All Products
Search

This Product

    Server Load Balancer:Manage listeners

    Document Center

    Server Load Balancer:Manage listeners

    Last Updated:Apr 09, 2024

    This topic describes how to modify, enable, disable, and delete a listener, and change the server group associated with a listener.

    Prerequisites

    Modify a listener

    1. Log on to the ALB console.

    2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

    3. On the Instances page, click the ID of the ALB instance that you want to manage.

    4. Click the Listener tab, find the listener that you want to manage, and then use one of the following methods to modify the basic information about the listener:

      • Click the ID of the listener. On the Listener Details tab, click Modify Listener in the Basic Information section.

      • Click View Details in the Actions column. On the Listener Details tab, click Modify Listener in the Basic Information section.

      • Choose 更多操作 > Modify Listener in the Actions column.

    5. In the Modify Listener dialog box, change the name of the listener or click Modify next to Advanced Settings to modify advanced settings. Then, click Save.

    Enable or disable a listener

    You can enable or disable a listener based on your business requirements. However, you cannot modify or delete a listener, or change the server group that is associated with a listener when the listener is being configured.

    Warning

    After a listener is disabled, the listener stops forwarding requests. This may cause service interruptions. Proceed with caution.

    1. Log on to the ALB console.

    2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

    3. On the Instances page, click the ID of the ALB instance that you want to manage.

    4. Click the Listener tab, find the listener that you want to manage and use one of the following methods to enable or disable the listener:

      • Enable a listener

        • Choose 更多操作 > Enable in the Actions column. In the message that appears, click OK.

          Note

          If you want to enable an HTTP listener, click Enable in the Actions column, and click OK in the message that appears.

        • Click the ID of the listener that you want to enable. In the upper-right corner of the Listener Details tab, click Start.

      • Disable a listener

        • Choose 更多操作 > Disable in the Actions column. In the message that appears, click OK.

        • Click the ID of the listener that you want to disable. In the upper-right corner of the Listener Details tab, click Stop.

    Delete a listener

    1. Log on to the ALB console.

    2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

    3. On the Instances page, click the ID of the ALB instance that you want to manage.

    4. Click the Listener tab, find the listener that you want to delete, and then choose 更多操作 > Delete in the Actions column.

    5. In the message that appears, click OK.

    Associate a listener with another server group

    1. Log on to the ALB console.

    2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

    3. On the Instances page, click the ID of the ALB instance that you want to manage.

    4. Click the Listener tab, find the listener that you want to manage, and then use one of the following methods to replace the server group that is associated with the listener:

      • In the Actions column, choose 更多操作 > Change Server Group (Listener Default Forwarding).

      • Click the ID of the listener. On the Listener Details tab, click Change Server Group (Default Forwarding Rule) in the Server Group (Default Forwarding Rule) section.

    5. In the dialog box that appears, select a server group or click Create Server Group to create a server group. Then, click OK. For more information about how to create a server group, see Create a server group.

    Manage Managed Service for OpenTelemetry

    Usage notes

    • Only standard and WAF-enabled ALB instances support Managed Service for OpenTelemetry. Basic ALB instances do not support Managed Service for OpenTelemetry.

    • After you turn on tracing, Managed Service for OpenTelemetry and Simple Log Service are automatically activated. You are charged for data reports, trace storage, and Simple Log Service. For more information, see Billing overview and Billable items of pay-by-feature.

    • The following table describes the regions in which Managed Service for OpenTelemetry is supported.

      Area

      Region

      China

      China (Hangzhou), China (Shanghai), China (Shenzhen), China (Chengdu), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Hong Kong), China (Guangzhou), and China (Heyuan)

      Asia Pacific

      Singapore, Malaysia (Kuala Lumpur), Japan (Tokyo), and Indonesia (Jakarta)

      Europe and Americas

      UK (London), Germany (Frankfurt), US (Virginia), and US (Silicon Valley)

    • Notes on disabling Managed Service for OpenTelemetry:

      • After you disable Managed Service for OpenTelemetry for your ALB instance, Simple Log Service remains enabled. If you no long use Simple Log Service, manually disable it.

      • If you are using Managed Service for OpenTelemetry, disabling Simple Log Service causes service unavailability. Proceed with caution.

      • After you disable Managed Service for OpenTelemetry for all listeners of your ALB instance, ALB no longer delivers trace data to Managed Service for OpenTelemetry.

    Enable Managed Service for OpenTelemetry

    1. Log on to the ALB console.

    2. In the top navigation bar, select the region where the ALB instance resides.

    3. On the Instances page, click the ID of the ALB instance that you want to manage.

    4. On the Listener tab, click the ID of the listener that you want to manage.

    5. In the Tracing section of the Listener Details tab, turn on Tracing.

    6. In the Enable Tracing dialog box, configure the parameters and click Save. The following table describes the parameters.

      Parameter

      Description

      Activate Service

      Note

      If Managed Service for OpenTelemetry is activated in your Alibaba Cloud account, skip this step.

      Activate Managed Service for OpenTelemetry

      Select the Terms of Service and activate Activate Managed Service for OpenTelemetry.

      Create Access Log

      Note

      If an access log exists, skip this step.

      Project

      Select the Simple Log Service project that you want to use to isolate and manage resources.

      • Select Project: Select an existing project from the drop-down list.

      • Create Project: Enter a project name in the field.

      Logstore

      Select the Logstore that you want to use to collect, store, and query log data in Simple Log Service.

      • Select Logstore: Select an existing Logstore from the drop-down list.

      • Create Logstore: Enter a Logstore name in the field. If you select Create Project, select Create Logstore.

      Configure Tracing

      Tracing Type

      Select a type of tracing.

      The default value is Xtrace, which specifies Managed Service for OpenTelemetry is activated and enables tracing.

      Sampling Rate

      Valid values: 1 to 100. Default value: 100.

      Adjust the sampling rate to specify the number of traces that you want to report.

      Notes on Creating Service-linked Role

      When you perform this operation, the system automatically creates service-linked roles. ALB assumes the roles to implement features.

    7. Optional. In the Task Enabled dialog box, wait until the status of all tasks changes to Successful, and click Close.

    What to do next

    Procedure

    1. Log on to the ALB console.

    2. In the top navigation bar, select the region where the ALB instance resides.

    3. On the Instances page, click the ID of the ALB instance that you want to manage.

    4. On the Listener tab, click the ID of the listener that you want to manage. You can perform the following operations based on your business requirements.

    Operation

    Procedure

    Modify Managed Service for OpenTelemetry

    1. In the Tracing section of the Listener Details tab, click Edit Tracing Settings.

    2. In the Edit Tracing Settings dialog box, modify the sampling rate based on your business requirements and click Save.

    Disable Managed Service for OpenTelemetry

    1. In the Tracing section of the Listener Details tab, turn off Tracing.

    2. In the Disable Tracing message, click OK.

    View traces

    In the Tracing section of the Listener Details tab, click View to the right of Trace Analysis to go to the Managed Service for OpenTelemetry console and view traces.

    For more information, see Analyze traces.

    Manage certificates

    Limits

    • Basic ALB instances do not support mutual authentication.

    • QUIC listeners do not support mutual authentication.

    • HTTP listeners do not support one-way authentication or mutual authentication.

    Procedure

    1. Log on to the ALB console.

    2. In the top navigation bar, select the region where the ALB instance is deployed.

    3. On the Instances page, click the ID of the ALB instance that you want to manage.

    4. On the Listener tab, find the listener that you want to manage and click Manage Certificates in the Actions column.

    5. On the Certificates tab, you can perform the following operations based on your business requirements.

      Note

      We recommend that you renew your certificate before it expires to prevent adverse impact on your services.

      Certificate type

      Operation

      Procedure

      Server certificate

      Replace the default server certificate

      1. On the Server Certificates tab, find the default server certificate and click Change in the Actions column.

      2. In the dialog box that appears, select a server certificate and click OK.

        If no server certificate is available, click Create SSL Certificate in the drop-down list to go to the Certificate Management Service console. Then, you can purchase or upload a server certificate. For more information, see Purchase an SSL certificate and Upload an SSL certificate.

      Add an additional server certificate

      You can add an additional server certificate to a listener.

      1. On the Server Certificates tab, click Add EV Certificate.

      2. In the Add Additional Certificate dialog box, select a server certificate and click OK.

        If no server certificate is available, you can click Purchase Certificate in the upper-right corner to go to the Certificate Management Service console. Then, you can purchase or upload a server certificate. For more information, see Purchase an SSL certificate and Upload an SSL certificate.

      Delete an additional server certificate

      You can delete additional server certificates that you no longer use. After an additional server certificate is deleted, it can no longer be used for server authentication.

      1. On the Server Certificates tab, find the server certificate that you want to delete and click Delete in the Actions column.

      2. In the message that appears, click OK.

      CA certificate

      Enable or disable mutual authentication

      • Enable mutual authentication: If this is the first time that you enable mutual authentication, perform the following steps:

        1. Click the CA Certificates tab, and turn on Mutual Authentication or click Enable Mutual Authentication.

        2. In the Enable Mutual Authentication dialog box, select Alibaba Cloud as the source of the CA certificate, select a CA certificate from the Default CA Certificate drop-down list, and then click OK.

          If no CA certificate is available, click Purchase CA Certificate to create one. For more information, see Purchase and enable a private CA.

      • Disable mutual authentication: If mutual authentication is enabled for a listener, click the CA Certificates tab and turn off Mutual Authentication. After mutual authentication is disabled, only one-way authentication is supported.

      Replace a CA certificate

      1. Click the CA Certificates tab, find the default CA certificate and click Change in the Actions column.

      2. In the Change Default CA Certificate dialog box, select Alibaba Cloud as the source of the CA certificate, select a CA certificate from the Default CA Certificate drop-down list, and then click OK.

        If no CA certificate is available, click Purchase CA Certificate to create one. For more information, see Purchase and enable a private CA.

    Modify TLS security policies (supported only by HTTPS listeners)

    1. Log on to the ALB console.

    2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

    3. On the Instances page, click the ID of the ALB instance that you want to manage.

    4. On the Instance Details page, click the Listener tab, find the HTTPS listener that you want to manage, and then click the listener ID or click View Details in the Actions column.

    5. On the Listener Details tab, click the 修改实例名 icon on the right side of the TLS Security Policies parameter in the SSL Certificate section.

    6. In the Modify TLS Security Policy dialog box, select a TLS security policy and click Save.

      If no TLS security policy is available, click Create TLS Security Policy to create one. For more information, see TLS security policies.

    References