SetLoadBalancerHTTPSListenerAttribute

更新时间:
复制 MD 格式

Configure the HTTPS listener

Operation description

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

slb:SetLoadBalancerHTTPSListenerAttribute

update

acl

acs:slb:{#regionId}:{#accountId}:acl/{#aclId}

*certificate

acs:slb:{#regionId}:{#accountId}:certificate/{#certificateId}

*loadbalancer

acs:slb:{#regionId}:{#accountId}:loadbalancer/{#loadbalancerId}

  • slb:tag
  • slb:tag
  • slb:tag
None

Request parameters

Parameter

Type

Required

Description

Example

RegionId

string

No

The region ID of the Classic Load Balancer instance.

You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou

LoadBalancerId

string

Yes

The ID of the Classic Load Balancer instance.

lb-sjhfdji****

ListenerPort

integer

Yes

The frontend port used by the Classic Load Balancer instance.

Valid values: 1 to 65535.

80

Bandwidth

integer

No

The peak bandwidth of the listener. Unit: Mbit/s.

Valid values:

  • -1: The peak bandwidth is not limited.

  • 1 to 5120: The peak bandwidth of the listener. The sum of the peak bandwidths of all listeners on the instance cannot exceed the peak bandwidth of the instance.

-1

XForwardedFor

string

No

Specifies whether to use the X-Forwarded-For header to retrieve the real IP addresses of clients. Valid values:

  • on

  • off

on

Scheduler

string

No

The scheduling algorithm. Valid values:

  • wrr: Weighted round-robin. Backend servers with higher weights receive a larger proportion of requests.

  • rr: Round-robin. Requests are distributed to backend servers in sequence.

wrr

StickySession

string

No

Specifies whether to enable sticky sessions. Valid values:

  • on

  • off

on

StickySessionType

string

No

The method that is used to handle cookies. Valid values:

  • insert: The load balancer inserts a cookie (SERVERID) into the first response that is sent to a client. The next request from the client will contain the cookie, and the load balancer will redirect the request to the same backend server.

  • server: The load balancer rewrites a custom cookie. When the load balancer detects a user-defined cookie, it overwrites the original cookie with a new cookie. The next request from the client will contain the new cookie, and the load balancer will redirect the request to the same backend server.

Note

This parameter is required if StickySession is set to on.

insert

CookieTimeout

integer

No

The timeout period of a cookie.

Valid values: 1 to 86400. Unit: seconds.

Note

This parameter is required if StickySession is set to on and StickySessionType is set to insert.

500

Cookie

string

No

The cookie that is configured on the backend server.

The cookie name must be 1 to 200 characters in length and can contain only ASCII letters and digits. It cannot contain commas (,), semicolons (;), or spaces. It cannot start with a dollar sign ($).

Note

This parameter is required if StickySession is set to on and StickySessionType is set to server.

testCookie

HealthCheck

string

No

Specifies whether to enable health checks. Valid values:

  • on

  • off

on

HealthCheckMethod

string

No

The HTTP method that is used for health checks. Valid values: head and get.

Note

This parameter takes effect only if HealthCheck is set to on.

get

HealthCheckDomain

string

No

The domain name that is used for health checks. Valid values:

  • $_ip: The private IP address of a backend server. If you specify an IP address for this parameter or omit this parameter, the load balancer uses the private IP address of each backend server as the health check domain.

  • domain: The domain name must be 1 to 80 characters in length and can contain only letters, digits, periods (.), and hyphens (-).

Note

This parameter takes effect only if the HealthCheck parameter is set to on.

172.XX.XX.16

HealthCheckURI

string

No

The URI that is used for health checks.

The URI must be 1 to 80 characters in length and must start with a forward slash (/). It can contain letters, digits, and the following special characters: - / . % ? # &. The URI cannot consist of only a forward slash (/).

Note

This parameter takes effect only if the HealthCheck parameter is set to on.

/test/index.html

HealthyThreshold

integer

No

The number of consecutive successful health checks required to change the health check status of the backend server from fail to success.

Valid values: 2 to 10.

Note

This parameter takes effect only if the HealthCheck parameter is set to on.

4

UnhealthyThreshold

integer

No

The number of consecutive health check failures required to change the health check status of a backend server from success to fail.

Valid values: 2 to 10.

Note

This parameter takes effect only if the HealthCheck parameter is set to on.

4

HealthCheckTimeout

integer

No

The timeout period for a health check response. If a backend server, such as an Elastic Compute Service (ECS) instance, does not return a health check response within the specified timeout period, the health check fails. Unit: seconds. Valid values: 1 to 300.

Note

This parameter takes effect only if the HealthCheck parameter is set to on.

3

HealthCheckInterval

integer

No

The interval at which health checks are performed. Unit: seconds.

Valid values: 1 to 50.

Note

This parameter takes effect only if the HealthCheck parameter is set to on.

5

HealthCheckConnectPort

integer

No

The port that is used for health checks.

Valid values: 1 to 65535.

Note

This parameter takes effect only if the HealthCheck parameter is set to on.

8080

HealthCheckHttpCode

string

No

The HTTP status codes that indicate a successful health check. Separate multiple HTTP status codes with commas (,).

Valid values: http_2xx, http_3xx, http_4xx, and http_5xx.

Note

This parameter takes effect only if the HealthCheck parameter is set to on.

http_2xx,http_3xx

ServerCertificateId

string

No

The ID of the server certificate.

idkp-123-cn-te****

CACertificateId

string

No

The ID of the CA certificate.

  • If both a CA certificate and a server certificate are uploaded, mutual authentication is used.

  • If you upload only a server certificate, one-way authentication is used.

139a00604ad-cn-east-****

VServerGroup

string

No

Specifies whether to use a vServer group. Valid values:

  • on

  • off

on

VServerGroupId

string

No

The ID of the vServer group.

rsp-cige6j****

XForwardedFor_SLBIP

string

No

Specifies whether to use the SLB-IP header to retrieve the virtual IP address (VIP) of the CLB instance. Valid values:

  • on

  • off

on

XForwardedFor_SLBID

string

No

Specifies whether to use the SLB-ID header to retrieve the ID of the CLB instance. Valid values:

  • on

  • off

on

XForwardedFor_proto

string

No

Specifies whether to use the X-Forwarded-Proto header to retrieve the listener protocol of the CLB instance. Valid values:

  • on

  • off

on

Gzip

string

No

Specifies whether to enable Gzip compression to compress files of a specific type. Valid values:

  • on

  • off

on

AclId

string

No

The ID of the network access control list (ACL) that is associated with the listener.

This parameter is required if AclStatus is set to on.

acl-a2do9e413e0spzasx****

AclType

string

No

The type of the network ACL. Valid values:

  • white: a whitelist. The listener forwards requests only from the IP addresses or CIDR blocks specified in the network ACL. Whitelists are suitable for scenarios in which you want to allow only specific IP addresses to access an application. If you configure a whitelist but do not specify an IP address in the network ACL, the listener forwards all requests.

  • black: a blacklist. The listener denies all requests from the IP addresses or CIDR blocks specified in the network ACL. Blacklists are suitable for scenarios in which you want to deny access from specific IP addresses. If you configure a blacklist but do not specify an IP address in the network ACL, the listener forwards all requests.

Note

This parameter is required if AclStatus is set to on.

white

AclStatus

string

No

Specifies whether to enable access control. Valid values:

  • on

  • off

off

IdleTimeout

integer

No

The timeout period of an idle connection. Unit: seconds. Valid values: 1 to 60. Default value: 15.

If no request is received within the specified timeout period, CLB closes the connection. When a new request is received, CLB establishes a new connection.

23

RequestTimeout

integer

No

The timeout period of a request. Unit: seconds. Valid values: 1 to 180. Default value: 60.

If a backend server does not respond within the specified timeout period, CLB returns an HTTP 504 error code to the client.

223

EnableHttp2

string

No

Specifies whether to enable HTTP/2. Valid values:

  • on

  • off

off

TLSCipherPolicy

string

No

The Transport Layer Security (TLS) security policy. Each security policy contains TLS protocol versions and cipher suites.

  • tls_cipher_policy_1_0

    Supported TLS versions: TLS 1.0, TLS 1.1, and TLS 1.2.

    Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA.

  • tls_cipher_policy_1_1

    Supported TLS versions: TLS 1.1 and TLS 1.2.

    Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA.

  • tls_cipher_policy_1_2

    Supported TLS version: TLS 1.2.

    Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA, and DES-CBC3-SHA.

  • tls_cipher_policy_1_2_strict

    Supported TLS version: TLS 1.2.

    Supported cipher suites: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA.

  • tls_cipher_policy_1_2_strict_with_1_3

    Supported TLS versions: TLS 1.2 and TLS 1.3.

    Supported cipher suites: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_CCM_SHA256, TLS_AES_128_CCM_8_SHA256, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES128-SHA, and ECDHE-RSA-AES256-SHA.

tls_cipher_policy_1_2

Description

string

No

The name of the listener.

The name must be 1 to 256 characters in length and can contain letters, digits, hyphens (-), forward slashes (/), periods (.), and underscores (_).

https_80

XForwardedFor_SLBPORT

string

No

Specifies whether to use the X-Forwarded-Port header to retrieve the listener port of the CLB instance. Valid values:

  • on

  • off

off

XForwardedFor_ClientSrcPort

string

No

Specifies whether to use the X-Forwarded-Client-SrcPort header to retrieve the source port of the client that accesses the CLB instance. Valid values:

  • on

  • off

off

DryRun

boolean

No

Response elements

Element

Type

Description

Example

object

RequestId

string

The request ID.

CEF72CEB-54B6-4AE8-B225-F876FF7BA984

Examples

Success response

JSON format

{
  "RequestId": "CEF72CEB-54B6-4AE8-B225-F876FF7BA984"
}

Error codes

HTTP status code

Error code

Error message

Description

400 ParamDuplicateError The specified parameter value of XForwardedFor_ClientCertSubjectDNAlias is duplicate. Please change to a different one.
400 IpVersionConflict The ip version of this LoadBalancer and the Acl is conflict.
400 InvalidParameter.IdleTimeout The specified IdleTimeout exceeds the limit.
400 InvalidParameter.RequestTimeout The specified RequestTimeout exceeds the limit.
400 ListenerForwardNotSupport X-Forward-For is not supported to a ipv6 instance.
400 InvalidParameter.RegionNotSupport The region does not support the parameter: %s.
400 InvalidParameter.SpecNotSupport The loadBalancer of shared spec does not support the parameter: %s.
400 OperationFailed.ServerGroupInUse The VServerGroup or MasterSlaveServerGroup can not be close for this listener.
400 InvalidParameter.VServerGroupId The MasterSlaveServerGroup can not be attached to HTTP or HTTPS listener.
400 MissingParam.HealthCheckDomain The HealthCheckDomain is required when HealthCheckHttpVersion is http1.1.
400 InvalidParameter.HealthCheckHttpVersion The param HealthCheckHttpVersion is invalid.
400 Duplicated.AclEntry %s. %s
400 CertificateNotExist The specified CertificateId does not exist.
400 InvalidTLSPolicyId.NotExist The specified TLS cipher policy does not exist.
400 TLSPolicyConfiguring The specified TLS cipher policy is configuring.
400 TLSCipherPolicyVipRelationOverLimit The number of listeners associated with a policy has exceeded.
400 TooManyCertificates The number of certificates must not be greater than one.
400 CertificateTypeMismatched The certificate type does not match.
400 MissingParam.ServerCertificates Server certificates are required.
400 CnCertificateNotSupport The cn certificate is not support.
400 InvalidParam.CertificateBindingType The param CertificateBindingType is invalid.
400 InvalidParamSize.ServerCertificates The size of param ServerCertificates is invalid.
400 TooManyCertificates.ServerCertificates The number of certificates must not be greater than one.
400 AclListenerOverLimit This acl has reached the limit of binding to listeners.
400 QuotaLimitExceeds.AclAttachedToListener The number of Acl bound listeners has reached the quota limit
400 QuotaLimitExceeds.TotalAclEntry The number of Acl entries has reached the quota limit.
400 QuotaLimitExceeds.AclListenerOverLimit This acl has reached the limit of binding to listeners.
400 DryRunOperation Request validation has been passed with DryRun flag set. Request validation has been passed with DryRun flag set.
404 ResourceNotFound.Certificate The specified resource is not found.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.