This topic describes how to create an Internet-facing Application Load Balancer (ALB) instance and how to configure a listener for the ALB instance. After you create an ALB instance, the system automatically allocates an IP address to the ALB instance. The ALB instance uses the IP address to receive requests from the Internet.

Prerequisites

At least one Elastic Compute Service (ECS) instance is running in each zone. The ECS instances are added to a security group that allows access to port 80 or port 443 over HTTP or HTTPS.

Step 1: Create an ALB instance

To create an ALB instance, perform the following steps:

  1. Log on to the SLB console.
  2. In the left-side navigation pane, choose ALB > Instances.
  3. On the Instances page, click Create ALB Instance.
  4. On the ALB (Pay-As-You-Go) International Site page, set the following parameters.
    Parameter Description
    Region

    Select the region where you want to deploy the ALB instance.

    Note Make sure that the ALB instance and the ECS instances that serve as backend servers are deployed in the same region.
    VPC Select the VPC where you want to deploy the ALB instance.
    Zone Select zones from the specified region.
    Note You can select more than one zone for the ALB instance. To ensure the high availability of your workloads, select at least two zones.
    IP Mode Select an IP type for the ALB instance. Valid values: Static IP and Dynamic IP.
    • Static IP: Only one IP address is available in each zone. The IP address cannot be changed. ALB instances that use static IP addresses support up to 100,000 queries per second (QPS).
    • Dynamic IP: One or more IP addresses are available in each zone. The number of IP addresses that the ALB instance uses automatically increases along with your workloads.
    Edition Select an edition. Valid values: Basic and Standard. Basic is selected in this example.
    Note For more information about the differences in features between basic ALB instances and standard ALB instances, see Features and limits of different editions.
    Network Type You can create an Internet-facing ALB instance or an internal-facing ALB instance based on your business requirements. The system allocates a public or private IP address to the ALB instance based on the specified instance type. Public-facing is selected in this example.
    • Public-facing: If you create an Internet-facing ALB instance, a public IP address is allocated to the ALB instance. You can access the ALB instance over the Internet.
      Note Internet-facing ALB instances use elastic IP addresses (EIPs) to communicate with the Internet. When you use Internet-facing ALB instances, you are charged for the EIPs, the data transfer of the EIPs, and the bandwidth usage of the EIPs. For more information, see Overview.
    • Internal: If you create an internal-facing ALB instance, a private IP address of Alibaba Cloud is allocated to the ALB instance. You must access the ALB instance through Alibaba Cloud networks.
    Internet Charge Type Select a billing method for the ALB instance. Valid values: By traffic and By bandwidth. By traffic is selected in this example.
    Note This parameter takes effect only when Network Type is set to Public-facing.
    Instance Name Enter a name for the ALB instance.

    The name must be 1 to 80 characters in length, and can contain letters, digits, forward slashes (/), periods (.), hyphens (-), and underscores (_). It must start with a letter.

    Resource Group Select the resource group to which the ALB instance belongs. The default resource group is selected in this example.
  5. Click Buy Now.
  6. On the Confirm Order page, select I have read and agree to ALB (Pay-As-You-Go) International Site Agreement of Service, and click Activate Now.

Step 2: Create a listener

To create a listener for the ALB instance, perform the following steps:

  1. On the Instances page, find the ALB instance that you want to manage and click Create Listener in the Actions column.
  2. On the Configure Listener wizard page in the Configure Server Load Balancer wizard, set the following parameters.
    Parameter Description
    Listener Protocol Select a protocol for the listener.

    HTTPS is selected in this example.

    Listener Port Enter the port on which the ALB instance listens. The ALB instance uses the port to receive requests and forward the requests to backend servers. In most cases, port 80 is used for HTTP and port 443 is used for HTTPS.

    Valid values: 1 to 65535.

    Note The ports on which an ALB instance listens must be unique.
    Listener Name Enter a name for the listener. The name must be 1 to 80 characters in length, and can contain letters, digits, hyphens (-), forward slashes (/), periods (.),and underscores (_).
    Advanced Settings
    Enable HTTP/2 Select whether to enable HTTP/2 for the frontend protocol that the ALB instance uses.
    Idle Connection Timeout Period Specify the timeout period of idle connections. Unit: seconds. Valid values: 1 to 60.

    If no request is received within the specified timeout period, ALB closes the connection. ALB recreates the connection when a new connection request is received.

    This feature is available in all regions.
    Note This feature is unavailable for HTTP/2 requests.
    Connection Request Timeout Period Specify the request timeout period. Unit: seconds. Valid values: 1 to 180.

    If no response is received from the backend server within the request timeout period, ALB returns an HTTP 504 error to the client.

    This feature is available in all regions.

    Gzip Compression Specify whether to enable Gzip compression for a specified file type.

    Gzip supports the following file types: text/xml, text/plain, text/css, application/javascript, application/x-javascript, application/rss+xml, application/atom+xml, and application/xml.

    Add HTTP Header Fields You can add the following HTTP header fields:
    • X-Forwarded-For: Add the header field to retrieve the real IP address of clients.
    • SLB-ID: Add the header field to retrieve the ID of the ALB instance.
    • X-Forwarded-Proto: Add the header field to retrieve the listener protocol used by the ALB instance.
    • X-Forwarded-Clientcert-subjectdn: Add the header field to retrieve information about the owner of the client certificate.
    • X-Forwarded-Clientcert-issuerdn: Add the header field to retrieve information about the authority that issues the client certificate.
    • X-Forwarded-Clientcert-fingerprint: Add the header field to retrieve the fingerprint of the client certificate.
    • X-Forwarded-Clientcert-clientverify: Add the header field to retrieve the verification result of the client certificate.
    • X-Forwarded-Port: Add the header field to retrieve the ports on which the ALB instance listens.
    • X-Forwarded-Client-Port: Add the header field to retrieve the port over which a client communicates with the ALB instance.
    QUIC Update Select whether to enable the QUIC update feature.
    Associate QUIC Listener Select a QUIC listener and associate it with the ALB instance.
    Note This parameter takes effect only when the QUIC update feature is enabled.
  3. Click Next.

Step 3: Configure an SSL certificate

To configure an SSL certificate for the HTTPS listener, perform the following steps:

  1. On the Configure SSL Certificate wizard page in the Configure Server Load Balancer wizard, set the following parameters.
    SSL certificate configuration Description
    Server Certificate Select a server certificate.
    Advanced Settings
    TLS security policy Select a TLS security policy.

    A TLS security policy contains TLS protocol versions and cipher suites that are available for HTTPS.

  2. Click Next.

Step 4: Select a server group

To select a server group for the HTTPS listener, perform the following steps:

  1. On the Select Server Group wizard page in the Configure Server Load Balancer wizard, select a server group. The server group is used to process requests that are received by the ALB instance.
  2. Click Next.

Step 5: Review the configuration

To review the configuration of the HTTPS listener, perform the following steps:

  1. On the Select Server Group wizard page in the Configure Server Load Balancer wizard, confirm the configuration of the HTTPS listener and click Submit.
  2. Click OK.
  3. Return to the Instances page and click the Refresh icon.

    If the health check result of the ALB instance is Active, the backend ECS instances are ready to handle requests distributed by the ALB instance.