ALIYUN::SLB::Listener is used to create a listener for an SLB instance.
Syntax
{
"Type": "ALIYUN::SLB::Listener",
"Properties": {
"MasterSlaveServerGroupId": String,
"AclStatus": String,
"Protocol": String,
"AclId": String,
"ServerCertificateId": String,
"HealthCheck": Map,
"RequestTimeout": Integer,
"IdleTimeout": Integer,
"ListenerPort": Integer,
"HttpConfig": Map,
"Bandwidth": Integer,
"AclType": String,
"BackendServerPort": Integer,
"Scheduler": String,
"LoadBalancerId": String,
"CACertificateId": String,
"Persistence": Map,
"VServerGroupId": String
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
MasterSlaveServerGroupId | String | No | No | The ID of the primary/secondary server group. | None |
AclStatus | String | No | No | Specifies whether to enable access control on the listener. | Default value: on. Valid values:
|
AclId | String | No | No | The ID of the access control list (ACL) to which the listener is bound. | This parameter is required when the AclStatus parameter is set to on. |
AclType | String | No | No | The type of the ACL. | Valid values:
|
Protocol | String | Yes | No | The Internet protocol over which the listener forwards requests. | Valid values:
|
ListenerPort | Integer | Yes | No | The frontend port that is used by the SLB instance. | Valid values: 1 to 65535. |
Bandwidth | Integer | Yes | No | The peak bandwidth of the listener. | Valid values: The parameter value can be -1 or an integer in the range of 1 to 1,000.
Unit: Mbit/s.
|
BackendServerPort | Integer | Yes | No | The backend port that is used by the SLB instance. | Valid values: 1 to 65535. |
LoadBalancerId | String | Yes | No | The ID of the SLB instance. | None |
HealthCheck | Map | No | No | The health check settings of the listener. | For more information, see HealthCheck properties. |
Persistence | Map | No | Yes | The persistence properties. | For more information, see Persistence properties. |
Scheduler | String | No | No | The scheduling algorithm. | Default value: wrr. Valid values:
|
CACertificateId | String | No | No | The ID of the CA certificate. | This parameter takes effect only when the Protocol parameter is set to https. |
ServerCertificateId | String | No | No | The ID of the server certificate. | This parameter is required and valid only when the Protocol parameter is set to https. |
VServerGroupId | String | No | No | The ID of the VServer group. | None |
RequestTimeout | Integer | No | No | The request timeout period. | Valid values: 1 to 180.
Unit: seconds. |
IdleTimeout | Integer | No | No | The idle connection timeout period. | Valid values: 1 to 60.
Unit: seconds. |
HttpConfig | Map | No | No | The HTTP configurations. | For more information, see HttpConfig properties. |
HealthCheck syntax
"HealthCheck": {
"Domain": String,
"Interval": Integer,
"URI": String,
"HttpCode": String,
"HealthyThreshold": Integer,
"Timeout": Integer,
"UnhealthyThreshold": Integer,
"Port": Integer
}
HealthCheck properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Domain | String | No | No | The domain name that is used for health checks. | Valid values:
Note When this parameter is set to $_ip or left empty, the SLB instance uses the private
IP addresses of backend servers as the domain names for health checks.
|
Interval | Integer | No | No | The time interval between consecutive health checks. | Valid values: 1 to 5.
Unit: seconds. |
URI | String | No | No | The URI that is used for health checks. | The URI must be 1 to 80 characters in length and can contain letters, digits, hyphens (-), forward slashes (/), periods (.), percent signs (%), question marks (?), number signs (#), and ampersands (&). It must start with a forward slash (/). |
HttpCode | String | No | No | The HTTP status code that indicates the health check is successful. | Default value: http_2xx. Valid values:
Separate multiple HTTP status codes with commas (,). |
HealthyThreshold | Integer | No | No | The threshold that is used to determine that the backend servers are healthy. This value indicates the number of consecutive successful health checks required before the health status of a backend server can be changed from fail to success. | Valid values: 1 to 10. |
Timeout | Integer | No | No | The maximum amount of time to wait for a health check response. |
Valid values: 1 to 50. Unit: seconds. Notice This parameter takes effect only when its value is greater than or equal to that of
the Interval parameter. Otherwise, this parameter is overridden by the Interval value.
|
UnhealthyThreshold | Integer | No | No | The threshold that is used to determine that the backend servers are unhealthy. This value indicates the number of consecutive failed health checks required before the health status of a backend server can be changed from success to fail. | Valid values: 1 to 10. |
Port | Integer | No | No | The port used for health checks. | Valid values: 0 to 65535. |
Persistence syntax
"Persistence": {
"PersistenceTimeout": Integer,
"CookieTimeout": Integer,
"XForwardedFor": String,
"XForwardedFor_SLBID": String,
"XForwardedFor_proto": String,
"XForwardedFor_SLBIP": String,
"Cookie": String,
"StickySession": String,
"StickySessionType": String
}
Persistence properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
StickySession | String | No | Yes | Specifies whether to enable session persistence. | Valid values:
|
PersistenceTimeout | Integer | No | Yes | The maximum amount of time to wait for session persistence. | Valid values: 0 to 1000.
Default value: 0. A value of 0 indicates that connection persistence is disabled. Unit: seconds. |
CookieTimeout | Integer | No | Yes | The maximum amount of time to wait before the session cookie expires. |
Valid values: 1 to 86400. Unit: seconds. Note This parameter is required when the StickySession parameter is set to on and the StickySessionType
parameter is set to insert.
|
XForwardedFor | String | No | Yes | Specifies whether to use the X-Forwarded-For header field to obtain the real IP address of a client. | Set the value to on. |
XForwardedFor_proto | String | No | Yes | Specifies whether to use the X-Forwarded-Proto header field to obtain the listener protocol of the SLB instance. | Default value: off. Valid values:
|
XForwardedFor_SLBID | String | No | Yes | Specifies whether to use the SLB-ID header field to obtain the ID of the SLB instance. | Default value: off. Valid values:
|
XForwardedFor_SLBIP | String | No | Yes | Specifies whether to use the SLB-IP header field to obtain the real IP address of a client. | Default value: off. Valid values:
|
Cookie | String | No | Yes | The cookie to be configured on the backend server. | The cookie must be 1 to 200 characters in length. It cannot start with a dollar sign
($). It can contain letters and digits. It cannot contain commas (,), semicolons (;),
or spaces.
Note This parameter is required when the StickySession parameter is set to on and the StickySessionType
parameter is set to server.
|
StickySessionType | String | No | Yes | The method used to handle a cookie. | Valid values:
Note This parameter is required when the StickySession parameter is set to on.
|
HttpConfig syntax
"HttpConfig": {
"ForwardPort": Integer,
"ListenerForward": String
}
HttpConfig properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
ForwardPort | Integer | No | No | The port that is used to redirect HTTP requests to HTTPS. | Valid values: 1 to 65535.
Default value: 443. |
ListenerForward | String | No | No | Specifies whether to enable redirection from HTTP to HTTPS. | Default value: off. Valid values:
|
Response parameters
Fn::GetAtt
- LoadBalancerId: the unique ID of the SLB instance.
- ListenerPortsAndProtocol: an array that consists of the ports and protocols used by the SLB listener.
Examples
JSON
format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"RequestTimeout": {
"Type": "Number",
"Description": "Specify the request timeout in seconds. Valid value: 1-180 If no response is received from the backend server during the specified timeout period, Server Load Balancer will stop waiting and send an HTTP 504 error to the client.",
"MinValue": 1,
"MaxValue": 180
},
"ListenerPort": {
"Type": "Number",
"Description": "Port for front listener. Range from 1 to 65535.",
"MinValue": 1,
"MaxValue": 65535
},
"VServerGroupId": {
"Type": "String",
"Description": "The id of the VServerGroup which use in listener."
},
"CACertificateId": {
"Type": "String",
"Description": "CA server certificate id, for https listener only."
},
"Scheduler": {
"Type": "String",
"Description": "The scheduler algorithm. Support 'wrr' or 'wlc' only, default is 'wrr'",
"AllowedValues": [
"wrr",
"wlc"
],
"Default": "wrr"
},
"AclId": {
"Type": "String",
"Description": "The ID of the access control list associated with the listener to be created.\nIf the value of the AclStatus parameter is on, this parameter is required."
},
"HealthCheck": {
"Type": "Json",
"Description": "The properties of health checking setting."
},
"IdleTimeout": {
"Type": "Number",
"Description": "Specify the idle connection timeout in seconds. Valid value: 1-60 If no request is received during the specified timeout period, Server Load Balancer will temporarily terminate the connection and restart the connection when the next request comes.",
"MinValue": 1,
"MaxValue": 60
},
"LoadBalancerId": {
"Type": "String",
"Description": "The id of load balancer to create listener."
},
"BackendServerPort": {
"Type": "Number",
"Description": "Backend server can listen on ports from 1 to 65535.",
"MinValue": 1,
"MaxValue": 65535
},
"Persistence": {
"Type": "Json",
"Description": "The properties of persistence."
},
"AclStatus": {
"Type": "String",
"Description": "Indicates whether to enable access control.\nValid values: on | off. Default value: off",
"AllowedValues": [
"on",
"off"
],
"Default": "off"
},
"Bandwidth": {
"Type": "Number",
"Description": "The bandwidth of network, unit in Mbps(Million bits per second). If the specified load balancer with \"LOAD_BALANCE_ID\" is charged by \"paybybandwidth\" and is created in classic network, each Listener's bandwidth must be greater than 0 and the sum of all of its Listeners' bandwidth can't be greater than the bandwidth of the load balancer.",
"MinValue": -1,
"MaxValue": 1000
},
"MasterSlaveServerGroupId": {
"Type": "String",
"Description": "The id of the MasterSlaveServerGroup which use in listener."
},
"ServerCertificateId": {
"Type": "String",
"Description": "Server certificate id, for https listener only, this properties is required."
},
"HttpConfig": {
"Type": "Json",
"Description": "Config for http protocol."
},
"AclType": {
"Type": "String",
"Description": "The access control type:\n* white: Indicates a whitelist. Only requests from IP addresses or CIDR blocks in the selected access control lists are forwarded. This applies to scenarios in which an application only allows access from specific IP addresses.\nEnabling a whitelist poses some risks to your services.\nAfter a whitelist is enabled, only the IP addresses in the list can access the listener.\nIf you enable a whitelist without adding any IP addresses in the list, no requests are forwarded.\n* black: Indicates a blacklist. Requests from IP addresses or CIDR blocks in the selected access control lists are not forwarded (that is, they are blocked). This applies to scenarios in which an application only denies access from specific IP addresses.\nIf you enable a blacklist without adding any IP addresses in the list, all requests are forwarded.\n\nIf the value of the AclStatus parameter is on, this parameter is required.",
"AllowedValues": [
"white",
"black"
]
},
"Protocol": {
"Type": "String",
"Description": "The load balancer transport protocol to use for routing: http, https, tcp, or udp.",
"AllowedValues": [
"http",
"https",
"tcp",
"udp"
]
}
},
"Resources": {
"Listener": {
"Type": "ALIYUN::SLB::Listener",
"Properties": {
"RequestTimeout": {
"Ref": "RequestTimeout"
},
"ListenerPort": {
"Ref": "ListenerPort"
},
"VServerGroupId": {
"Ref": "VServerGroupId"
},
"CACertificateId": {
"Ref": "CACertificateId"
},
"Scheduler": {
"Ref": "Scheduler"
},
"AclId": {
"Ref": "AclId"
},
"HealthCheck": {
"Ref": "HealthCheck"
},
"IdleTimeout": {
"Ref": "IdleTimeout"
},
"LoadBalancerId": {
"Ref": "LoadBalancerId"
},
"BackendServerPort": {
"Ref": "BackendServerPort"
},
"Persistence": {
"Ref": "Persistence"
},
"AclStatus": {
"Ref": "AclStatus"
},
"Bandwidth": {
"Ref": "Bandwidth"
},
"MasterSlaveServerGroupId": {
"Ref": "MasterSlaveServerGroupId"
},
"ServerCertificateId": {
"Ref": "ServerCertificateId"
},
"HttpConfig": {
"Ref": "HttpConfig"
},
"AclType": {
"Ref": "AclType"
},
"Protocol": {
"Ref": "Protocol"
}
}
}
},
"Outputs": {
"ListenerPortsAndProtocol": {
"Description": "The collection of listener.",
"Value": {
"Fn::GetAtt": [
"Listener",
"ListenerPortsAndProtocol"
]
}
},
"LoadBalancerId": {
"Description": "The id of load balancer",
"Value": {
"Fn::GetAtt": [
"Listener",
"LoadBalancerId"
]
}
}
}
}
YAML
format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
RequestTimeout:
Type: Number
Description: >-
Specify the request timeout in seconds. Valid value: 1-180 If no response
is received from the backend server during the specified timeout period,
Server Load Balancer will stop waiting and send an HTTP 504 error to the
client.
MinValue: 1
MaxValue: 180
ListenerPort:
Type: Number
Description: Port for front listener. Range from 1 to 65535.
MinValue: 1
MaxValue: 65535
VServerGroupId:
Type: String
Description: The id of the VServerGroup which use in listener.
CACertificateId:
Type: String
Description: 'CA server certificate id, for https listener only.'
Scheduler:
Type: String
Description: 'The scheduler algorithm. Support ''wrr'' or ''wlc'' only, default is ''wrr'''
AllowedValues:
- wrr
- wlc
Default: wrr
AclId:
Type: String
Description: >-
The ID of the access control list associated with the listener to be
created.
If the value of the AclStatus parameter is on, this parameter is required.
HealthCheck:
Type: Json
Description: The properties of health checking setting.
IdleTimeout:
Type: Number
Description: >-
Specify the idle connection timeout in seconds. Valid value: 1-60 If no
request is received during the specified timeout period, Server Load
Balancer will temporarily terminate the connection and restart the
connection when the next request comes.
MinValue: 1
MaxValue: 60
LoadBalancerId:
Type: String
Description: The id of load balancer to create listener.
BackendServerPort:
Type: Number
Description: Backend server can listen on ports from 1 to 65535.
MinValue: 1
MaxValue: 65535
Persistence:
Type: Json
Description: The properties of persistence.
AclStatus:
Type: String
Description: |-
Indicates whether to enable access control.
Valid values: on | off. Default value: off
AllowedValues:
- 'on'
- 'off'
Default: 'off'
Bandwidth:
Type: Number
Description: >-
The bandwidth of network, unit in Mbps(Million bits per second). If the
specified load balancer with "LOAD_BALANCE_ID" is charged by
"paybybandwidth" and is created in classic network, each Listener's
bandwidth must be greater than 0 and the sum of all of its Listeners'
bandwidth can't be greater than the bandwidth of the load balancer.
MinValue: -1
MaxValue: 1000
MasterSlaveServerGroupId:
Type: String
Description: The id of the MasterSlaveServerGroup which use in listener.
ServerCertificateId:
Type: String
Description: >-
Server certificate id, for https listener only, this properties is
required.
HttpConfig:
Type: Json
Description: Config for http protocol.
AclType:
Type: String
Description: >-
The access control type:
* white: Indicates a whitelist. Only requests from IP addresses or CIDR
blocks in the selected access control lists are forwarded. This applies to
scenarios in which an application only allows access from specific IP
addresses.
Enabling a whitelist poses some risks to your services.
After a whitelist is enabled, only the IP addresses in the list can access
the listener.
If you enable a whitelist without adding any IP addresses in the list, no
requests are forwarded.
* black: Indicates a blacklist. Requests from IP addresses or CIDR blocks
in the selected access control lists are not forwarded (that is, they are
blocked). This applies to scenarios in which an application only denies
access from specific IP addresses.
If you enable a blacklist without adding any IP addresses in the list, all
requests are forwarded.
If the value of the AclStatus parameter is on, this parameter is required.
AllowedValues:
- white
- black
Protocol:
Type: String
Description: >-
The load balancer transport protocol to use for routing: http, https, tcp,
or udp.
AllowedValues:
- http
- https
- tcp
- udp
Resources:
Listener:
Type: 'ALIYUN::SLB::Listener'
Properties:
RequestTimeout:
Ref: RequestTimeout
ListenerPort:
Ref: ListenerPort
VServerGroupId:
Ref: VServerGroupId
CACertificateId:
Ref: CACertificateId
Scheduler:
Ref: Scheduler
AclId:
Ref: AclId
HealthCheck:
Ref: HealthCheck
IdleTimeout:
Ref: IdleTimeout
LoadBalancerId:
Ref: LoadBalancerId
BackendServerPort:
Ref: BackendServerPort
Persistence:
Ref: Persistence
AclStatus:
Ref: AclStatus
Bandwidth:
Ref: Bandwidth
MasterSlaveServerGroupId:
Ref: MasterSlaveServerGroupId
ServerCertificateId:
Ref: ServerCertificateId
HttpConfig:
Ref: HttpConfig
AclType:
Ref: AclType
Protocol:
Ref: Protocol
Outputs:
ListenerPortsAndProtocol:
Description: The collection of listener.
Value:
'Fn::GetAtt':
- Listener
- ListenerPortsAndProtocol
LoadBalancerId:
Description: The id of load balancer
Value:
'Fn::GetAtt':
- Listener
- LoadBalancerId