CreateListener-阿里云帮助中心

Create a listener.

Operation description

The CreateListener operation is an asynchronous operation. A successful request returns a request ID, but the listener is created in the background. Call GetListenerAttribute to query the listener's creation status:

The Provisioning state indicates that the listener is being created.
The Running state indicates that the listener has been created successfully.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

alb:CreateListener

create

*LoadBalancer

acs:alb:{#regionId}:{#accountId}:loadbalancer/{#loadbalancerId}

*SecurityPolicy

acs:alb:{#regionId}:{#accountId}:securitypolicy/{#securitypolicyId}

*ServerGroup

acs:alb:{#regionId}:{#accountId}:servergroup/{#servergroupId}

alb:ListenerProtocol

None

Request parameters

Parameter	Type	Required	Description	Example
LoadBalancerId	string	Yes	The ID of the Application Load Balancer (ALB) instance.	alb-n5qw04uq8vavfe****
ClientToken	string	No	A client-generated token that is used to ensure the idempotency of the request. The token must be unique across different requests and can contain only ASCII characters. Note If you do not specify this parameter, the system automatically uses the RequestId of the API request as the ClientToken. The RequestId is unique for each API request.	123e4567-e89b-12d3-a456-426655440000
DryRun	boolean	No	Specifies whether to perform a dry run. Valid values: true: Performs a dry run to check the request for potential issues, including required parameters, request format, and service limits. The listener is not created. If the request fails the check, the system returns an error. If the request passes the check, the system returns the `DryRunOperation` error code. false (default): Sends the request. If the request passes the check, the system performs the operation and returns an HTTP 2xx status code.	false
ListenerProtocol	string	Yes	The listener protocol. Valid values: HTTP, HTTPS, and QUIC.	HTTP
ListenerPort	integer	Yes	The frontend port used by the listener. Valid values: 1 to 65535.	80
ListenerDescription	string	No	A custom name for the listener. The name must be 2 to 256 characters long and can contain letters, digits, hyphens (-), forward slashes (/), periods (.), underscores (_), and Chinese characters.	HTTP_80
RequestTimeout	integer	No	The request timeout in seconds. Valid values: 1 to 600. Default value: 60. If a backend server does not respond within the timeout period, the load balancer returns an `HTTP 504` error to the client. Note You can request a quota increase to a maximum of 3,600 seconds.	60
IdleTimeout	integer	No	The idle timeout in seconds. Valid values: 1 to 600. Default value: 15. If no requests are received on a connection within the idle timeout, the load balancer closes the connection. A new connection is established for the next request. Note You can request a quota increase to a maximum of 3,600 seconds.	3
GzipEnabled	boolean	No	Specifies whether to enable `Gzip` compression to compress specific types of files. Valid values: true (default): Enables Gzip compression. false: Disables Gzip compression.	true
Http2Enabled	boolean	No	Specifies whether to enable `HTTP/2`. Valid values: true (default): Enables HTTP/2. false: Disables HTTP/2. Note This parameter is available only for HTTPS listeners.	true
SecurityPolicyId	string	No	The ID of the security policy. Both system and custom security policies are supported. Default value: tls_cipher_policy_1_0 (a system security policy). Note This parameter is available only for HTTPS listeners.	tls_cipher_policy_1_0
CaEnabled	boolean	No	Specifies whether to enable mutual authentication. Valid values: true: Enables mutual authentication. false (default): Disables mutual authentication.	false
XForwardedForConfig	object	No	The configuration of `X-Forwarded-*` headers.
XForwardedForClientCertClientVerifyAlias	string	No	The name of the custom header. This parameter takes effect only when XForwardedForClientCertClientVerifyEnabled is set to true. The name must be 1 to 40 characters long and can contain lowercase letters, digits, hyphens (-), and underscores (_). Note This parameter is available only for HTTPS listeners.	test_client-verify-alias_123456
XForwardedForClientCertClientVerifyEnabled	boolean	No	Specifies whether to use the `X-Forwarded-Client-Cert-Client-Verify` header to retrieve the client certificate's verification result. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available only for HTTPS listeners.	true
XForwardedForClientCertFingerprintAlias	string	No	The name of the custom header. This parameter takes effect only when XForwardedForClientCertFingerprintEnabled is set to true. The name must be 1 to 40 characters long and can contain lowercase letters, digits, hyphens (-), and underscores (_). Note This parameter is available only for HTTPS listeners.	test_finger-print-alias_123456
XForwardedForClientCertFingerprintEnabled	boolean	No	Specifies whether to use the `X-Forwarded-Client-Cert-Fingerprint` header to retrieve the fingerprint of the client certificate. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available only for HTTPS listeners.	true
XForwardedForClientCertIssuerDNAlias	string	No	The name of the custom header. This parameter takes effect only when XForwardedForClientCertIssuerDNEnabled is set to true. The name must be 1 to 40 characters long and can contain lowercase letters, digits, hyphens (-), and underscores (_). Note This parameter is available only for HTTPS listeners.	test_issue-dn-alias_123456
XForwardedForClientCertIssuerDNEnabled	boolean	No	Specifies whether to use the `X-Forwarded-Client-Cert-Issuer-DN` header to retrieve information about the issuer of the client certificate. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available only for HTTPS listeners.	true
XForwardedForClientCertSubjectDNAlias	string	No	The name of the custom header. This parameter takes effect only when XForwardedForClientCertSubjectDNEnabled is set to true. The name must be 1 to 40 characters long and can contain lowercase letters, digits, hyphens (-), and underscores (_). Note This parameter is available only for HTTPS listeners.	test_subject-dn-alias_123456
XForwardedForClientCertSubjectDNEnabled	boolean	No	Specifies whether to use the `X-Forwarded-Client-Cert-Subject-DN` header to retrieve information about the owner of the client certificate. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available only for HTTPS listeners.	true
XForwardedForClientSrcPortEnabled	boolean	No	Specifies whether to use the `X-Forwarded-Client-Srcport` header to retrieve the source port of the client. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available for HTTP and HTTPS listeners.	true
XForwardedForEnabled	boolean	No	Specifies whether to use the `X-Forwarded-For` header to retrieve the client IP address. Valid values: true (default): Enables this feature. false: Disables this feature. Note If you set this parameter to true, the default value of XForwardedForProcessingMode is append. You can change the value to remove. If you set this parameter to false, ALB retains the `X-Forwarded-For` header and does not perform additional processing before sending the request to a backend server. This parameter is available for HTTP and HTTPS listeners.	true
XForwardedForProcessingMode	string	No	The mode used to process the `X-Forwarded-For` header. This parameter takes effect only when XForwardedForEnabled is set to true. Valid values: append (default): Appends the IP address of the last hop to the `X-Forwarded-For` header. remove: Deletes the `X-Forwarded-For` header. Note If you set the value to append, ALB adds the IP address of the last hop to the `X-Forwarded-For` header before sending a request to a backend server. If you set the value to remove, ALB deletes the `X-Forwarded-For` header before sending a request to a backend server, regardless of whether the request contains an `X-Forwarded-For` header. This parameter is available for HTTP and HTTPS listeners.	append
XForwardedForProtoEnabled	boolean	No	Specifies whether to use the `X-Forwarded-Proto` header to retrieve the listener protocol of the ALB instance. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available for HTTP, HTTPS, and QUIC listeners.	false
XForwardedForSLBIdEnabled	boolean	No	Specifies whether to use the `SLB-ID` header to retrieve the ID of the ALB instance. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available for HTTP, HTTPS, and QUIC listeners.	false
XForwardedForSLBPortEnabled	boolean	No	Specifies whether to use the `X-Forwarded-Port` header to retrieve the listener port of the ALB instance. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available for HTTP, HTTPS, and QUIC listeners.	false
XForwardedForClientSourceIpsEnabled	boolean	No	Specifies whether to allow ALB to retrieve the client IP address from the X-Forwarded-For header. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available for HTTP and HTTPS listeners.	false
XForwardedForClientSourceIpsTrusted	string	No	Specifies the trusted proxy IP addresses. ALB traverses the `X-Forwarded-For` header from right to left, selecting the first IP address not in this trusted list as the client IP address. This IP is then used for features such as source IP-based throttling.	10.1.1.0/24
XForwardedForHostEnabled	boolean	No	Specifies whether to use the `X-Forwarded-Host` header to retrieve the domain name that is used to access the ALB instance. Valid values: true: Enables this feature. false (default): Disables this feature. Note This parameter is available for HTTP, HTTPS, and QUIC listeners.	false
QuicConfig	object	No	The configuration of the associated QUIC listener.
QuicListenerId	string	No	The ID of the QUIC listener to associate with the listener. This parameter is required for HTTPS listeners when QuicUpgradeEnabled is set to true. Note The HTTPS listener and the associated QUIC listener must belong to the same ALB instance, and the QUIC listener must not be already associated with another listener.	lsn-o4u54y73wq7b******
QuicUpgradeEnabled	boolean	No	Specifies whether to enable QUIC upgrade. Valid values: true: Enables QUIC upgrade. false (default): Disables QUIC upgrade. Note This parameter is available only for HTTPS listeners.	false
Certificates	array<object>	No	A list of server certificates.
	object	No	The certificate.
CertificateId	string	No	The ID of the default server certificate. Only one default server certificate is supported. Note This parameter is required if ListenerProtocol is set to HTTPS or QUIC. To associate additional certificates, call the AssociateAdditionalCertificatesWithListener operation after the listener is created.	103705*******
CaCertificates	array<object>	No	A list of CA certificates for the listener. Only one CA certificate is supported.
	object	No	The CA certificate.
CertificateId	string	No	The ID of the CA certificate. Note This parameter is required if CaEnabled is set to true.	123157*******
DefaultActions	array<object>	Yes	The default actions for the listener.
	array<object>	Yes	The list of default actions.
ForwardGroupConfig	object	Yes	The configuration of the forward action. You can specify up to 20 forward actions.
ServerGroupTuples	array<object>	Yes	The destination server groups.
	object	Yes	The destination server groups.
ServerGroupId	string	Yes	The ID of the destination server group.	sgp-8ilqs4axp6******
Type	string	Yes	The type of action. Set this to ForwardGroup to forward requests to one or more server groups.	ForwardGroup
Tag	array<object>	No	A list of tags to add to the listener.
	object	No	The tag.
Key	string	No	The tag key. The key can be up to 128 characters long and cannot start with `aliyun` or `acs:`, or contain `http://` or `https://`.	env
Value	string	No	The tag value. The value can be up to 128 characters long and cannot start with `aliyun` or `acs:`, or contain `http://` or `https://`.	product

Response elements

Element	Type	Description	Example
	object	Details of the created listener
JobId	string	Asynchronous task ID	72dcd26b-f12d-4c27-b3af-18f6aed5****
ListenerId	string	Listener ID	lsn-o4u54y73wq7b******
RequestId	string	Request ID	CEF72CEB-54B6-4AE8-B225-F876*******

Examples

Success response

JSON format

{
  "JobId": "72dcd26b-f12d-4c27-b3af-18f6aed5****",
  "ListenerId": "lsn-o4u54y73wq7b******",
  "RequestId": "CEF72CEB-54B6-4AE8-B225-F876*******"
}

Error codes

HTTP status code	Error code	Error message	Description
400	ResourceAlreadyExist.Listener	The specified resource %s is already exist.
400	IncorrectStatus.LoadBalancer	The status of %s [%s] is incorrect.
400	IncorrectBusinessStatus.LoadBalancer	The business status of %s [%s] is incorrect.	The business status of %s [%s] is incorrect.
400	ResourceQuotaExceeded.LoadBalancerListenersNum	The quota of %s is exceeded for resource %s, usage %s/%s.	The quota of %s is exceeded for resource %s, usage %s/%s.
400	OperationDenied.CrossLoadBalancerQUICListener	The operation is not allowed because of %s.	The operation is not allowed because of %s.
400	ResourceAlreadyAssociated.Listener	The specified resource %s is already associated.	The specified resource %s is already associated.
400	ResourceQuotaExceeded.SecurityPolicyAttachedNum	The quota of %s is exceeded for resource %s, usage %s/%s.	The quota of %s is exceeded for resource %s. Usage: %s/%s.
400	ResourceQuotaExceeded.ServerGroupAttachedNum	The quota of %s is exceeded for resource %s, usage %s/%s.
400	ResourceQuotaExceeded.LoadBalancerServersNum	The quota of %s is exceeded for resource %s, usage %s/%s.
400	ResourceQuotaExceeded.ServerAddedNum	The quota of %s is exceeded for resource %s, usage %s/%s.
400	Mismatch.VpcId	The %s is mismatched for %s and %s.	The %s is mismatched for %s and %s.
400	OperationDenied.ServerGroupProtocolNotSupport	The operation is not allowed because of ServerGroupProtocolNotSupport.	The operation is not allowed because the server group protocol is not supported.
400	OperationDenied.GRPCServerGroup	The operation is not allowed because of %s.
400	Mismatch.LoadBalancerEditionAndConnectionDrain	The %s and %s are mismatched.	The %s and %s are mismatched.
400	Mismatch.LoadBalancerEditionAndSlowStartEnable	The %s and %s are mismatched.	The %s and %s are mismatched.
400	InvalidParameter	Invalid parameter, please check the parameter input.	Invalid parameter, please check the parameter input.
400	OperationDenied.CACertificateCorrupted	The CA certificate is corrupted.	CA certificate is corrupted
403	Forbidden.SecurityPolicy	Authentication has failed for SecurityPolicy.
403	Forbidden.LoadBalancer	Authentication is failed for %s.	Authentication is failed for %s.
403	Forbidden.Listener	Authentication is failed for %s.	Authentication is failed for %s.
404	ResourceNotFound.LoadBalancer	The specified resource %s is not found.	The specified resource %s is not found.
404	ResourceNotFound.ServerGroup	The specified resource %s is not found.
404	ResourceNotFound.SecurityPolicy	The specified resource %s is not found.	The specified resource %s is not found.
404	ResourceNotFound.Listener	The specified resource %s is not found.
404	ResourceNotFound.Certificate	The specified resource %s is not found.	The specified resource %s is not found.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.