- What's New
- Function Overview
-
Service Overview
- What Is ELB?
- Product Advantages
- How ELB Works
- Application Scenarios
- Differences Between Dedicated and Shared Load Balancers
- Load Balancing on a Public or Private Network
- Network Traffic Paths
- Specifications of Dedicated Load Balancers
- Quotas and Constraints
- Billing (Dedicated Load Balancers)
- Permissions
- Product Concepts
- How ELB Works with Other Services
- Change History
- Getting Started
-
User Guide
-
Load Balancer
- Overview
- Preparations for Creating a Load Balancer
- Creating a Dedicated Load Balancer
- Creating a Shared Load Balancer
- Modifying the Bandwidth
- Changing the Specifications of a Dedicated Load Balancer
- Changing an IP Address
- Binding an IP Address to or Unbinding an IP Address from a Load Balancer
- Adding to or Removing from an IPv6 Shared Bandwidth
- Enabling or Disabling a Load Balancer
- Exporting the Load Balancer List
- Deleting a Load Balancer
- Listener
- Advanced Features of HTTP/HTTPS Listeners
- Backend Server Group
- Backend Server (Dedicated Load Balancers)
- Backend Server (Shared Load Balancers)
- Certificate
- Access Control
- TLS Security Policy
- Tag
- Access Logging
- Monitoring
- Auditing
- Permissions Management
- Quotas
- Appendix
- Change History
-
Load Balancer
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- APIs (V3)
- Examples
- Permissions and Supported Actions
- Appendix
- SDK Reference
-
FAQs
- Popular Questions
-
ELB Use
- Service Abnormality
-
ELB Functionality
- Can ELB Be Used Separately?
- Does ELB Support Persistent Connections?
- Does ELB Support FTP on Backend Servers?
- Can ELB Block DDoS Attacks and Secure Web Code?
- Is an EIP Assigned Exclusively to a Load Balancer?
- How Many Load Balancers and Listeners Can I Have?
- What Types of APIs Does ELB Provide? What Are Permissions of ELB?
- Can I Adjust the Number of Backend Servers When a Load Balancer is Running?
- Can Backend Servers Run Different OSs?
- Can I Configure Different Backend Ports for a Load Balancer?
- Are There Any Restrictions on the Frequency of Access from an IP Address?
- Can ELB Be Used Across Accounts or VPCs?
- Can Backend Servers Access the Ports of a Load Balancer?
- Can I Bind a Public IP Address Purchased from a Third-Party Cloud Provider to My Load Balancer?
- Can Both the Listener and Backend Server Group Use HTTPS?
- Can I Change the VPC and Subnet for My Load Balancer?
- Does ELB Support IPv6 Networks?
- Load Balancing Performance
-
Load Balancers
- What Is Quota?
- How Does ELB Distribute Traffic?
- How Can I Access a Load Balancer Across VPCs?
- How Can I Configure Load Balancing for Containerized Applications?
- Why Can't I Delete My Load Balancer?
- Do I Need to Configure Bandwidth for My Load Balancers?
- Can I Bind Multiple EIPs to a Load Balancer?
- Why Multiple IP Addresses Are Required When I Create or Enable a Load Balancer?
- Why Are Requests from the Same IP Address Routed to Different Backend Servers When the Load Balancing Algorithm Is Source IP Hash?
- Can Backend Servers Access the Internet Using the EIP of the Load Balancer?
- Will Traffic Routing Be Interrupted If the Load Balancing Algorithm Is Changed?
- What Is the Difference Between the Bandwidth Included in Each Specification of a Dedicated Load Balancer and the Bandwidth of an EIP?
- How Do I Combine ELB and WAF?
-
Listeners
- What Are the Relationships Between Load Balancing Algorithms and Sticky Session Types?
- Can I Bind Multiple Certificates to a Listener?
- Do HTTP and HTTP Listeners Support the X-Forwarded-Host Header?
- Will ELB Stop Distributing Traffic Immediately After a Listener Is Deleted?
- Does ELB Have Restrictions on the File Upload Speed and Size?
- Can Multiple Load Balancers Route Requests to One Backend Server?
- How Is WebSocket Used?
- What Are the Three Timeouts of a Listener and What Are the Default Durations?
- Why Can't I Select the Target Backend Server Group When Adding or Modifying a Listener?
- Why Cannot I Add a Listener to a Dedicated Load Balancer?
-
Backend Servers
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Different from What I Have Configured?
- Can Backend Servers Access the Internet After They Are Associated with a Load Balancer?
- Can ELB Distribute Traffic Across Servers That Are Not Provided by Huawei Cloud?
- Can ELB Route Traffic Across Regions?
- Does Each Backend Server Need an EIP to Receive Requests from a Public Network Load Balancer?
- How Do I Check the Network Conditions of a Backend Server?
- How Can I Check the Network Configuration of a Backend Server?
- How Do I Check the Status of a Backend Server?
- How Long Is the Timeout Duration of Connections Between a Load Balancer and Backend Servers?
- When Is a Backend Server Considered Healthy?
- How Do I Check Whether a Backend Server Can Be Accessed Through an EIP?
- Why Is the Number of Active Connections Monitored by Cloud Eye Different from the Number of Connections Established with the Backend Servers?
- Why Can I Access Backend Servers After a Whitelist Is Configured?
- When Will Modified Weights Take Effect?
- How Much Time Is Required for a Load Balancer to Disconnect from Backend Servers After The Servers Are Removed?
- Why Must the Subnet Where the Load Balancer Resides Have at Least 16 Available IP Addresses for Enabling IP as a Backend?
-
Health Checks
- How Do I Troubleshoot an Unhealthy Backend Server?
- Why Is the Interval at Which Backend Servers Receive Health Check Packets Different from the Configured Interval?
- How Does ELB Perform UDP Health Checks? What Are the Precautions for UDP Health Checks?
- Why Does ELB Frequently Send Requests to Backend Servers During Health Checks?
- When Does a Health Check Start?
- Do Maximum Retries Include Health Checks That Consider Backend Servers Unhealthy?
- What Do I Do If a Lot of Access Logs Are Generated During Health Checks?
- What Status Codes Will Be Returned If Backend Servers Are Identified as Healthy?
- Obtaining Source IP Addresses
-
HTTP/HTTPS Listeners
- Which Protocol Should I Select for the Backend Server Group When Adding an HTTPS Listener?
- Why Is There a Security Warning After a Certificate Is Configured?
- Why Is a Forwarding Policy in the Faulty State?
- Why Can't I Add a Forwarding Policy to a Listener?
- Why Cannot I Select an Existing Backend Server Group When Adding a Forwarding Policy?
- Sticky Sessions
- Certificates
- Monitoring
- Billing
- Videos
Adding, Modifying, or Deleting a Certificate
Scenarios
To enable authentication for securing data transmission over HTTPS, you can add certificates to your load balancers. You can also modify and delete certificates.
- SSL Certificate Manager (SCM) allows you to purchase a certificate from Huawei Cloud or upload your own certificates for easier management.
- A certificate can be bound to only one type of load balancer. Ensure that you have selected the correct type.
- If you want to use the same certificate in two regions, you need to create one certificate in each region.
Adding a Certificate
- Log in to the management console.
- In the upper left corner of the page, click
and select the desired region and project.
- Hover on
in the upper left corner to display Service List and choose Network > Elastic Load Balance.
- In the navigation pane on the left, choose Certificates.
- Click Add Certificate. In the Add Certificate dialog box, configure the parameters.
- Certificate Name
- Certificate Type
- Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
- CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
- Enterprise Project
- Certificate Content: The content must be in PEM format. This parameter is mandatory when Certificate Type is set to Server certificate or CA certificate.
Click Upload and select the certificate to be uploaded. Ensure that your browser is of the latest version.
The format of the certificate body is as follows:
-----BEGIN CERTIFICATE----- Base64–encoded certificate -----END CERTIFICATE-----
- Private Key: This parameter is mandatory when Certificate Type is set to Server certificate.
Click Upload and select the private key to be uploaded. Ensure that your browser is of the latest version.
The value must be an unencrypted private key. The private key must be in PEM format. The format is as follows:-----BEGIN PRIVATE KEY----- [key] -----END PRIVATE KEY-----
-
NOTE:
If there is a certificate chain, you need to configure the certificates in the following sequence: sub-certificate (server certificate), intermediate certificate, and root certificate. If the root certificate has been preset on the server and is not contained in the issued certificates, first configure the sub-certificate (server certificate) and then the intermediate certificate.
For example, if a CA issued a private key private.key and two certificates: a sub-certificate (server certificate) server.cer and an intermediate certificate mid.crt, paste the content of server.cer in the Certificate text box, press Enter, then paste the content of mid.crt in the Certificate text box, and paste the content of private.key in the Private Key text box to make the entire certificate chain take effect. The format of the certificate body in a certificate chain is as follows:
Certificate body-----BEGIN CERTIFICATE----- Content of the server certificate server.cer -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Content of the intermediate certificate mid.crt -----END CERTIFICATE-----
Private key-----BEGIN PRIVATE KEY----- Content of the private key private.key -----END PRIVATE KEY-----
- Domain Name
If the created certificate will be used for SNI, you need to specify a domain name for each certificate, and the domain name must be the same as that in the certificate.
- Description
- Click OK.
Modifying a Certificate
- Log in to the management console.
- In the upper left corner of the page, click
and select the desired region and project.
- Hover on
in the upper left corner to display Service List and choose Network > Elastic Load Balance.
- In the navigation pane on the left, choose Certificates.
- Locate the certificate and click Modify in the Operation column.
- Modify the parameters as required.
- Confirm the information and click OK.
Deleting a Certificate
Only certificates that are not in use can be deleted.
- Log in to the management console.
- In the upper left corner of the page, click
and select the desired region and project.
- Hover on
in the upper left corner to display Service List and choose Network > Elastic Load Balance.
- In the navigation pane on the left, choose Certificates.
- Locate the certificate and click Delete in the Operation column.
- Click Yes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.