SLB supports creating Layer-7 listeners of HTTP protocol or HTTPS protocol.
Introduction to Layer-7 listeners
- HTTP protocol
An application layer protocol that packages data. It is applicable to applications that need to recognize data contents, such as web applications and small-sized mobile games.
- HTTPS protocol
Similar to HTTP, but with an encrypted connection that prevents unauthorized access. SLB supports both one-way and two-way authentication. Additionally, SLB provides the certificate function. You do not need to manage certificates on the backend server. For more information, see Add an HTTPS listener.
Configurations of Layer-7 listeners
|Front-end Protocol [Port]||The front-end protocol and port used to receive connection requests and forward the requests to backend servers.
When configuring a layer-7 listener, select HTTP or HTTPS. The port number is in the range of 1-65535. For HTTPS protocol, the port number is 443.
|Backend protocol [Port]||The port opened on backend ECS instances for receiving requests.
The backend protocol is HTTP and the port number is in the range of 1-65535.
|Peak Bandwidth||If the SLB instance is billed at bandwidth, you can set different bandwidth peaks for different listeners to restrict the traffic through the listeners. The sum of the bandwidth set for all listeners cannot exceed the total bandwidth set for the SLB instance.|
|Scheduling Algorithm||Server Load Balancer supports three scheduling algorithms: round robin, weighted round robin (WRR), and weighted least connections (WLC).
|Use Server Group||If used, the listener will forward client requests only to the backend servers in the selected server group.
A server group (VServer group) contains multiple backend servers with different ports. You can associate different listeners with different server groups. Therefore, the listener can forward requests to specified backend servers. For more information, see Create a VServer Group.
|Mutual Authentication||Choose whether to enable two-way HTTPS authentication. If enabled, you have to upload the server certificate and CA certificate to SLB.
If not, only the server certificate is required.
|Server Certificate||The server certificate used by the client browser to check whether the certificate sent by the server is signed and issued by a trusted center.
You can purchase a server certificate from Alibaba Cloud Security Certificate Service, or from other service providers. The server certificate must be uploaded to SLB. For more information, see Upload certificates.
|CA Certificate||The certificate used by the server to verify a client's identity. If the verification fails, connection is denied. The CA certificate is only required when the two-way authentication is enabled. You can use a self-signed CA certificate for verification. For more information, see Generate certificates.
|Automatically Activate Listener after Creation||Choose whether to enable listening after the listener is configured. The default setting is enabled.|
|Obtain Real IP||For Layer-7 listeners, SLB uses the HTTP header X-Forwarded-For to get the real IP address of the client.|
|Session Persistence||If enabled, all session requests from the same client are sent to the same backend server.
For Layer-7 listeners, session persistence is based on cookies. The following two methods are supported:
See Session persistence FAQ for more details.
|Idle Connection Timeout||Specify the idle connection timeout in seconds. Valid value: 1-60
If no request is received during the specified timeout period, Server Load Balancer will close the connection and restart the connection when the next request comes.
This function is available in all regions.
|Request Timeout||Specify the request timeout in seconds. Valid value: 1-180
If no response is received from the backend server during the specified timeout period, Server Load Balancer will stop waiting and send an HTTP 504 error to the client.
This function is available in all regions.
|Gzip Compression||Choose whether to enable Gzip compression to compress files of specific formats.
|Additional HTTP Header Fields||Select the custom HTTP headers that you want to add:
|Enable Access Control||Select whether to enable the access control function.|
|Access Control Method||Select an access control method after enabling the access control function:
|Select an Access Control List||Select an access control list as the whitelist or the blacklist. For more information, see Configure an access control list.|