Is it possible to run multiple web instance in the same AWS EC2?

Question

Background

I have followed this tutorial https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-cli-tutorial-ec2.html, composed a docker compose file, made a website A (compose of 4 containers) up and run serving 1 of my client.

However, now I have another client which I need to host another web site website B using similar strategies as above.

Here is the current running service of ECS / EC2

and here are the containers up and running, serving website A now

Questions & concerns

1. The website A is now situated as 1 of a service in the EC2 under my only cluster, can I use the same EC2 instance and run website B (as another service of the EC2)?
2. If so, how are the ports / inbound / outbound traffic being managed? Now website A already occupies port 80, 443, 27017 and 3002 of the EC2 instance for inbound traffic, if website B's containers also run in the same EC2 instances, can I still use port 80, 443, 27017 and 3002 for website B. I have read the docs of ALB (Amazon Load Balancer), seems it can fulfill the requirement, am I at the right track?
3. And the domain name, through route 53, I have registered a domain www.websiteA.com to serve the 1st website, I have also registered another www.websiteB.com preparing to serve website B, in my case, I guess I need to configure the new domain B pointing to the same EC2 IP?
4. During my deployment of website B, I do not want to affect the availability of website A, can it be maintained during the process of deploying website B's containers?

I want to clear all the concepts before kick-starting to deploy the website B, appreciate for any help, thank you

Follow-up actions

I come up decided to use AWS application load balancer to solve my issue, and have the following configurations setup.

I first look into load balancer

And configured as follows

I setup a load balancer which listens for requests using HTTP protocol with incoming port 80, whenever there are users access the web server (i.e.: the frontend container), listener will forward that request to the target group (i.e.: http-port-80-access)

And here is the target group (http-port-80-access) which contains a registered target (currently my ec2 instance running the containers), the host port of the container is 32849 which in turn made used by the associated load balancer (web-access-load-balancer) for dynamic port mapping.

I have also configured 1 more rule on top of the default rule, whenever user access url of websiteA, load balancer will forward the request to the target group (http-port-80-access).

All things set, and the healthy test also passed. I then used the following ecs-cli compose service up command to wire up the load balancer with the service

ecs-cli compose --file ./docker-compose-aws-prod.yml --cluster my-ecs-cluster-name --ecs-profile my-ecs-profile --cluster-config my-cluster --project-name my-project --ecs-params ./ecs-params.yml service up --target-group-arn arn:aws:elasticloadbalancing:us-east-2:xxxxxxxxx:targetgroup/http-port-80-access/xxxxxxxx --container-name frontend --container-port 80

where frontend is the service name of the frontend container of website A

However, turn out when I access www.websiteA.com through browser, nothing but ERR_CONNECTION_REFUSED, accessing www.websiteA.com:32849 did accessible, but is not what I desired.

I am wondering which part I configured wrongly

Answer 1

The website A is now situated as 1 of a service in the EC2 under my only cluster, can I use the same EC2 instance and run website B (as another service of the EC2)?

Indeed. However - as you already found out, you have to split the traffic based on something (hostname, path,..). That's where the reverse-proxy comes in play (either managed - ALB, NLB or your own - nginx, haproxy,.. ) .

It's simple for the http traffic (based on the host)

If so, how are the ports / inbound / outbound traffic being managed? Now website A already occupies port 80, 443, 27017 and 3002 of the EC2 instance for inbound traffic, if website B's containers also run in the same EC2 instances, can I still use port 80, 443, 27017 and 3002 for website B.

assuming the ports 27017 and the 3002 are using own binary protocol (not http). You will have handle that.

You can in theory define the port mapping (map different public listening port to these custom ports), but then you need to either use NLB (network load balancer) or expose the ports on hosts public IP. In the latter case I'm not sure with ECS you can guarantee which IP is used (e.g. having multiple worker nodes)

I have read the docs of ALB (Amazon Load Balancer), seems it can fulfill the requirement, am I at the right track?

ALB is layer 7 reverse proxy (http), it is imho the best option for the web access, not for binary protocols.

, I guess I need to configure the new domain B pointing to the same EC2 IP?

that's the plan

During my deployment of website B, I do not want to affect the availability of website A, can it be maintained during the process of deploying website B's containers?

shouldn't be a problem

Answer 2

If you are sending traffic directly to the instance then you would have to host on a different port. You should consider using an ALB, which would allow you to use dynamic ports in ECS. The ALB can accept traffic from ports 80 and 443 for different domains and route the traffic to different containers based on things like the domain.

Answer 3

Run website B on different ports. To allow end users to interact with website B without specify port numbers use a reverse-proxy. See AWS CloudFront.