Adding an HTTPS Listener
Scenarios
HTTPS listeners are best suited for applications that require encrypted transmission. Load balancers decrypt HTTPS requests before routing them to backend servers, which then send the processed requests back to load balancers for encryption before they are sent to clients.
Constraints
- Dedicated load balancers: If the listener protocol is HTTPS, the protocol of the backend server group can be HTTP or HTTPS.
- If you only select network load balancing (TCP/UDP) for your dedicated load balancer, you cannot add an HTTPS listener to this load balancer.
Adding an HTTPS Listener to a Dedicated Load Balancer
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
- Locate the load balancer and click its name.
- Under Listeners, click Add Listener. Configure the parameters based on Table 1.
Table 1 Parameters for configuring a listener Parameter
Description
Example Value
Name
Specifies the listener name.
listener-pnqy
Frontend Protocol
Specifies the protocol that will be used by the load balancer to receive requests from clients.
HTTPS
Frontend Port
Specifies the port that will be used by the load balancer to receive requests from clients.
The port number ranges from 1 to 65535.
80
SSL Authentication
Specifies whether how you want the clients and backend servers to be authenticated.
There are two options: One-way authentication or Mutual authentication.
- If only server authentication is required, select One-way authentication.
- If you want the clients and the load balancer to authenticate each other, select Mutual authentication. Only authenticated clients will be allowed to access the load balancer.
One-way authentication
Server Certificate
Specifies the certificate that will be used by the backend server to authenticate the client when HTTPS is used as the frontend protocol.
Both the certificate and private key are required.
For details, see Adding, Modifying, or Deleting a Certificate.
N/A
CA Certificate
Specifies the certificate that will be used by the backend server to authenticate the client when SSL Authentication is set to Mutual authentication.
A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
For details, see Adding, Modifying, or Deleting a Certificate.
N/A
Enable SNI
Specifies whether to enable SNI when HTTPS is used as the frontend protocol.
SNI is an extension to TLS and is used when a server uses multiple domain names and certificates.
This allows the client to submit the domain name information while sending an SSL handshake request. After the load balancer receives the request, the load balancer queries the corresponding certificate based on the domain name and returns it to the client. If no certificate is found, the load balancer will return the default certificate. For details, see SNI Certificate.
N/A
SNI Certificate
Specifies the certificate associated with the domain name when the frontend protocol is HTTPS and SNI is enabled.
Select an existing certificate or create one.
N/A
Access Control
Specifies how access to the listener is controlled. For details, see Access Control. The following options are available:
- All IP addresses
- Blacklist
- Whitelist
Whitelist
IP Address Group
Specifies the IP address group associated with a whitelist or blacklist. If there is no IP address group, create one first. For more information, see Creating an IP Address Group.
ipGroup-b2
Transfer Client IP Address
Specifies whether to transmit IP addresses of the clients to backend servers.
This function is enabled for dedicated load balancers by default and cannot be disabled.
Enabled
Advanced Settings
HTTP/2
Specifies whether you want to use HTTP/2 if you select HTTPS for Frontend Protocol. For details, see HTTP/2.
N/A
Transfer Load Balancer EIP
Specifies whether to store the EIP bound to the load balancer in the X-Forwarded-ELB-IP header field and pass this field to backend servers.
N/A
Idle Timeout
Specifies the length of time for a connection to keep alive, in seconds. If no request is received within this period, the load balancer closes the connection and establishes a new one with the client when the next request arrives.
The idle timeout duration ranges from 0 to 4000.
60
Request Timeout
Specifies the length of time (in seconds) after which the load balancer closes the connection if the load balancer does not receive a request from the client.
The request timeout duration ranges from 1 to 300.
60
Response Timeout
Specifies the length of time (in seconds) after which the load balancer sends a 504 Gateway Timeout error to the client if the load balancer receives no response from the backend server after routing a request to the backend server and receives no response after attempting to route the same request to other backend servers.
The request timeout duration ranges from 1 to 300.
NOTE:If you have enabled sticky sessions and the backend server does not respond within the response timeout duration, the load balancer returns 504 Gateway Timeout to the clients.
60
Description
Provides supplementary information about the listener.
You can enter a maximum of 255 characters.
N/A
- Click Next: Configure Request Routing Policy.
- You are advised to select an existing backend server group.
- You can also click Create new to create a backend server group and configure parameters as described in Table 2.
Table 2 Parameters for configuring a backend server group Parameter
Description
Example Value
Backend Server Group
Specifies a group of servers with the same features to receive requests from the load balancer. Two options are available:
- Create new
- Use existing
NOTE:
The backend protocol of the backend server group must match the frontend protocol. For example, if the frontend protocol is TCP, the backend protocol must be TCP.
Create new
Backend Server Group Name
Specifies the name of the backend server group.
server_group-sq4v
Backend Protocol
Specifies the protocol that will be used by backend servers to receive requests.
If the frontend protocol is HTTPS, the backend protocol can be HTTP, or HTTPS.
HTTP
Load Balancing Algorithm
Specifies the algorithm that will be used by the load balancer to distribute traffic. The following options are available:
- Weighted round robin: Requests are routed to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests.
- Weighted least connections: In addition to the number of active connections established with each backend server, each server is assigned a weight based on their processing capability. Requests are routed to the server with the lowest connections-to-weight ratio.
- Source IP hash: The source IP address of each request is calculated using the consistent hashing algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key is used to allocate the client to a particular server. This allows requests from different clients to be routed based on source IP addresses and ensures that a client is directed to the same server that it was using previously.
NOTE:- Choose an appropriate algorithm based on your requirements for better traffic distribution.
- For Weighted round robin or Weighted least connections, no requests will be routed to a server with a weight of 0.
Weighted round robin
Sticky Session
Specifies whether to enable sticky sessions. If you enable sticky sessions, all requests from a client during one session are sent to the same backend server.
This parameter is optional and can be enabled if you have selected Weighted round robin or Weighted least connections for Load Balancing Algorithm.
N/A
Sticky Session Type
Specifies the type of sticky sessions for HTTP and HTTPS listeners.
- Load balancer cookie: The load balancer generates a cookie after receiving a request from the client. All subsequent requests with the same cookie are then routed to the same backend server.
NOTE:Load balancer cookie
Stickiness Duration (min)
Specifies the minutes that sticky sessions are maintained. You can enable sticky sessions only if you select Weighted round robin for Load Balancing Algorithm.
- Stickiness duration at Layer 4: 1 to 60
- Stickiness duration at Layer 7: 1 to 1440
20
Slow Start
Specifies whether to enable slow start, which is disabled by default.
After you enable slow start, the load balancer linearly increases the proportion of requests to send to backend servers in this mode. When the slow start duration elapses, the load balancer sends full share of requests to backend servers and exits the slow start mode.
For details, see Slow Start (Dedicated Load Balancers).
N/A
Slow Start Duration
Specifies how long the slow start will last.
The duration ranges from 30 to 1200, in seconds, and the default value is 30.
30
Description
Provides supplementary information about the backend server group.
You can enter a maximum of 255 characters.
N/A
- Click Next: Add Backend Server. Add backend servers and configure health check for the backend server group. For details about how to add backend servers, see Overview. For the parameters required for configuring a health check, see Table 3.
Table 3 Parameters for configuring a health check Parameter
Description
Example Value
Health Check
Specifies whether to enable health checks.
If the health check is enabled, click next to Advanced Settings to set health check parameters.
N/A
Health Check Protocol
Specifies the protocol that will be used by the load balancer to check the health of backend servers.
If the backend protocol is HTTP or HTTPS, the health check protocol can be TCP, HTTP, or HTTPS.
HTTP
Domain Name
Specifies the domain name that will be used for health checks. This parameter is mandatory if the health check protocol is HTTP or HTTPS.
- You can use the private IP address of the backend server as the domain name.
- You can also specify a domain name that consists of at least two labels separated by periods (.). Use only letters, digits, and hyphens (-). Do not start or end strings with a hyphen. Max total: 100 characters. Max label: 63 characters.
www.elb.com
Health Check Port
Specifies the port that will be used by the load balancer to check the health of backend servers. The port number ranges from 1 to 65535.
NOTE:By default, the service port on each backend server is used. You can also specify a port for health checks.
80
Path
Specifies the health check URL, which is the destination on backend servers for health checks. This parameter is mandatory if the health check protocol is HTTP or HTTPS. The path can contain 1 to 80 characters and must start with a slash (/).
/index.html
Interval (s)
Specifies the interval for sending health check requests, in seconds.
The interval ranges from 1 to 50.
5
Timeout (s)
Specifies the maximum time required for waiting for a response from the health check, in seconds. The timeout duration ranges from 1 to 50.
3
Maximum Retries
Specifies the maximum number of health check retries. The value ranges from 1 to 10.
3
- Click Next: Confirm.
- Confirm the configuration and click Submit.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot