CreateLoadBalancerHTTPSListener - Server Load Balancer - Alibaba Cloud Documentation Center

Creates an HTTPS listener.

Precautions

A newly created listener is in the stopped state. After a listener is created, you can call the StartLoadBalancerListener operation to start the listener. After the listener is started, the listener can forward traffic to backend servers.

Prerequisites

A Classic Load Balancer (CLB) instance is created. For more information, see CreateLoadBalancer.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
RegionId	String	No	cn-hangzhou	The region ID of the CLB instance. You can query the region ID from the Regions and zones list or by calling the DescribeRegions operation.
Action	String	Yes	CreateLoadBalancerHTTPSListener	The operation that you want to perform. Set the value to CreateLoadBalancerHTTPSListener.
LoadBalancerId	String	Yes	lb-bp1o94dp5i6earr****	The ID of the CLB instance.
Bandwidth	Integer	Yes	-1	The maximum bandwidth of the listener. Unit: Mbit/s. Valid values: -1 and 1 to 5120. -1: For a pay-by-data-transfer Internet-facing CLB instance, you can set this parameter to -1. This way, the bandwidth of the listener is unlimited. 1 to 5120: For a pay-by-bandwidth Internet-facing SLB instance, you can specify the bandwidth limit of each listener. The sum of bandwidth limits that you set for all listeners cannot exceed the bandwidth limit of the SLB instance.
ListenerPort	Integer	Yes	80	The frontend port that is used by the CLB instance. Valid values: 1 to 65535.
BackendServerPort	Integer	No.	80	The backend port that is used by the CLB instance. Valid values: 1 to 65535. If the VServerGroupId parameter is not set, this parameter is required.
XForwardedFor	String	No	on	Specifies whether to use the `X-Forwarded-For` header to retrieve client IP addresses. Valid values: on: yes off: no
Scheduler	String	No	wrr	The scheduling algorithm. Valid values: wrr: Backend servers with higher weights receive more requests than those with lower weights. rr: Requests are distributed to backend servers in sequence.
StickySession	String	Yes	on	Specifies whether to enable session persistence. Valid values: on: yes off: no
StickySessionType	String	No	insert	The method that is used to handle a cookie. Valid values: insert and server. insert: inserts a cookie. CLB inserts a cookie (SERVERID) into the first HTTP or HTTPS response packet that is sent to a client. The next request from the client will contain this cookie, and the listener will distribute this request to the recorded backend server. server: rewrites a cookie. When CLB detects a user-defined cookie, it overwrites the original cookie with the user-defined cookie. The next request from the client carries the user-defined cookie, and the listener will distribute the request to the recorded backend server. Note This parameter is required if the StickySession parameter is set to on.
CookieTimeout	Integer	No	500	The timeout period of a cookie. Unit: seconds. Valid values: 1 to 86400. Note If StickySession is set to on and StickySessionType is set to insert, this parameter is required.
Cookie	String	No	B490B5EBF6F3CD402E515D22BCDA****	The cookie that is configured on the server. The cookie must be 1 to 200 characters in length and can contain only ASCII characters and digits. It cannot contain commas (,), semicolons (;), or space characters. It cannot start with a dollar sign ($). Note This parameter is required if the StickySession parameter is set to on and the StickySessionType parameter is set to server.
HealthCheck	String	Yes	on	Specifies whether to enable the health check feature. Valid values: on: yes off: no
HealthCheckMethod	String	No	get	The health check method used in HTTP health checks. Valid values: head and get. Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckDomain	String	No	172.XX.XX.16	The domain name that is used for health checks. Valid values: $_ip: the private IP address of a backend server. If you do not set the HealthCheckDomain parameter or set the parameter to $_ip, the CLB instance uses the private IP address of each backend server for health checks. domain: The domain name must be 1 to 80 characters in length and can contain letters, digits, periods (.), and hyphens (-). Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckURI	String	No	/test/index.html	The URI that is used for health checks. The URI must be 1 to 80 characters in length, and can contain letters, digits, and the following special characters: `-/.%?#&`. The URI must start with a forward slash (`/`), but cannot be a single forward slash (`/`). Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthyThreshold	Integer	No	4	The number of times that an unhealthy backend server must consecutively pass health checks before it is declared healthy. In this case, the health status is changed from fail to success. Valid values: 2 to 10. Note This parameter takes effect only if the HealthCheck parameter is set to on.
UnhealthyThreshold	Integer	No	4	The number of times that a healthy backend server must consecutively fail health checks before it is declared unhealthy. In this case, the health status is changed from success to fail. Valid values: 2 to 10. Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckTimeout	Integer	No	3	The timeout period of a health check response. If a backend server, such as an Elastic Compute Service (ECS) instance, does not return a health check response within the specified timeout period, the server fails the health check. Unit: seconds. Valid values: 1 to 300. Note If the value of the HealthCheckTimeout parameter is smaller than that of the HealthCheckInterval parameter, the timeout period specified by the HealthCheckTimeout parameter is ignored and the period of time specified by the HealthCheckInterval parameter is used as the timeout period. This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckConnectPort	Integer	No	8080	The port that is used for health checks. Valid values: 1 to 65535. Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckInterval	Integer	No	5	The interval between two consecutive health checks. Unit: seconds. Valid values: 1 to 50. Note This parameter takes effect only if the HealthCheck parameter is set to on.
HealthCheckHttpCode	String	No	http_2xx,http_3xx	The HTTP status code for a successful health check. Separate multiple HTTP status codes with commas (,). Valid values: http_2xx, http_3xx, http_4xx, and http_5xx. Note This parameter takes effect only if the HealthCheck parameter is set to on.
ServerCertificateId	String	Yes	idkp-123-cn-test-****	The ID of the server certificate.
VServerGroupId	String	No	rsp-cige6j5e7p****	The ID of the server group.
CACertificateId	String	No	139a00604ad-cn-east-hangzh****	The ID of the certification authority (CA) certificate. If both the CA certificate and the server certificate are uploaded, mutual authentication is used. If you upload only the server certificate, one-way authentication is used.
XForwardedFor_SLBIP	String	No	on	Specifies whether to use the `SLB-IP` header to retrieve the virtual IP address (VIP) of the client. Valid values: on: yes off: no
XForwardedFor_SLBID	String	No	on	Specifies whether to use the `SLB-ID` header to retrieve the ID of the CLB instance. Valid values: on: yes off: no
XForwardedFor_proto	String	No	on	Specifies whether to use the `X-Forwarded-Proto` header to retrieve the listener protocol. Valid values: on: yes off: no
Gzip	String	No	on	Specifies whether to enable `Gzip` compression to compress specific types of files. Valid values: on: yes off: no
AclId	String	No	nacl-a2do9e413e0spzasx****	The ID of the network access control list (ACL) that is associated with the listener. Note If AclStatus is set to on, this parameter is required.
AclType	String	No	white	The type of the network ACL. Valid values: white: a whitelist. Only requests from the IP addresses or CIDR blocks in the network ACL are forwarded. Whitelists apply to scenarios in which you want to allow only specific IP addresses to access an application. Your service may be adversely affected if the allowlist is not properly configured. After a whitelist is configured, only requests from IP addresses that are added to the whitelist are forwarded by the listener. If you enable a whitelist but do not add an IP address to the ACL, the listener forwards all requests. black: a blacklist. All requests from the IP addresses or CIDR blocks in the network ACL are denied. The blacklist applies to scenarios in which you want to deny access from specific IP addresses to an application. If a blacklist is configured for a listener but no IP address is added to the blacklist, the listener forwards all requests. Note If AclStatus is set to on, this parameter is required.
AclStatus	String	No	off	Specifies whether to enable access control. Valid values: on: yes off: no
Description	String	No	HTTPS_443	The name of the listener. The name must be 1 to 256 characters in length and can contain letters, digits, hyphens (-), forward slashes (/), periods (.), and underscores (_).
IdleTimeout	Integer	No	12	The timeout period of an idle connection. Valid values: 1 to 60. Default value: 15. Unit: seconds. If no request is received within the specified timeout period, CLB closes the connection. When a request is received, CLB establishes a new connection.
RequestTimeout	Integer	No	23	The timeout period of a request. Valid values: 1 to 180. Default value: 60. Unit: seconds. If no response is received from a backend server within the specified timeout period, CLB returns the HTTP 504 status code to the client.
EnableHttp2	String	No	off	Specifies whether to enable HTTP/2. Valid values: on: yes off: no
TLSCipherPolicy	String	No	tls_cipher_policy_1_1	The Transport Layer Security (TLS) security policy. Each security policy contains TLS protocol versions and cipher suites available for HTTPS. tls_cipher_policy_1_0: Supported TLS versions: TLS 1.0, TLS 1.1, and TLS 1.2 Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA tls_cipher_policy_1_1: Supported TLS versions: TLS 1.1 and TLS 1.2 Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA tls_cipher_policy_1_2 Supported TLS version: TLS 1.2 Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA tls_cipher_policy_1_2_strict Supported TLS version: TLS 1.2 Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA tls_cipher_policy_1_2_strict_with_1_3 Supported TLS versions: TLS 1.2 and TLS 1.3 Supported cipher suites: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA

Response parameters


Parameter	Type	Example	Description
RequestId	String	CEF72CEB-54B6-4AE8-B225-F876FF7BA984	The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?RegionId=cn-hangzhou
&Action=CreateLoadBalancerHTTPSListener
&LoadBalancerId=lb-bp1o94dp5i6earr****
&Bandwidth=-1
&ListenerPort=80
&BackendServerPort=80
&XForwardedFor=on
&Scheduler=wrr
&StickySession=on
&StickySessionType=insert 
&CookieTimeout=500
&Cookie=B490B5EBF6F3CD402E515D22BCDA****
&HealthCheck=on
&HealthCheckMethod=get
&HealthCheckDomain=172.XX.XX.16
&HealthCheckURI=/test/index.html
&HealthyThreshold=4
&UnhealthyThreshold=4
&HealthCheckTimeout=3
&HealthCheckConnectPort=8080
&HealthCheckInterval=5
&HealthCheckHttpCode=http_2xx,http_3xx
&ServerCertificateId=idkp-123-cn-test-****
&VServerGroupId=rsp-cige6j5e7p****
&CACertificateId=139a00604ad-cn-east-hangzh****
&XForwardedFor_SLBIP=on
&XForwardedFor_SLBID=on
&XForwardedFor_proto=on
&Gzip=on
&AclId=nacl-a2do9e413e0spzasx****
&AclType=white
&AclStatus=off
&Description=HTTPS_443
&IdleTimeout=12
&RequestTimeout=23
&EnableHttp2=off
&TLSCipherPolicy=tls_cipher_policy_1_1
&ServerCertificate=[{}]
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateLoadBalancerHTTPSListenerResponse>
    <RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
</CreateLoadBalancerHTTPSListenerResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "CEF72CEB-54B6-4AE8-B225-F876FF7BA984"
}

Error codes


HttpCode	Error code	Error message	Description
400	ParamDuplicateError	The specified parameter value of XForwardedFor_ClientCertSubjectDNAlias is duplicate. Please change to a different one.	The error message returned because the value of XForwardedFor_ClientCertSubjectDNAlias is duplicate.
400	ParamDuplicateError	The specified parameter value of XForwardedFor_ClientCertIssuerDNAlias is duplicate. Please change to a different one.	The error message returned because the value of XForwardedFor_ClientCertIssuerDNAlias is duplicate.
400	ParamDuplicateError	The specified parameter value of XForwardedFor_ClientCertFingerprintAlias is duplicate. Please change to a different one.	The error message returned because the value of XForwardedFor_ClientCertFingerprintAlias is duplicate.
400	ParamDuplicateError	The specified parameter value of XForwardedFor_ClientCertClientVerifyAlias is duplicate. Please change to a different one.	The error message returned because the value of XForwardedFor_ClientCertClientVerifyAlias is duplicate.
400	IpVersionConflict	The ip version of this LoadBalancer and the Acl is conflict.	The error message returned because the specified IP version is not supported by the network ACL.
400	InvalidParameter.IdleTimeout	The specified IdleTimeout exceeds the limit.	The error message returned because IdleTimeout is set to an invalid value. Specify a valid value and try again.
400	InvalidParameter.RequestTimeout	The specified RequestTimeout exceeds the limit.	The error message returned because RequestTimeout is set to an invalid value. Specify a valid value and try again.
400	ListenerForwardNotSupport	X-Forward-For is not supported to a ipv6 instance.	The error message returned because the X-Forward-For header is not supported by CLB instances that have IPv6 enabled.
400	InvalidParameter.RegionNotSupport	The region does not support the parameter: %s.	The error message returned because the parameter is not supported in the current region.
400	InvalidParameter.SpecNotSupport	The loadBalancer of shared spec does not support the parameter: %s.	The error message returned because the parameter is not supported by resource-shared CLB instances.
400	ListenerProcessing	A previous configuration of the listener is pending,please try again later.	The error message returned because the specified instance is being configured. Try again later.
400	Certkey.Forbidden	The specified certkey is not owned by the current user.	The error message returned because the specified certificate key does not belong to the current account.
400	InvalidParameter.ListenerPortConflict	There is conflict listener port exists.	The error message returned because the specified listening port already exists.
400	ResourceNotAvailible.HttpsListener	The specified Zone did not have enough resource.	The error message returned because resources are insufficient in the specified zone.
400	AclNotExist	Acl does not exist.	The error message returned because the specified network ACL does not exist.
400	OperationUnsupported.CreateLoadBalancerLayer7Listener	The slb instance does not support create HTTP or HTTPS listener.	The error message returned because the specified CLB instance does not support HTTP or HTTPS listeners.
400	InvalidParameter.VServerGroupId	The MasterSlaveServerGroup can not be attached to HTTP or HTTPS listener.	The error message returned because HTTP and HTTPS listeners do not support primary/secondary server groups.
400	MissingParam.HealthCheckDomain	The HealthCheckDomain is required when HealthCheckHttpVersion is http1.1.	The error message returned because the HealthCheckDomain parameter is not set.
400	InvalidParameter.HealthCheckHttpVersion	The param HealthCheckHttpVersion is invalid.	The error message returned because HealthCheckHttpVersion is set to an invalid value. Specify a valid value and try again.
400	QuotaLimitExceeds.AclAttachedToListener	%s.	The error message returned because the number of listeners associated with the network ACL has reached the upper limit.
400	QuotaLimitExceeds.TotalAclEntry	%s.	The error message returned because the number of network ACL rules has reached the upper limit.
400	Duplicated.AclEntry	%s.	The error message returned because the specified ACL rule already exists.
400	CertificateNotExist	The specified CertificateId does not exist.	The error message returned because the specified certificate is invalid.
400	OperationFailed.InsufficientResources	The loadbalancer does not support this operation because of insufficient resources.	The error message returned because the operation failed due to insufficient resources.
400	InvalidTLSPolicyId.NotExist	The specified TLS cipher policy does not exist.	The error message returned because the TLS policy does not exist.
400	TLSPolicyConfiguring	The specified TLS cipher policy is configuring.	The error message returned because the TLS policy is being modified.
400	TLSCipherPolicyVipRelationOverLimit	The number of listeners associated with a policy has exceeded.	The error message returned because the number of TLS policies has reached the upper limit.
400	CertificateTypeMismatched	The certificate type does not match.	The error message returned because the type of the specified certificate is invalid.
400	MissingParam.ServerCertificates	Server certificates are required.	The error message returned because ServerCertificates is not set.
400	TooManyCertificates	The number of certificates must not be greater than one.	The error message returned because the number of certificates cannot exceed 1.
400	CnCertificateNotSupport	The cn certificate is not support.	The error message returned because ShangMi (SM) certificates are not supported.
400	InvalidParam.CertificateBindingType	The param CertificateBindingType is invalid.	The error message returned because CertificateBindingType is set to an invalid value. Specify a valid value and try again.
400	InvalidParamSize.ServerCertificates	The size of param ServerCertificates is invalid.	The error message returned because ServerCertificates is set to an invalid value. Specify a valid value and try again.
400	TooManyCertificates.ServerCertificates	The number of certificates must not be greater than one.	The error message returned because the number of certificates cannot exceed 1.
400	LbNotSupportTcpssl	You cannot create a TCP SSL type listener for the specified load balancer.	The error message returned because the specified instance does not allow you to create TCP SSL listeners.
400	LbSupportTcpsslOnly	The specified load balancer supports TCP SSL type listener only.	The error message returned because the specified instance allows you to create only TCP SSL listeners.
400	ListenerNotSupportRule	You cannot create a rule for the specified listener.	The error message returned because the specified listener does not allow you to create forwarding rules.
400	Mismatch.SlbSpecTypeAndListenerProtocol	The SlbSpecType and ListenerProtocol are mismatched.	The error message returned because the specified instance type and listener type do not match.

For a list of error codes, visit the API Error Center.