Creates an HTTPS listener.

Considerations

Newly created listeners are in the stopped state. After a listener is created, you must call the StartLoadBalancerListener operation to start the listener. This way, the listener can forward network traffic.

Prerequisites

A Classic Load Balancer (CLB) instance is created. For more information, see CreateLoadBalancer.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateLoadBalancerHTTPSListener

The operation that you want to perform.

Set the value to CreateLoadBalancerHTTPSListener.

Bandwidth Integer Yes -1

The maximum bandwidth of the listener. Unit: Mbit/s.

Valid values: -1 and 1 to 5120.

  • -1: For a pay-by-data-transfer Internet-facing CLB instance, you can set the value to -1, which specifies that the maximum bandwidth is unlimited.
  • 1 to 5120: For a pay-by-bandwidth Internet-facing CLB instance, you can specify a maximum bandwidth value for each listener. The sum of maximum bandwidth values that you set for all listeners cannot exceed the maximum bandwidth value of the CLB instance.
HealthCheck String Yes on

Specifies whether to enable health checks. Valid values:

  • on: yes
  • off: no
ListenerPort Integer Yes 80

The frontend port that is used by the CLB instance.

Valid values: 1 to 65535.

LoadBalancerId String Yes lb-bp1o94dp5i6earr****

The ID of the CLB instance.

ServerCertificateId String Yes idkp-123-cn-test-****

The ID of the server certificate.

StickySession String Yes on

Specifies whether to enable session persistence. Valid values:

  • on: yes
  • off: no
RegionId String Yes cn-hangzhou

The region ID of the CLB instance.

You can query region IDs from the Regions and zones list or by calling the DescribeRegions operation.

BackendServerPort Integer No 80

The backend port that is used by the CLB instance. Valid values: 1 to 65535.

If the VServerGroupId parameter is not set, this parameter is required.

XForwardedFor String No on

Specifies whether to use the X-Forwarded-For header to obtain the real IP address of the client. Valid values:

  • on (default): yes
  • off: no
Scheduler String No wrr

The scheduling algorithm. Valid values:

  • wrr (default): Backend servers with higher weights receive more requests than backend servers with lower weights.
  • rr: Requests are sequentially distributed to backend servers.
StickySessionType String No insert

The method that is used to handle a cookie. This parameter is required when the StickySession parameter is set to on.

Valid values: insert and server.

  • insert: inserts a cookie.

    CLB inserts a cookie (SERVERID) into the first HTTP or HTTPS response packet that is sent to a client. The next request from the client will contain this cookie, and the listener will distribute this request to the recorded backend server.

  • server: rewrites a cookie.

    When CLB detects a user-defined cookie, it overwrites the original cookie with the user-defined cookie. The next request from the client will contain the user-defined cookie, and the listener will distribute the request to the recorded backend server.

CookieTimeout Integer No 500

The timeout period of the cookie. Unit: seconds.

Valid values: 1 to 86400.

Note If StickySession is set to on and StickySessionType is set to insert, this parameter is required.
Cookie String No B490B5EBF6F3CD402E515D22BCDA****

The cookie that is configured on the server.

The cookie must be 1 to 200 characters in length and can contain only ASCII letters and digits. It cannot contain commas (,), semicolons (;), or spaces. It cannot start with a dollar sign ($).

Note If StickySession is set to on and StickySessionType is set to insert, this parameter is required.
HealthCheckMethod String No get

The health check method used in HTTP health checks. Valid values: head and get.

Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckDomain String No 172.XX.XX.16

The domain name used for health checks. Valid values:

  • $_ip: the private IP address of a backend server. If you do not set this parameter or set the parameter to $_ip, CLB uses the private IP address of each backend server as the domain name for health checks.
  • domain: The domain name must be 1 to 80 characters in length, and can contain letters, digits, periods (.), and hyphens (-). The domain name must start with a letter.
Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckURI String No /test/index.html

The uniform resource identifier (URI) that is used for health checks.

The URI must be 1 to 80 characters in length, and can contain letters, digits, and the following special characters: - / . %? # &. The URI must start with a forward slash (/), but cannot be a single forward slash (/).

Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthyThreshold Integer No 4

The number of consecutive health check successes before a backend server is declared healthy (from fail to success).

Valid values: 2 to 10.

Note This parameter takes effect only if the HealthCheck parameter is set to on.
UnhealthyThreshold Integer No 4

The number of consecutive health check failures before a backend server is declared unhealthy (from success to fail).

Valid values: 2 to 10.

Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckTimeout Integer No 3

The timeout period of a health check response. If a backend Elastic Compute Service (ECS) instance does not send an expected response within the specified period of time, the ECS instance is considered unhealthy. Unit: seconds.

Valid values: 1 to 300.

Note
  • If the value of HealthCheckTimeout is smaller than that of HealthCheckInterval, the value of HealthCheckTimeout is ignored and the value of HealthCheckInterval is regarded as the timeout period.
    • This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckConnectPort Integer No 8080

The port that is used for health checks.

Valid values: 1 to 65535.

Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckInterval Integer No 5

The time interval between two consecutive health checks. Unit: seconds.

Valid values: 1 to 50.

Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckHttpCode String No http_2xx,http_3xx

The HTTP status code that indicates a successful health check. Separate multiple HTTP status codes with commas (,). Default value: http_2xx.

Valid values: http_2xx, http_3xx, http_4xx, and http_5xx.

Note This parameter takes effect only if the HealthCheck parameter is set to on.
VServerGroupId String No rsp-cige6j5e7p****

The ID of the vServer group.

CACertificateId String No 139a00604ad-cn-east-hangzh****

The ID of the certificate authority (CA) certificate.

If both the CA certificate and the server certificate are uploaded, two-factor authentication is used.

If you upload only the server certificate, single-factor authentication is used.

XForwardedFor_SLBIP String No on

Specifies whether to use the SLB-IP header to obtain the virtual IP address of the client. Valid values:

  • on: yes
  • off (default): no
XForwardedFor_SLBID String No on

Specifies whether to use the SLB-ID header to obtain the ID of the CLB instance. Valid values:

  • on: yes
  • off (default): no
XForwardedFor_proto String No on

Specifies whether to use the X-Forwarded-Proto header to obtain the listener protocol of the CLB instance. Valid values:

  • on: yes
  • off (default): no
Gzip String No on

Specifies whether to enable gzip compression to compress specific types of files. Valid values:

  • on (default): yes
  • off: no
AclId String No nacl-a2do9e413e0spzasx****

The ID of the access control list (ACL) to be associated with the listener.

Note If AclStatus is set to on, this parameter is required.
AclType String No white

The type of the ACL. Valid values:

  • white: specifies the ACL a whitelist. Only requests from the IP addresses or CIDR blocks in the ACL are forwarded. Whitelists apply to scenarios where you want to allow only specific IP addresses to access an application. Risks may arise if you specify an ACL as a whitelist. After a whitelist is configured, only IP addresses in the whitelist can access the CLB listener.

    If you enable a whitelist but the whitelist does not contain an IP address, the listener forwards all requests.

  • black: specifies the ACL as a blacklist. All requests from the IP addresses or CIDR blocks in the ACL are rejected. Blacklists apply to scenarios where you want to block access from specified IP addresses to an application.

    If you enable a blacklist but the blacklist does not contain an IP address, the listener forwards all requests.

Note If AclStatus is set to on, this parameter is required.
AclStatus String No off

Specifies whether to enable the access control feature. Default value: off. Valid values:

  • on: yes
  • off (default): no
Description String No CreateListeners

The description of the listener.

The description must be 1 to 80 characters in length and can contain letters, digits, hyphens (-), forward slashes (/), periods (.), and underscores (_).

IdleTimeout Integer No 12

The timeout period of an idle connection. Unit: seconds. Valid values: 1 to 60. Default value: 15. Unit: seconds.

If no request is received within the specified timeout period, CLB closes the current connection. When another request is received, CLB establishes a new connection.

RequestTimeout Integer No 23

The timeout period of a request. Unit: seconds. Valid values: 1 to 180. Default value: 60. Unit: seconds.

If no response is received from the backend server during the request timeout period, CLB sends an HTTP 504 error code to the client.

EnableHttp2 String No off

Specifies whether to support HTTP/2. Valid values:

  • on (default): yes
  • off: no
TLSCipherPolicy String No tls_cipher_policy_1_1

The TLS security policy. A TLS security policy contains TLS protocol versions and cipher suites that are available for HTTPS.

  • tls_cipher_policy_1_0:

Supported TLS versions: TLS 1.0, TLS 1.1, and TLS 1.2

Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA

  • tls_cipher_policy_1_1:

Supported TLS versions: TLS 1.1 and TLS 1.2

Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA

  • tls_cipher_policy_1_2

Supported TLS version: TLS 1.2

Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA

  • tls_cipher_policy_1_2_strict

Supported TLS version: TLS 1.2

Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA

  • tls_cipher_policy_1_2_strict_with_1_3

    Supported TLS versions: TLS 1.2 and TLS 1.3

    TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA

Response parameters

Parameter Type Example Description
RequestId String CEF72CEB-54B6-4AE8-B225-F876FF7BA984

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateLoadBalancerHTTPSListener
&Bandwidth=-1
&HealthCheck=on
&ListenerPort=80
&LoadBalancerId=lb-bp1o94dp5i6earr****
&ServerCertificateId=idkp-123-cn-test-****
&StickySession=on
&<Common request parameters>

Sample success responses

XML format

<CreateLoadBalancerHTTPSListenerResponse>
      <RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
</CreateLoadBalancerHTTPSListenerResponse>

JSON format

{"RequestId":" CEF72CEB-54B6-4AE8-B225-F876FF7BA984"
        }

Error codes

HttpCode Error code Error message Description
400 LbNotSupportTcpssl You cannot create a TCP SSL type listener for the specified load balancer. The error message returned because the specified instance does not allow you to create TCP SSL listeners.
400 LbSupportTcpsslOnly The specified load balancer supports TCP SSL type listener only. The error message returned because the specified instance allows you to create only TCP SSL listeners.
400 ListenerNotSupportRule You cannot create a rule for the specified listener. The error message returned because the specified listener does not allow you to create forwarding rules.
400 Mismatch.SlbSpecTypeAndListenerProtocol The SlbSpecType and ListenerProtocol are mismatched. The error message returned because the specified instance type and listener type do not match.

For a list of error codes, visit the API Error Center.