Creates an HTTPS listener.
Precautions
A newly created listener is in the stopped state. After a listener is created, you can call the StartLoadBalancerListener operation to start the listener. After the listener is started, the listener can forward traffic to backend servers.
Prerequisites
A Classic Load Balancer (CLB) instance is created. For more information, see CreateLoadBalancer.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
RegionId | String | No | cn-hangzhou |
The region ID of the CLB instance. You can query the region ID from the Regions and zones list or by calling the DescribeRegions operation. |
Action | String | Yes | CreateLoadBalancerHTTPSListener |
The operation that you want to perform. Set the value to CreateLoadBalancerHTTPSListener. |
LoadBalancerId | String | Yes | lb-bp1o94dp5i6earr**** |
The ID of the CLB instance. |
Bandwidth | Integer | Yes | -1 |
The maximum bandwidth of the listener. Unit: Mbit/s. Valid values: -1 and 1 to 5120.
|
ListenerPort | Integer | Yes | 80 |
The frontend port that is used by the CLB instance. Valid values: 1 to 65535. |
BackendServerPort | Integer | No. | 80 |
The backend port that is used by the CLB instance. Valid values: 1 to 65535. If the VServerGroupId parameter is not set, this parameter is required. |
XForwardedFor | String | No | on |
Specifies whether to use the
|
Scheduler | String | No | wrr |
The scheduling algorithm. Valid values:
|
StickySession | String | Yes | on |
Specifies whether to enable session persistence. Valid values:
|
StickySessionType | String | No | insert |
The method that is used to handle a cookie. Valid values: insert and server.
Note This parameter is required if the StickySession parameter is set to on.
|
CookieTimeout | Integer | No | 500 |
The timeout period of a cookie. Unit: seconds. Valid values: 1 to 86400. Note If StickySession is set to on and StickySessionType is set to insert, this parameter is required.
|
Cookie | String | No | B490B5EBF6F3CD402E515D22BCDA**** |
The cookie that is configured on the server. The cookie must be 1 to 200 characters in length and can contain only ASCII characters and digits. It cannot contain commas (,), semicolons (;), or space characters. It cannot start with a dollar sign ($). Note This parameter is required if the StickySession parameter is set to on and the StickySessionType parameter is set to server.
|
HealthCheck | String | Yes | on |
Specifies whether to enable the health check feature. Valid values:
|
HealthCheckMethod | String | No | get |
The health check method used in HTTP health checks. Valid values: head and get. Note This parameter takes effect only if the HealthCheck parameter is set to on.
|
HealthCheckDomain | String | No | 172.XX.XX.16 |
The domain name that is used for health checks. Valid values:
Note This parameter takes effect only if the HealthCheck parameter is set to on.
|
HealthCheckURI | String | No | /test/index.html |
The URI that is used for health checks. The URI must be 1 to 80 characters in length, and can contain letters, digits, and
the following special characters: Note This parameter takes effect only if the HealthCheck parameter is set to on.
|
HealthyThreshold | Integer | No | 4 |
The number of times that an unhealthy backend server must consecutively pass health checks before it is declared healthy. In this case, the health status is changed from fail to success. Valid values: 2 to 10. Note This parameter takes effect only if the HealthCheck parameter is set to on.
|
UnhealthyThreshold | Integer | No | 4 |
The number of times that a healthy backend server must consecutively fail health checks before it is declared unhealthy. In this case, the health status is changed from success to fail. Valid values: 2 to 10. Note This parameter takes effect only if the HealthCheck parameter is set to on.
|
HealthCheckTimeout | Integer | No | 3 |
The timeout period of a health check response. If a backend server, such as an Elastic Compute Service (ECS) instance, does not return a health check response within the specified timeout period, the server fails the health check. Unit: seconds. Valid values: 1 to 300. Note
|
HealthCheckConnectPort | Integer | No | 8080 |
The port that is used for health checks. Valid values: 1 to 65535. Note This parameter takes effect only if the HealthCheck parameter is set to on.
|
HealthCheckInterval | Integer | No | 5 |
The interval between two consecutive health checks. Unit: seconds. Valid values: 1 to 50. Note This parameter takes effect only if the HealthCheck parameter is set to on.
|
HealthCheckHttpCode | String | No | http_2xx,http_3xx |
The HTTP status code for a successful health check. Separate multiple HTTP status codes with commas (,). Valid values: http_2xx, http_3xx, http_4xx, and http_5xx. Note This parameter takes effect only if the HealthCheck parameter is set to on.
|
ServerCertificateId | String | Yes | idkp-123-cn-test-**** |
The ID of the server certificate. |
VServerGroupId | String | No | rsp-cige6j5e7p**** |
The ID of the server group. |
CACertificateId | String | No | 139a00604ad-cn-east-hangzh**** |
The ID of the certification authority (CA) certificate. If both the CA certificate and the server certificate are uploaded, mutual authentication is used. If you upload only the server certificate, one-way authentication is used. |
XForwardedFor_SLBIP | String | No | on |
Specifies whether to use the
|
XForwardedFor_SLBID | String | No | on |
Specifies whether to use the
|
XForwardedFor_proto | String | No | on |
Specifies whether to use the
|
Gzip | String | No | on |
Specifies whether to enable
|
AclId | String | No | nacl-a2do9e413e0spzasx**** |
The ID of the network access control list (ACL) that is associated with the listener. Note If AclStatus is set to on, this parameter is required.
|
AclType | String | No | white |
The type of the network ACL. Valid values:
Note If AclStatus is set to on, this parameter is required.
|
AclStatus | String | No | off |
Specifies whether to enable access control. Valid values:
|
Description | String | No | HTTPS_443 |
The name of the listener. The name must be 1 to 256 characters in length and can contain letters, digits, hyphens (-), forward slashes (/), periods (.), and underscores (_). |
IdleTimeout | Integer | No | 12 |
The timeout period of an idle connection. Valid values: 1 to 60. Default value: 15. Unit: seconds. If no request is received within the specified timeout period, CLB closes the connection. When a request is received, CLB establishes a new connection. |
RequestTimeout | Integer | No | 23 |
The timeout period of a request. Valid values: 1 to 180. Default value: 60. Unit: seconds. If no response is received from a backend server within the specified timeout period, CLB returns the HTTP 504 status code to the client. |
EnableHttp2 | String | No | off |
Specifies whether to enable HTTP/2. Valid values:
|
TLSCipherPolicy | String | No | tls_cipher_policy_1_1 |
The Transport Layer Security (TLS) security policy. Each security policy contains TLS protocol versions and cipher suites available for HTTPS.
|
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | CEF72CEB-54B6-4AE8-B225-F876FF7BA984 |
The ID of the request. |
Examples
Sample requests
http(s)://[Endpoint]/?RegionId=cn-hangzhou
&Action=CreateLoadBalancerHTTPSListener
&LoadBalancerId=lb-bp1o94dp5i6earr****
&Bandwidth=-1
&ListenerPort=80
&BackendServerPort=80
&XForwardedFor=on
&Scheduler=wrr
&StickySession=on
&StickySessionType=insert
&CookieTimeout=500
&Cookie=B490B5EBF6F3CD402E515D22BCDA****
&HealthCheck=on
&HealthCheckMethod=get
&HealthCheckDomain=172.XX.XX.16
&HealthCheckURI=/test/index.html
&HealthyThreshold=4
&UnhealthyThreshold=4
&HealthCheckTimeout=3
&HealthCheckConnectPort=8080
&HealthCheckInterval=5
&HealthCheckHttpCode=http_2xx,http_3xx
&ServerCertificateId=idkp-123-cn-test-****
&VServerGroupId=rsp-cige6j5e7p****
&CACertificateId=139a00604ad-cn-east-hangzh****
&XForwardedFor_SLBIP=on
&XForwardedFor_SLBID=on
&XForwardedFor_proto=on
&Gzip=on
&AclId=nacl-a2do9e413e0spzasx****
&AclType=white
&AclStatus=off
&Description=HTTPS_443
&IdleTimeout=12
&RequestTimeout=23
&EnableHttp2=off
&TLSCipherPolicy=tls_cipher_policy_1_1
&ServerCertificate=[{}]
&Common request parameters
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<CreateLoadBalancerHTTPSListenerResponse>
<RequestId>CEF72CEB-54B6-4AE8-B225-F876FF7BA984</RequestId>
</CreateLoadBalancerHTTPSListenerResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "CEF72CEB-54B6-4AE8-B225-F876FF7BA984"
}
Error codes
HttpCode | Error code | Error message | Description |
---|---|---|---|
400 | ParamDuplicateError | The specified parameter value of XForwardedFor_ClientCertSubjectDNAlias is duplicate. Please change to a different one. | The error message returned because the value of XForwardedFor_ClientCertSubjectDNAlias is duplicate. |
400 | ParamDuplicateError | The specified parameter value of XForwardedFor_ClientCertIssuerDNAlias is duplicate. Please change to a different one. | The error message returned because the value of XForwardedFor_ClientCertIssuerDNAlias is duplicate. |
400 | ParamDuplicateError | The specified parameter value of XForwardedFor_ClientCertFingerprintAlias is duplicate. Please change to a different one. | The error message returned because the value of XForwardedFor_ClientCertFingerprintAlias is duplicate. |
400 | ParamDuplicateError | The specified parameter value of XForwardedFor_ClientCertClientVerifyAlias is duplicate. Please change to a different one. | The error message returned because the value of XForwardedFor_ClientCertClientVerifyAlias is duplicate. |
400 | IpVersionConflict | The ip version of this LoadBalancer and the Acl is conflict. | The error message returned because the specified IP version is not supported by the network ACL. |
400 | InvalidParameter.IdleTimeout | The specified IdleTimeout exceeds the limit. | The error message returned because IdleTimeout is set to an invalid value. Specify a valid value and try again. |
400 | InvalidParameter.RequestTimeout | The specified RequestTimeout exceeds the limit. | The error message returned because RequestTimeout is set to an invalid value. Specify a valid value and try again. |
400 | ListenerForwardNotSupport | X-Forward-For is not supported to a ipv6 instance. | The error message returned because the X-Forward-For header is not supported by CLB instances that have IPv6 enabled. |
400 | InvalidParameter.RegionNotSupport | The region does not support the parameter: %s. | The error message returned because the parameter is not supported in the current region. |
400 | InvalidParameter.SpecNotSupport | The loadBalancer of shared spec does not support the parameter: %s. | The error message returned because the parameter is not supported by resource-shared CLB instances. |
400 | ListenerProcessing | A previous configuration of the listener is pending,please try again later. | The error message returned because the specified instance is being configured. Try again later. |
400 | Certkey.Forbidden | The specified certkey is not owned by the current user. | The error message returned because the specified certificate key does not belong to the current account. |
400 | InvalidParameter.ListenerPortConflict | There is conflict listener port exists. | The error message returned because the specified listening port already exists. |
400 | ResourceNotAvailible.HttpsListener | The specified Zone did not have enough resource. | The error message returned because resources are insufficient in the specified zone. |
400 | AclNotExist | Acl does not exist. | The error message returned because the specified network ACL does not exist. |
400 | OperationUnsupported.CreateLoadBalancerLayer7Listener | The slb instance does not support create HTTP or HTTPS listener. | The error message returned because the specified CLB instance does not support HTTP or HTTPS listeners. |
400 | InvalidParameter.VServerGroupId | The MasterSlaveServerGroup can not be attached to HTTP or HTTPS listener. | The error message returned because HTTP and HTTPS listeners do not support primary/secondary server groups. |
400 | MissingParam.HealthCheckDomain | The HealthCheckDomain is required when HealthCheckHttpVersion is http1.1. | The error message returned because the HealthCheckDomain parameter is not set. |
400 | InvalidParameter.HealthCheckHttpVersion | The param HealthCheckHttpVersion is invalid. | The error message returned because HealthCheckHttpVersion is set to an invalid value. Specify a valid value and try again. |
400 | QuotaLimitExceeds.AclAttachedToListener | %s. | The error message returned because the number of listeners associated with the network ACL has reached the upper limit. |
400 | QuotaLimitExceeds.TotalAclEntry | %s. | The error message returned because the number of network ACL rules has reached the upper limit. |
400 | Duplicated.AclEntry | %s. | The error message returned because the specified ACL rule already exists. |
400 | CertificateNotExist | The specified CertificateId does not exist. | The error message returned because the specified certificate is invalid. |
400 | OperationFailed.InsufficientResources | The loadbalancer does not support this operation because of insufficient resources. | The error message returned because the operation failed due to insufficient resources. |
400 | InvalidTLSPolicyId.NotExist | The specified TLS cipher policy does not exist. | The error message returned because the TLS policy does not exist. |
400 | TLSPolicyConfiguring | The specified TLS cipher policy is configuring. | The error message returned because the TLS policy is being modified. |
400 | TLSCipherPolicyVipRelationOverLimit | The number of listeners associated with a policy has exceeded. | The error message returned because the number of TLS policies has reached the upper limit. |
400 | CertificateTypeMismatched | The certificate type does not match. | The error message returned because the type of the specified certificate is invalid. |
400 | MissingParam.ServerCertificates | Server certificates are required. | The error message returned because ServerCertificates is not set. |
400 | TooManyCertificates | The number of certificates must not be greater than one. | The error message returned because the number of certificates cannot exceed 1. |
400 | CnCertificateNotSupport | The cn certificate is not support. | The error message returned because ShangMi (SM) certificates are not supported. |
400 | InvalidParam.CertificateBindingType | The param CertificateBindingType is invalid. | The error message returned because CertificateBindingType is set to an invalid value. Specify a valid value and try again. |
400 | InvalidParamSize.ServerCertificates | The size of param ServerCertificates is invalid. | The error message returned because ServerCertificates is set to an invalid value. Specify a valid value and try again. |
400 | TooManyCertificates.ServerCertificates | The number of certificates must not be greater than one. | The error message returned because the number of certificates cannot exceed 1. |
400 | LbNotSupportTcpssl | You cannot create a TCP SSL type listener for the specified load balancer. | The error message returned because the specified instance does not allow you to create TCP SSL listeners. |
400 | LbSupportTcpsslOnly | The specified load balancer supports TCP SSL type listener only. | The error message returned because the specified instance allows you to create only TCP SSL listeners. |
400 | ListenerNotSupportRule | You cannot create a rule for the specified listener. | The error message returned because the specified listener does not allow you to create forwarding rules. |
400 | Mismatch.SlbSpecTypeAndListenerProtocol | The SlbSpecType and ListenerProtocol are mismatched. | The error message returned because the specified instance type and listener type do not match. |
For a list of error codes, visit the API Error Center.