",
"registeredAt": "2025-02-09T00:56:30.287Z",
"registeredBy": "arn:aws:iam::537124965615:user/ahmed-elkhouly",
"tags": []
}
< /code>
и этот трубопровод github actions для CICD: < /h2>
on:
push:
branches:
- deploy-on-cloud

env:
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_PHP_REPOSITORY: backend/php
ECR_NGINX_REPOSITORY: backend/nginx
IMAGE_TAG: ${{ github.sha }}

jobs:
deploy:
name: Deploy to AWS ECS
runs-on: ubuntu-latest

steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Build & Push Docker Images
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
for service in php nginx; do
docker build -t $ECR_REGISTRY/backend/$service:$IMAGE_TAG \
-t $ECR_REGISTRY/backend/$service:latest \
-f docker/$service/Dockerfile .
docker push $ECR_REGISTRY/backend/$service --all-tags
done

- name: Download ECS Task Definition
run: aws ecs describe-task-definition \
--task-definition ${{ secrets.ECS_TASK_DEFINITION }} \
--query taskDefinition > task-definition.json

- name: Update ECS Task Definition (PHP)
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: php
image: ${{ steps.login-ecr.outputs.registry }}/backend/php:${{ env.IMAGE_TAG }}

- name: Update ECS Task Definition (Nginx)
id: task-def-updated
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
container-name: nginx
image: ${{ steps.login-ecr.outputs.registry }}/backend/nginx:${{ env.IMAGE_TAG }}

- name: Deploy to ECS
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def-updated.outputs.task-definition }}
service: ${{ secrets.ECS_SERVICE }}
cluster: ${{ secrets.ECS_CLUSTER }}
wait-for-service-stability: true

- name: Clean Up Old Images
if: always()
run: |
for repo in backend/php backend/nginx; do
aws ecr list-images --repository-name $repo \
--query 'imageIds[?imageTag!=`latest`]|[0].imageDigest' --output text | \
head -n -5 | while read digest; do
[ -n "$digest" ] && aws ecr batch-delete-image --repository-name $repo --image-ids imageDigest=$digest
done
done
< /code>
Я создал ALB в 2 публичных подсетях и кластер ECS в 2 частных подсети, и у меня есть SG для ALB и SG для ECS и SG для EFS, и я позволил всем трафикам между трафиком между их пока, пока я не исправим свою проблему. Что -то не так в моей конфигурации, которое не позволяет контейнеру NGINX разговаривать с PHP -контейнером, я полагаю, что они могут нормально разрешать с помощью имени контейнера, поскольку оба выполняются в одной и той же задаче ECS? < /P>
Я пытался изменить конфигурации NGINX много раз, но не решил проблему, и я ожидаю, что какой -нибудь эксперт здесь поможет мне с любыми подсказками.>

Подробнее здесь: https://stackoverflow.com/questions/794 ... r-with-alb

1739080526

Anonymous

 Я пытаюсь развернуть приложение Symfony PHP для AWS ECS, используя Nginx в качестве веб -сервера. Балансировщик нагрузки приложения (ALB) обрабатывает завершение SSL и направляет https трафик в службу ECS.  Тем не менее, мой контейнер Nginx не может перенаправить запросы в контейнер PHP, что приводит к ошибкам, зарегистрированным в журналах контейнеров Nginx: < /p>
February 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: exiting, bye-bye!phpFebruary 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: Terminating ...phpFebruary 08, 2025 at 16:57 (UTC-8:00)2025/02/09 00:57:54 [emerg] 1#1: host not found in upstream "php:9000" in /etc/nginx/conf.d/default.conf:2nginxFebruary 08, 2025 at 16:57 (UTC-8:00)nginx: [emerg] host not found in upstream "php:9000" in /etc/nginx/conf.d/default.conf:2nginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Configuration complete; ready for start upnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.shnginxFebruary 08, 2025 at 16:57 (UTC-8:00)10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged versionnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.shnginxFebruary 08, 2025 at 16:57 (UTC-8:00)10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.confnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.shnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configurationnginxFebruary 08, 2025 at 16:57 (UTC-8:00)/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/nginxFebruary 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: ready to handle connectionsphpFebruary 08, 2025 at 16:57 (UTC-8:00)[09-Feb-2025 00:57:54] NOTICE: fpm is running, pid 1
< /code>
 Я использую этот файл nginx default.conf: < /h2>
upstream php {
server php:9000;
}

server {
listen 8080;
server_name _;

root /var/www/html/public;
index index.php index.html;

location / {
try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php:9000;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
}
< /code>
 и этот файл Docker для nginx: < /h2>
FROM nginx:1.24-alpine
WORKDIR /var/www/html
COPY ./docker/nginx/default.conf /etc/nginx/conf.d/default.conf
COPY ./public /var/www/html
EXPOSE 8080
CMD ["nginx", "-g", "daemon off;"]
< /code>
 и это файл Docker для php: < /h2>
FROM php:8.2-fpm
RUN apt-get update && apt-get install -y \
unzip git curl libpng-dev libjpeg-dev libfreetype6-dev \
&& docker-php-ext-configure gd --with-freetype --with-jpeg \
&& docker-php-ext-install pdo pdo_mysql gd opcache \
&& rm -rf /var/lib/apt/lists/*  # Reduce image size
WORKDIR /var/www/html
COPY .  /var/www/html
COPY ./docker/php/conf.d/custom.ini /usr/local/etc/php/conf.d/custom.ini
RUN chown -R www-data:www-data /var/www/html \
&& chmod -R 755 /var/www/html
RUN sed -i 's/^user = ./user = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^group = ./group = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.owner = ./listen.owner = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&& sed -i 's/^listen.group = ./listen.group = www-data/' /usr/local/etc/php-fpm.d/www.conf \
&&  sed -i 's/^listen.mode = .*/listen.mode = 0660/' /usr/local/etc/php-fpm.d/www.conf
CMD ["php-fpm", "-F"]
< /code>
 и это определение задачи ECS: < /h2>
{
"taskDefinitionArn": "arn:aws:ecs:ca-central-1:537124965615:task-definition/outlier-academy-backend:88",
"containerDefinitions": [
{
"name": "php",
"image": "537124965615.dkr.ecr.ca-central-1.amazonaws.com/backend/php:latest",
"cpu": 512,
"memory": 1024,
"portMappings": [
{
"containerPort": 9000,
"hostPort": 9000,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "APP_DEBUG",
"value": "false"
},
{
"name": "APP_ENV",
"value": "prod"
}
],
"mountPoints": [
{
"sourceVolume": "efs-volume",
"containerPath": "/var/www/html"
}
],
"volumesFrom": [],
"secrets": [
{
"name": "MYSQL_HOST",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_HOST::"
},
{
"name": "MYSQL_DATABASE",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_NAME::"
},
{
"name": "MYSQL_USER",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_USERNAME::"
},
{
"name": "MYSQL_PASSWORD",
"valueFrom": "arn:aws:secretsmanager:ca-central-1:537124965615:secret:outlier-academy-secrets-uDY75N:DATABASE_PASSWORD::"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/outlier-academy-backend",
"awslogs-region": "ca-central-1",
"awslogs-stream-prefix": "php"
}
},
"healthCheck": {
"command": [
"CMD-SHELL",
"curl -f http://localhost/health-check || exit 1"
],
"interval": 30,
"timeout": 10,
"retries": 3
},
"systemControls": []
},
{
"name": "nginx",
"image": "537124965615.dkr.ecr.ca-central-1.amazonaws.com/backend/nginx:latest",
"cpu": 512,
"memory": 1024,
"portMappings": [
{
"containerPort": 8080,
"hostPort": 8080,
"protocol": "tcp"
}
],
"essential": true,
"environment": [],
"mountPoints": [
{
"sourceVolume": "efs-volume",
"containerPath": "/var/www/html"
}
],
"volumesFrom": [],
"dependsOn": [
{
"containerName": "php",
"condition":  "START"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/outlier-academy-backend",
"awslogs-region": "ca-central-1",
"awslogs-stream-prefix": "nginx"
}
},
"systemControls": []
}
],
"family": "outlier-academy-backend",
"taskRoleArn": "arn:aws:iam::537124965615:role/ecsTaskRole",
"executionRoleArn": "arn:aws:iam::537124965615:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 88,
"volumes": [
{
"name": "efs-volume",
"efsVolumeConfiguration": {
"fileSystemId": "fs-0eb470888836bb681",
"rootDirectory": "/",
"transitEncryption": "ENABLED",
"authorizationConfig": {
"accessPointId": "fsap-0bb93651afb6e5a92",
"iam": "ENABLED"
}
}
}
],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.container-health-check"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
},
{
"name": "ecs.capability.efsAuth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "ecs.capability.secrets.asm.environment-variables"
},
{
"name": "ecs.capability.efs"
},
{
"name": "ecs.capability.container-ordering"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "2048",
"registeredAt": "2025-02-09T00:56:30.287Z",
"registeredBy": "arn:aws:iam::537124965615:user/ahmed-elkhouly",
"tags": []
}
< /code>
 и этот трубопровод github actions для CICD: < /h2>
on:
push:
branches:
- deploy-on-cloud

env:
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_PHP_REPOSITORY: backend/php
ECR_NGINX_REPOSITORY: backend/nginx
IMAGE_TAG: ${{ github.sha }}

jobs:
deploy:
name: Deploy to AWS ECS
runs-on: ubuntu-latest

steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses:  aws-actions/amazon-ecr-login@v2

- name: Build & Push Docker Images
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
for service in php nginx; do
docker build -t $ECR_REGISTRY/backend/$service:$IMAGE_TAG \
-t $ECR_REGISTRY/backend/$service:latest \
-f docker/$service/Dockerfile .
docker push $ECR_REGISTRY/backend/$service --all-tags
done

- name: Download ECS Task Definition
run: aws ecs describe-task-definition \
--task-definition ${{ secrets.ECS_TASK_DEFINITION }} \
--query taskDefinition > task-definition.json

- name: Update ECS Task Definition (PHP)
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: php
image: ${{ steps.login-ecr.outputs.registry }}/backend/php:${{ env.IMAGE_TAG }}

- name: Update ECS Task Definition (Nginx)
id: task-def-updated
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
container-name: nginx
image: ${{ steps.login-ecr.outputs.registry }}/backend/nginx:${{ env.IMAGE_TAG }}

- name: Deploy to ECS
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def-updated.outputs.task-definition }}
service: ${{ secrets.ECS_SERVICE }}
cluster: ${{ secrets.ECS_CLUSTER }}
wait-for-service-stability: true

- name: Clean Up Old Images
if: always()
run: |
for repo in backend/php backend/nginx; do
aws ecr list-images --repository-name $repo \
--query 'imageIds[?imageTag!=`latest`]|[0].imageDigest' --output text | \
head -n -5 | while read digest; do
[ -n "$digest" ] && aws ecr batch-delete-image --repository-name $repo --image-ids imageDigest=$digest
done
done
< /code>
Я создал ALB в 2 публичных подсетях и кластер ECS в 2 частных подсети, и у меня есть SG для ALB и SG для ECS и SG для EFS, и я позволил всем трафикам между трафиком между их пока, пока я не исправим свою проблему. Что -то не так в моей конфигурации, которое не позволяет контейнеру NGINX разговаривать с PHP -контейнером, я полагаю, что они могут нормально разрешать с помощью имени контейнера, поскольку оба выполняются в одной и той же задаче ECS? < /P>
Я пытался изменить конфигурации NGINX много раз, но не решил проблему, и я ожидаю, что какой -нибудь эксперт здесь поможет мне с любыми подсказками.> 

Подробнее здесь: [url]https://stackoverflow.com/questions/79424459/deploy-php-app-on-aws-ecs-cluster-with-alb[/url]