Applications running on TEM usually need public network access, and also require allowlist access in scenarios such as mini programs. In these cases, the application should have a fixed public IP.
This document describes how to enable public network access of the applications deployed on TEM.
The applications are deployed in a TEM environment, which associates with your VPC. In other words, they are essentially deployed in your VPC. You can configure a NAT Gateway instance and associate it with an EIP for your VPC, allowing the applications in your VPC to access the public network.
Step 1: deploy the applications in TEM
Configure the applications in the TEM console as instructed in Creating Environment and Creating and Deploying Application.
Step 2: create a NAT Gateway
Log in to the NAT Gateway console, select the region where the TEM applications are deployed, and click +New to create a NAT Gateway instance.
- Network: select the VPC with which the environment of the TEM applications associates.
- Elastic IP: if there is no available elastic IP (EIP), click Create Now to purchase an EIP, and then return to the Create NAT Gateway page to select it.
Step 3: configure the NAT Gateway in the VPC console
Log in to the TEM console and access the Environment page. Select the environment in which the TEM applications are deployed to enter its details page.
Click the VPC next to Cluster Network to enter the VPC details page.
Select the Route Table module.
Click Create on the Route Table page to configure a route table.
- Destination: select the public IP address to be accessed. You can configure a CIDR block for this parameter. For example, if you enter
0.0.0.0/0, all traffic will be forwarded to the NAT Gateway.
- Next hop type: select NAT Gateway.
- Next hop: select the NAT Gateway created in the step 2.
For detailed directions, see Creating Custom Route Tables.
On the Route Table page, locate the route table just created, and click More > Associated Subnets under the Operation column. In the pop-up window, select the subnet associated with the environment in which the TEM applications are deployed.
Step 4: verify whether the TEM applications can access the public network
- Log in to the TEM console and access the Application Management page. Click the ID/Name of the TEM applications to enter the instance list page.
- Click Webshell under the Operationcolumn of the target application.
- Verify whether the application can access the public network.
Step 5: (optional) query public network access IP addresses
- Log in to the TEM console and access the Environment page. Select the environment in which the TEM applications are deployed to enter its details page.
- Click the VPC next to Cluster Network to enter the VPC details page.
- Select the NAT Gateway model to go to the NAT Gateway page.
- Click the ID/Name of the target NAT Gateway to access its details page. Select the Bind Elastic IP tab to view the IP addresses that can access the public network.
The NAT Gateway and EIP will be charged separately. For pricing details, see: