All Products
Search

This Product

    Server Load Balancer:Manage NLB listeners

    Document Center

    Server Load Balancer:Manage NLB listeners

    Last Updated:Feb 23, 2024

    After you create a listener, you can modify, enable, disable, or delete the listener. You can also change the server group that is associated with the listener.

    Prerequisites

    A TCP or UDP listener, or a listener that uses SSL over TCP is created. For more information, see the following topics:

    Modify a listener

    1. Log on to the NLB console.

    2. In the top navigation bar, select the region where the Network Load Balancer (NLB) instance is deployed.

    3. On the Instances page, find the NLB instance that you want to manage and click its ID.

    4. On the Instance Details tab, click the Listener tab, find the listener that you want to modify, and then use one of the following methods to modify the basic information about the listener:

      • Click the ID of the listener. On the Listener Details tab, click Modify Listener in the Basic Information section.

      • Click View Details in the Actions column. On the Listener Details tab, click Modify Listener in the Basic Information section.

      • Choose 更多操作 > Modify Listener in the Actions column.

    5. In the Modify Listener dialog box, you can modify the name of the listener. You can also click Advanced Settings to modify the advanced settings. After you complete the configurations, click Save.

      If the listener has full-port listening enabled, you can modify the port range.

    Enable or disable a listener

    You can enable or disable a listener based on your business requirements. However, you cannot modify or delete a listener, or change the server group that is associated with a listener when the listener is in the Enabling or Disabling state.

    Warning

    After a listener is disabled, the listener stops forwarding requests. This may cause service interruptions. Proceed with caution.

    1. Log on to the NLB console.

    2. In the top navigation bar, select the region where the Network Load Balancer (NLB) instance is deployed.

    3. On the Instances page, find the NLB instance that you want to manage and click its ID.

    4. On the Instance Details tab, click the Listener tab, find the listener that you want to manage, and then use one of the following methods to enable or disable the listener:

      • Enable a listener

        • In the Actions column, click Enable. In the Enable message, click OK.

        • Click the ID of the listener. On the listener details page, click Enable in the upper-right corner.

      • Disable a listener

        • In the Actions column, click Disable. In the Disable message, click OK.

          Note

          To disable a TCP/SSL listener, choose 更多操作 > Disable in the Actions column. In the message that appears, click OK.

        • Click the ID of the listener. On the listener details page, click Disable in the upper-right corner.

    Delete a listener

    1. Log on to the NLB console.

    2. In the top navigation bar, select the region where the Network Load Balancer (NLB) instance is deployed.

    3. On the Instances page, find the NLB instance that you want to manage and click its ID.

    4. On the Instance Details tab, click the Listener tab, find the listener that you want to delete, and then choose 更多操作 > Delete in the Actions column.

    5. In the Delete message, click OK.

    Change the server group that is associated with a listener

    1. Log on to the NLB console.

    2. In the top navigation bar, select the region where the Network Load Balancer (NLB) instance is deployed.

    3. On the Instances page, find the NLB instance that you want to manage and click its ID.

    4. On the Listener tab, find the listener that you want to manage and use one of the following methods to associate the listener with another server group:

      • In the Actions column, choose 更多操作 > Change Server Group (Default Forwarding Rule).

      • Click the ID of the listener. On the Listener Details tab, click Change Server Group (Default Forwarding Rule) in the Server Group (Default Forwarding Rule) section.

        Note

        You can also click View/Modify Backend Server in the Server Group (Default Forwarding Rule) section to view, add, or remove the backend servers that are associated with the listener.

    5. In the Change Server Group (Default Forwarding Rule) dialog box, select a server group or click Create Server Group to create a server group. Then, click OK.

      For more information about how to create a server group, see Create and manage server groups.

    Manage certificates (available only for listeners that use SSL over TCP)

    1. Log on to the NLB console.

    2. In the top navigation bar, select the region where the Network Load Balancer (NLB) instance is deployed.

    3. On the Instances page, find the NLB instance that you want to manage and click its ID.

    4. On the Instance Details tab, click the Listener tab, find the listener that you want to manage, and then use one of the following methods to manage certificates:

      • In the Actions column, click Manage Certificates.

      • Click the ID of the listener. On the Listener Details tab, click Manage Certificates in the SSL Certificate section.

    5. On the Certificates tab, perform the following operations to manage certificates.

      Certificate type

      Operation

      Description

      Server certificate

      Change the default server certificate of a listener

      1. On the Server Certificates tab, find the certificate that you want to manage and click Change in the Actions column.

      2. In the dialog box that appears, select a server certificate and click OK.

        If no server certificate is available, click Create SSL Certificate in the drop-down list to go to the Certificate Management Service console. Then, you can purchase or upload a server certificate. For more information, see Purchase an SSL certificate and Upload a certificate.

      Add additional certificates

      You can add additional certificates to a listener. You can add up to 25 additional certificates to each NLB instance. You can add up to 15 additional certificates at a time.

      1. On the Server Certificates tab, click Add Additional Certificate.

      2. In the Add Additional Certificate dialog box, select one or more server certificates and click OK.

        If no server certificate is available, click Purchase Certificate in the upper-right corner to go to the Certificate Management Service console. Then, you can purchase or upload a server certificate. For more information, see Purchase an SSL certificate and Upload a certificate.

      Delete an additional certificate

      You can delete additional server certificates that you no longer use. After an additional server certificate is deleted, it can no longer be used for server authentication.

      1. On the Server Certificates tab, find the additional server certificate that you want to delete and click Delete in the Actions column.

      2. In the message that appears, click OK.

      CA certificate

      Enable mutual authentication

      1. Click the CA Certificates tab and turn on Mutual Authentication or click Enable Mutual Authentication.

        Note

        You can also enable mutual authentication in the SSL Certificate section of the Listener Details tab.

      2. In the dialog box that appears, set the Default CA Certificate parameter and click OK.

        If no CA certificate is available, click Purchase Certificate to create one. For more information, see Purchase and enable a private CA.

      Change a CA certificate

      1. Click the CA Certificates tab, find the certificate that you want to manage and click Change in the Actions column.

      2. In the dialog box that appears, set the Default CA Certificate parameter and click OK.

        If no CA certificate is available, click Purchase Certificate to create one. For more information, see Purchase and enable a private CA.

      Disable mutual authentication

      Click the CA Certificates tab and turn off Mutual Authentication. After you disable mutual authentication, the listener supports only one-way authentication.

    Modify a TLS policy (available only for listeners that use SSL over TCP)

    1. Log on to the NLB console.

    2. In the top navigation bar, select the region where the Network Load Balancer (NLB) instance is deployed.

    3. On the Instances page, find the NLB instance that you want to manage and click its ID.

    4. On the Instance Details tab, click the Listener tab. Then, click the ID of the listener that you want to manage or click View Details in the Actions column.

    5. On the Listener Details tab, click the 修改实例名 icon on the right side of the TLS Security Policies parameter in the SSL Certificate section.

    6. In the Modify TLS Security Policy dialog box, select a TLS security policy and click Save.

      If no TLS security policy is available, click Create TLS Security Policy to create one. For more information, see TLS security policies.

    References