ALIYUN::ALB::Listener - Resource Orchestration Service - Alibaba Cloud Documentation Center

ALIYUN::ALB::Listener is used to create an HTTP, HTTPS, or Quick UDP Internet Connections (QUIC) listener.

Syntax

{
  "Type": "ALIYUN::ALB::Listener",
  "Properties": {
    "RequestTimeout": Integer,
    "ListenerPort": Integer,
    "Http2Enabled": Boolean,
    "DefaultActions": List,
    "Certificates": List,
    "IdleTimeout": Integer,
    "LoadBalancerId": String,
    "ListenerProtocol": String,
    "QuicConfig": Map,
    "GzipEnabled": Boolean,
    "SecurityPolicyId": String,
    "ListenerDescription": String,
    "XForwardedForConfig": Map,
    "CaEnabled": Boolean,
    "CaCertificates": List,
    "ListenerStatus": String
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
RequestTimeout	Integer	No	Yes	The timeout period of a request.	Valid values: 1 to 180. Default value: 60. Unit: seconds. If no response is received from the backend server within the specified timeout period, Application Load Balancer (ALB) stops waiting for the response and returns an HTTP 504 status code to the client.
ListenerPort	Integer	Yes	No	The listener port of the instance.	Valid values: 1 to 65535
Http2Enabled	Boolean	No	Yes	Specifies whether to enable HTTP/2.	Valid values: true (default) false Note You can specify this property only for HTTPS listeners.
DefaultActions	List	Yes	Yes	The actions of the forwarding rule.	Example: `[ { "ForwardGroupConfig": { "ServerGroupTuples": [ { "ServerGroupId": "sgp-46ndzg2wz4v5mp****" } ] }, "Type": "ForwardGroup" } ]` For more information, see DefaultActions properties.
Certificates	List	No	Yes	The certificates.	For more information, see Certificates properties.
IdleTimeout	Integer	No	Yes	The timeout period of an idle connection.	Valid values: 1 to 60. Default value: 15. Unit: seconds. If no request is received within the specified timeout period, ALB closes the current connection. When another request is received, ALB establishes a new connection.
LoadBalancerId	String	Yes	No	The ID of the ALB instance.	None
ListenerProtocol	String	Yes	No	The listener protocol of the instance.	Valid values: HTTP HTTPS QUIC
QuicConfig	Map	No	Yes	The configurations of the QUIC listener that you want to associate with the HTTPS listener of the instance.	For more information, see QuicConfig properties.
GzipEnabled	Boolean	No	Yes	Specifies whether to enable GNU zip (Gzip) compression to compress specific types of files.	Valid values: true (false) false
SecurityPolicyId	String	No	Yes	The ID of the security policy.	System security policies and custom security policies are supported. Default value: tls_cipher_policy_1_0. The default value specifies the system security policy. Note You can specify this property only for HTTPS listeners.
ListenerDescription	String	No	Yes	The description of the listener.	The description must be 2 to 256 characters in length.
XForwardedForConfig	Map	No	Yes	The configurations of the X-Forwarded-For (XFF) header.	For more information, see XForwardedForConfig properties.
CaEnabled	Boolean	No	Yes	Specifies whether to enable mutual authentication.	Valid values: true false (default)
CaCertificates	List	No	Yes	The certification authority (CA) certificates.	For more information, see CaCertificates properties.
ListenerStatus	String	No	Yes	The status of the listener.	Valid values: Running Stopped

DefaultActions syntax

"DefaultActions": [
  {
    "Type": String,
    "ForwardGroupConfig": Map
  }
]

DefaultActions properties

Property	Type	Required	Editable	Description	Constraint
Type	String	Yes	Yes	The type of the action.	Set the value to ForwardGroup. This value specifies that requests are forwarded to multiple server groups.
ForwardGroupConfig	Map	Yes	Yes	The configurations of the action.	For more information, see ForwardGroupConfig properties.

ForwardGroupConfig syntax

"ForwardGroupConfig": {
  "ServerGroupTuples": List
}

ForwardGroupConfig property

Property	Type	Required	Editable	Description	Constraint
ServerGroupTuples	List	Yes	Yes	The server groups to which requests are forwarded.	For more information, see ServerGroupTuples properties.

ServerGroupTuples syntax

"ServerGroupTuples": [
  {
    "ServerGroupId": String
  }
]

ServerGroupTuples property

Property	Type	Required	Editable	Description	Constraint
ServerGroupId	String	Yes	Yes	The ID of the server group to which requests are forwarded.	None

Certificates syntax

"Certificates": [
  {
    "CertificateId": String
  }
]

Certificates property

Property	Type	Required	Editable	Description	Constraint
CertificateId	String	No	Yes	The ID of the certificate.	Only server certificates are supported.

QuicConfig syntax

"QuicConfig": {
  "QuicListenerId": String,
  "QuicUpgradeEnabled": Boolean
}

QuicConfig properties

Property

Type

Required

Editable

Description

Constraint

QuicListenerId

String

Yes

The ID of the QUIC listener.

This property is required if you set the QuicUpgradeEnabled property to true.

Note

You can specify this property only for HTTPS listeners.
You must add the HTTPS listener and the QUIC listener to the same ALB instance. In addition, make sure that the QUIC listener has never been associated with another listener.

QuicUpgradeEnabled

Boolean

Yes

Specifies whether to enable QUIC upgrade.

Valid values:

true
false (default)

Note

You can specify this property only for HTTPS listeners.

XForwardedForConfig syntax

"XForwardedForConfig": {
  "XForwardedForClientCertFingerprintAlias": String,
  "XForwardedForClientCertFingerprintEnabled": Boolean,
  "XForwardedForClientCertIssuerDNAlias": String,
  "XForwardedForClientCertClientVerifyAlias": String,
  "XForwardedForSLBIdEnabled": Boolean,
  "XForwardedForClientCertSubjectDNEnabled": Boolean,
  "XForwardedForClientCertSubjectDNAlias": String,
  "XForwardedForProtoEnabled": Boolean,
  "XForwardedForClientSrcPortEnabled": Boolean,
  "XForwardedForSLBPortEnabled": Boolean,
  "XForwardedForEnabled": Boolean,
  "XForwardedForClientCertIssuerDNEnabled": Boolean,
  "XForwardedForClientCertClientVerifyEnabled": Boolean,
  "XForwardedForClientSourceIpsEnabled": Boolean,
  "XForwardedForClientSourceIpsTrusted": String
}

XForwardedForConfig properties

Property	Type	Required	Editable	Description	Constraint
XForwardedForClientCertFingerprintAlias	String	No	Yes	The name of the custom header. You can use this property to query the fingerprint of the client certificate.	This property takes effect only if you set the XForwardedForClientCertFingerprintEnabled property to true. The name must be 1 to 40 characters in length and can contain lowercase letters, digits, underscores (_), and hyphens (-). Note You can specify this property only for HTTPS listeners.
XForwardedForClientCertFingerprintEnabled	Boolean	No	Yes	Specifies whether to use the X-Forwarded-Clientcert-fingerprint header to query the fingerprint of the client certificate.	Valid values: true false (default) Note You can specify this property only for HTTPS listeners.
XForwardedForClientCertIssuerDNAlias	String	No	Yes	The name of the custom header. You can use this property to query the information about the CA that issues the client certificate.	This property takes effect only if you set the XForwardedForClientCertIssuerDNEnabled property to true. The name must be 1 to 40 characters in length and can contain lowercase letters, digits, underscores (_), and hyphens (-). Note You can specify this property only for HTTPS listeners.
XForwardedForClientCertClientVerifyAlias	String	No	Yes	The name of the custom header. You can use this property to query the verification result of the client certificate.	This property takes effect only if you set the XForwardedForClientCertClientVerifyEnabled property to true. The name must be 1 to 40 characters in length and can contain lowercase letters, digits, underscores (_), and hyphens (-). Note You can specify this property only for HTTPS listeners.
XForwardedForSLBIdEnabled	Boolean	No	Yes	Specifies whether to use the SLB-ID header to query the ID of the ALB instance.	Valid values: true false (default)
XForwardedForClientCertSubjectDNEnabled	Boolean	No	Yes	Specifies whether to use the X-Forwarded-Clientcert-subjectdn header to query the information about the owner of the client certificate.	Valid values: true false (default) Note You can specify this property only for HTTPS listeners.
XForwardedForClientCertSubjectDNAlias	String	No	Yes	The name of the custom header. You can use this property to query the information about the owner of the client certificate.	This property takes effect only if you set the XForwardedForClientCertSubjectDNEnabled property to true. The name must be 1 to 40 characters in length and can contain lowercase letters, digits, underscores (_), and hyphens (-). Note You can specify this property only for HTTPS listeners.
XForwardedForProtoEnabled	Boolean	No	Yes	Specifies whether to use the X-Forwarded-Proto header to query the listener protocol of the ALB instance.	Valid values: true false (default)
XForwardedForClientSrcPortEnabled	Boolean	No	Yes	Specifies whether to use the X-Forwarded-Client-Port header to query the client port.	Valid values: true false (default) Note You can specify this property for HTTP and HTTPS listeners.
XForwardedForSLBPortEnabled	Boolean	No	Yes	Specifies whether to use the X-Forwarded-Port header to query the listener port of the ALB instance.	Valid values: true false (default)
XForwardedForEnabled	Boolean	No	Yes	Specifies whether to use the X-Forwarded-For header to query the real IP address of the client.	Valid values: true (default) false Note You can specify this property for HTTP and HTTPS listeners.
XForwardedForClientCertIssuerDNEnabled	Boolean	No	Yes	Specifies whether to use the X-Forwarded-Clientcert-issuerdn header to query the information about the CA that issues the client certificate.	Valid values: true false (default) Note You can specify this property only for HTTPS listeners.
XForwardedForClientCertClientVerifyEnabled	Boolean	No	Yes	Specifies whether to use the X-Forwarded-Clientcert-clientverify header to query the verification result of the client certificate.	Valid values: true false (default) Note You can specify this property only for HTTPS listeners.
XForwardedForClientSourceIpsEnabled	Boolean	No	Yes	Specifies whether to use the X-Forwarded-Client-SourceIps header to query the source port of the client.	Valid values: true false (default)
XForwardedForClientSourceIpsTrusted	String	No	Yes	Specifies whether to trust the source IP addresses of the client that are queried by using the X-Forwarded-Client-SourceIps header.	Valid values: true false (false)

CaCertificates syntax

"CaCertificates": [
  {
    "CertificateId": String
  }
]

CaCertificates property

Property	Type	Required	Editable	Description	Constraint
CertificateId	String	No	Yes	The ID of the CA certificate.	None

Return values

Fn::GetAtt

ListenerId: the ID of the listener.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  LoadBalancerId:
    Type: String
    Description: The ID of the ALB instance.
    Default: lb-bp1iilcd9ujny84z8****
Resources:
  Listener:
    Type: ALIYUN::ALB::Listener
    Properties:
      ListenerPort: 80
      DefaultActions:
        - ForwardGroupConfig:
            ServerGroupTuples:
              - ServerGroupId: sgp-46ndzg2wz4v5mp****
          Type: ForwardGroup
      LoadBalancerId:
        Ref: LoadBalancerId
      ListenerProtocol: HTTP
Outputs:
  ListenerId:
    Description: The ID of the listener.
    Value:
      Fn::GetAtt:
        - Listener
        - ListenerId

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "LoadBalancerId": {
      "Type": "String",
      "Description": "The ID of the ALB instance.",
      "Default": "lb-bp1iilcd9ujny84z8****"
    }
  },
  "Resources": {
    "Listener": {
      "Type": "ALIYUN::ALB::Listener",
      "Properties": {
        "ListenerPort": 80,
        "DefaultActions": [
          {
            "ForwardGroupConfig": {
              "ServerGroupTuples": [
                {
                  "ServerGroupId": "sgp-46ndzg2wz4v5mp****"
                }
              ]
            },
            "Type": "ForwardGroup"
          }
        ],
        "LoadBalancerId": {
          "Ref": "LoadBalancerId"
        },
        "ListenerProtocol": "HTTP"
      }
    }
  },
  "Outputs": {
    "ListenerId": {
      "Description": "The ID of the listener.",
      "Value": {
        "Fn::GetAtt": [
          "Listener",
          "ListenerId"
        ]
      }
    }
  }
}