All Products
Search
Document Center

Server Load Balancer:Manage listeners

Last Updated:Sep 14, 2023

After you create a listener, you can modify, enable, disable, or delete the listener. You can also change the server group that is associated with the listener.

Prerequisites

Modify a listener

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

  3. On the Instances page, find the ALB instance and click its ID.

  4. Click the Listener tab, find the listener that you want to manage, and then use one of the following methods to modify the basic information about the listener:

    • Click the ID of the listener. On the Listener Details tab, click Modify Listener in the Basic Information section.

    • Click View Details in the Actions column. On the Listener Details tab, click Modify Listener in the Basic Information section.

    • Choose 更多操作 > Modify Listener in the Actions column.

  5. In the Modify Listener dialog box, change the name of the listener or click Modify next to Advanced Settings to modify advanced settings. Then, click Save.

Enable or disable a listener

You can enable or disable a listener based on your business requirements. However, you cannot modify or delete a listener, or change the server group that is associated with a listener when the listener is being configured.

Warning

After a listener is disabled, the listener stops forwarding requests. This may cause service interruptions. Proceed with caution.

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

  3. On the Instances page, find the ALB instance and click its ID.

  4. Click the Listener tab, find the listener that you want to manage and use one of the following methods to enable or disable the listener:

    • Enable a listener

      • Choose 更多操作 > Enable in the Actions column. In the message that appears, click OK.

        Note

        If you want to enable an HTTP listener, click Enable in the Actions column, and click OK in the message that appears.

      • Click the ID of the listener that you want to enable. In the upper-right corner of the Listener Details tab, click Start.

    • Disable a listener

      • Choose 更多操作 > Disable in the Actions column. In the message that appears, click OK.

      • Click the ID of the listener that you want to disable. In the upper-right corner of the Listener Details tab, click Stop.

Delete a listener

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

  3. On the Instances page, find the ALB instance and click its ID.

  4. Click the Listener tab, find the listener that you want to delete, and then choose 更多操作 > Delete in the Actions column.

  5. In the message that appears, click OK.

Associate a listener with another server group

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

  3. On the Instances page, find the ALB instance and click its ID.

  4. Click the Listener tab, find the listener that you want to manage, and then use one of the following methods to replace the server group that is associated with the listener:

    • In the Actions column, choose 更多操作 > Change Server Group (Listener Default Forwarding).

    • Click the ID of the listener. On the Listener Details tab, click Change Server Group (Default Forwarding Rule) in the Server Group (Default Forwarding Rule) section.

  5. In the dialog box that appears, select a server group or click Create Server Group to create a server group. Then, click OK. For more information about how to create a server group, see Create a server group.

Manage certificates

Limits

  • Basic ALB instances do not support mutual authentication.

  • QUIC listeners do not support mutual authentication.

  • HTTP listeners do not support one-way authentication or mutual authentication.

Procedure

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance is deployed.

  3. On the Instances page, click the ID of the ALB instance that you want to manage.

  4. On the Listener tab, find the listener that you want to manage and click Manage Certificates in the Actions column.

  5. On the Certificates tab, you can perform the following operations based on your business requirements.

    Note

    To prevent service interruptions, we recommend that you replace your certificates before they expire.

    Certificate type

    Operation

    Description

    Server certificate

    Replace the default server certificate

    1. On the Server Certificates tab, find the default server certificate and click Change in the Actions column.

    2. In the dialog box that appears, select a server certificate and click OK.

      If no server certificate is available, click Create SSL Certificate in the drop-down list to go to the Certificate Management Service console. Then, you can purchase or upload a server certificate. For more information, see Purchase an SSL certificate and Upload an SSL certificate.

    Add an additional server certificate

    You can add an additional server certificate to a listener.

    1. On the Server Certificates tab, click Add EV Certificate.

    2. In the Add Additional Certificate dialog box, select a server certificate and click OK.

      If no server certificate is available, you can click Purchase Certificate in the upper-right corner to go to the Certificate Management Service console. Then, you can purchase or upload a server certificate. For more information, see Purchase an SSL certificate and Upload an SSL certificate.

    Delete an additional server certificate

    You can delete additional server certificates that you no longer use. After an additional server certificate is deleted, it can no longer be used for server authentication.

    1. On the Server Certificates tab, find the server certificate that you want to delete and click Delete in the Actions column.

    2. In the message that appears, click OK.

    CA certificate

    Enable or disable mutual authentication

    • Enable mutual authentication: If this is the first time that you enable mutual authentication, perform the following steps:

      1. Click the CA Certificates tab, and turn on Mutual Authentication or click Enable Mutual Authentication.

      2. In the Enable Mutual Authentication dialog box, select Alibaba Cloud as the source of the CA certificate, select a CA certificate from the Default CA Certificate drop-down list, and then click OK.

        If no CA certificate is available, click Purchase CA Certificate to create a CA certificate. For more information, see Purchase and enable a private CA.

    • Disable mutual authentication: If mutual authentication is enabled for a listener, click the CA Certificates tab and turn off Mutual Authentication. After mutual authentication is disabled, only one-way authentication is supported.

    Replace a CA certificate

    1. Click the CA Certificates tab, find the default CA certificate and click Change in the Actions column.

    2. In the Change Default CA Certificate dialog box, select Alibaba Cloud as the source of the CA certificate, select a CA certificate from the Default CA Certificate drop-down list, and then click OK.

      If no CA certificate is available, click Purchase CA Certificate to create a CA certificate. For more information, see Purchase and enable a private CA.

Modify TLS security policies (supported only by HTTPS listeners)

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance that you want to manage is deployed.

  3. On the Instances page, find the ALB instance and click its ID.

  4. On the Instance Details page, click the Listener tab, find the HTTPS listener that you want to manage, and then click the listener ID or click View Details in the Actions column.

  5. On the Listener Details tab, click the 修改实例名 icon on the right side of the TLS Security Policies parameter in the SSL Certificate section.

  6. In the Modify TLS Security Policy dialog box, select a TLS security policy and click Save.

    If no TLS security policy is available, click Create TLS Security Policy to create one. For more information, see TLS security policies.

References