Creating a Proxy ELB for Diego SSH
If you want to allow SSH connections to application containers, you may want to use an Elastic Load Balancer (ELB) as the SSH proxy.
Perform the steps below to create this ELB:
On the EC2 Dashboard, click Load Balancers.
Click Create Load Balancer, and configure a load balancer with the following information:
- Enter a load balancer name.
- Create LB Inside: Select the pcf-vpc VPC where your PCF installation lives.
- Ensure that the Create an internal load balancer checkbox is not selected.
Under Load Balancer Protocol, ensure that this ELB is listening on TCP port
2222
and forwarding to TCP port2222
.Under Select Subnets, select the public subnet.
On the Assign Security Groups page, create a new Security Group. This Security Group should allow inbound traffic on TCP port
2222
.The Configure Security Settings page displays a security warning because your load balancer is not using a secure listener. You can ignore this warning.
Click Next: Configure Health Check.
Select TCP in Ping Protocol on the Configure Health Check page. Ensure that the Ping Port value is
2222
and set the Health Check Interval to30
seconds.Click Next: Add EC2 Instances.
Accept the defaults on the Add EC2 Instances page and click Next: Add Tags.
Accept the defaults on the Add Tags page and click Review and Create.
Review and confirm the load balancer details, and click Create.
With your DNS service (for example, Amazon Route 53), create an
ssh.system.YOUR-SYSTEM-DOMAIN
DNS record that points to this ELB that you just created.You can now use this ELB to the SSH Proxy of your Pivotal Application Service (PAS) installation.
In PAS, select Resource Config, and enter the ELB that you just created in the Diego Brain row, under the ELB Names column.