After creating a listener, you can modify, start, stop, or delete it, and change its server group.
Prerequisites
You have created a TCP, UDP, or TCP/SSL listener. For more information, see the following topics:
Modify a listener
Log on to the NLB console.
-
In the top menu bar, select the region of the NLB instance.
-
On the Instances page, find the target NLB instance, and click the instance ID.
-
On the Instance Details tab, click the Listener tab. Find the target listener and use one of the following methods to modify its basic information:
-
Click the listener ID. On the Listener Details tab, in the Basic Information section, click Modify Listener.
-
In the Actions column, click View Details. Then, on the Listener Details tab, in the Basic Information section, click Modify Listener.
-
In the Actions column, choose
> Modify Listener.
-
-
In the Modify Listener dialog box, you can modify the listener name and settings in the Advanced Settings section. Then, click Save.
If full-port listening is enabled for the listener, you can modify the listener port range.
Start or stop a listener
You can start or stop a listener. While a listener is in the Starting or Stopping state, you cannot modify it, delete it, or change its server group.
Stopping a listener interrupts service. Proceed with caution.
Log on to the NLB console.
-
In the top menu bar, select the region of the NLB instance.
-
On the Instances page, find the target NLB instance and click the instance ID.
-
On the Instance Details tab, click the Listener tab. Find the target listener and use one of the following methods to start or stop it.
-
Start a listener
-
In the Actions column, click Enable. In the Enable dialog box that appears, click OK.
-
Click the listener ID. On the listener details page, click Enable in the upper-right corner.
-
-
Stop a listener
-
In the Actions column, click Disable. In the Disable dialog box that appears, click OK.
NoteFor a TCP/SSL listener, you must choose
> Disable in the Actions column. Then, in the dialog box that appears, click OK. -
Click the listener ID. On the listener details page, click Disable in the upper-right corner.
-
-
Delete a listener
Log on to the NLB console.
-
In the top menu bar, select the region of the NLB instance.
-
On the Instances page, find the target NLB instance and click the instance ID.
-
On the Instance Details tab, click the Listener tab. Find the target listener, and then in the Actions column, choose
> Delete. -
In the Delete dialog box, click OK.
Change the server group
Log on to the NLB console.
-
In the top menu bar, select the region of the NLB instance.
-
On the Instances page, find the target NLB instance, and click the instance ID.
-
Click the Listener tab. Find the target listener and use one of the following methods to change the server group:
-
In the Actions column, choose
> Change Server Group (Default Forwarding Rule). -
Click the listener ID. On the Listener Details tab, in the Server Group (Default Forwarding Rule) section, click Change Server Group (Default Forwarding Rule).
NoteYou can also click View/Modify Backend Server in the Server Group (Default Forwarding Rule) section to view, add, or remove backend servers associated with the listener.
-
-
In the Change Server Group (Default Forwarding Rule) dialog box, select a server group or click Create Server Group to create a new one. Then, click OK.
For more information about how to create a server group, see NLB server groups.
Manage certificates (for TCP/SSL listeners only)
Log on to the NLB console.
-
In the top menu bar, select the region of the NLB instance.
-
On the Instances page, find the target NLB instance, and click the instance ID.
-
On the Instance Details tab, click the Listener tab. Find the target TCP/SSL listener and use one of the following methods to manage its certificates:
-
In the Actions column, click Manage Certificates.
-
Click the listener ID. On the Listener Details tab, in the SSL Certificate section, click Manage Certificates.
-
-
On the Certificates tab, manage certificates as described in the following table.
Type
Actions
Description
Server certificate
Change the default server certificate
-
On the Server Certificates tab, find the target certificate and click Change.
-
Select a server certificate and click OK.
If no server certificates are available, click Create SSL Certificate in the certificate drop-down list to go to the Certificate Management Service console. In the console, you can purchase a commercial certificate or upload, sync, and share SSL certificates.
Add an additional certificate
You can add additional certificates to the listener. Each instance supports up to 25 additional certificates, and you can add up to 15 at a time.
-
On the Server Certificates tab, click Add Additional Certificate.
-
In the Add Additional Certificate dialog box, select one or more server certificates and click OK.
If no server certificates are available, click Purchase Certificate in the upper-right corner to go to the Certificate Management Service console. In the console, you can purchase a commercial certificate or upload, sync, and share SSL certificates.
Delete an additional certificate
You can delete unneeded additional server certificates. After a certificate is deleted, it is no longer used to authenticate backend servers.
-
On the Server Certificates tab, find the target additional certificate and click Delete in the Actions column.
-
In the dialog box that appears, click OK.
CA certificate
Enable mutual authentication
-
Click the CA Certificates tab and turn on the Mutual Authentication switch, or click Enable Mutual Authentication.
Note
You can also enable mutual authentication in the SSL Certificate section on the Listener Details tab.
-
In the dialog box that appears, set the Default CA Certificate parameters, and then click OK.
Change a CA certificate
-
Click the CA Certificates tab. Find the target certificate, and in the Actions column, click Replace.
-
In the dialog box that appears, set the Default CA Certificate parameters, and then click OK.
Disable mutual authentication
Click the CA Certificates tab and turn off the mutual authentication switch. This reverts the listener to one-way authentication.
-
Modify a TLS security policy (for TCP/SSL listeners only)
Log on to the NLB console.
-
In the top menu bar, select the region of the NLB instance.
-
On the Instances page, find the target NLB instance, and click the instance ID.
-
On the Instance Details tab, click the Listener tab. Find the target TCP/SSL listener, and click the listener ID or click View Details in the Actions column.
-
On the Listener Details tab, find the SSL Certificate section and click the
icon next to TLS Security Policy. -
In the Modify TLS Security Policy dialog box, select a TLS security policy and click Save.
If no TLS security policies are available, click Create TLS Security Policy in the drop-down list. For more information, see TLS security policies.
Related APIs
-
StartListener: Starts a listener for an NLB instance.
-
StopListener: Stops a listener for an NLB instance.
-
DeleteListener: Deletes a listener for an NLB instance.
-
UpdateListenerAttribute: Updates the attributes of a listener for an NLB instance.
-
AssociateAdditionalCertificatesWithListener: Associates additional certificates with a TCP/SSL listener for an NLB instance.
-
DisassociateAdditionalCertificatesWithListener: Disassociates additional certificates from a TCP/SSL listener for an NLB instance.