This topic describes how to configure a single listener on a Classic Load Balancer (CLB) instance to route HTTPS requests for different domain names to different backend servers, allowing you to host multiple HTTPS websites.
Example
The CLB instance inspects the domain name in the HTTPS request, selects the matching certificate to complete authentication, and then forwards the request to the appropriate backend server based on your forwarding rules.
This topic uses the following configuration as an example:
The listener's default certificate
defaultis bound to the domain namealiyundoc.com, and the default backend server group is RS1.When the listener's additional certificate example1 is bound to the domain name
www.example.com, client requests tohttps://www.example.comare forwarded to the backend server group RS1.The listener's additional certificate example2 is bound to the domain name
www.example.org, and client requests tohttps://www.example.orgare forwarded to the backend server group RS2.
Prerequisites
A CLB instance is created. For more information, see Create and manage a CLB instance.
Two vServer groups, RS1 and RS2, are created. For more information, see Create and manage a vServer group.
An ECS instance, ECS01, is added to RS1, and another ECS instance, ECS02, is added to RS2. Application services are deployed on both ECS01 and ECS02.
You have registered domain names and completed ICP filing. For more information, see Register a domain name on Alibaba Cloud and ICP filing process.
You must purchase or upload certificates from a third-party provider to Certificate Management Service and bind them to their respective domain names. For more information, see Enable HTTPS access for a web-based service by using an official certificate. The following certificates are required for this topic:
A default certificate named
defaultthat is bound to the domain namealiyundoc.com.A certificate named
example1that is bound to the domain namewww.example.com.A certificate named
example2that is bound to the domain namewww.example.org.
NoteYou must deploy the certificates to the CLB instance before they can be used. For more information, see Create a certificate.
Step 1: Add an HTTPS listener
-
Log on to the CLB console.
In the top menu bar, select the region where the CLB instance is located.
On the Instances page, find the target CLB instance, and in the Actions column, click Configure Listener.
On the Protocol & Listener tab, configure the following parameters and click Next.
This topic describes only the required parameters. You can leave other parameters at their default values or configure them as needed.
Select Listener Protocol: Select HTTPS.
Listener Port: Set the port to 443.
On the Certificate Management Service tab, select the uploaded server certificate and click Next. In this example, we select the
defaultcertificate.On the Backend Servers tab, select vServer group, and then select RS1 from the Server Group drop-down list.
Keep the default values for the other parameters and click Next until you reach the confirmation step. Then, click Submit.
Step 2: Add additional domain names
On the Instances page, find the target CLB instance, and then click the target instance ID.
On the Listener tab, find the HTTPS listener that you created. In the Actions column, click the
icon and select Manage Additional Certificate.In the Manage Additional Certificate panel, click Add Additional Certificate.
For Additional Certificate, enter
www.example.com. From the Server Certificate drop-down list, select the certificate associated withwww.example.com, and then click OK.For Additional Certificate, enter
www.example.org. From the Server Certificate drop-down list, select the certificate associated withwww.example.org, and then click OK.
NoteEnsure the domain name in the certificate exactly matches the additional domain name you add.
Step 3: Configure forwarding rules
On the Instances page, click the ID of the target CLB instance.
On the Listener tab, find the listener and click Set Forwarding Rule in the Actions column.
In the Add Forwarding Rules panel, add forwarding rules.
In this example, only domain name-based forwarding rules are configured. The URL settings are not configured.
In the Domain Name column, enter
www.example.com, select the vServer group RS1, and then click Add Forwarding Policy.In the Domain Name column, enter
www.example.org, select the vServer group RS2, and then click Add Forwarding Policy.
After you configure the forwarding rules, close the Add Forwarding Rules panel.
Step 4: Configure domain name resolution
Add A records for www.example.com and www.example.org to point to the public IP address of the CLB instance.
-
Log on to the CLB console.
In the top navigation bar, select a region.
Select the CLB instance for domain name resolution, and copy its corresponding public IP address.
To add an A record:
Log on to the Alibaba Cloud DNS console.
On the Public Zone page, click Add Zone.
In the Add Zone dialog box, enter your domain name and click OK.
ImportantVerify your domain ownership by using a TXT record.
Find the domain name that you want to manage and click Settings in the Actions column.
On the Settings page, click Add Record.
In the Add Record panel, configure the following parameters to add an A record and then click OK.
Parameter
Description
Record Type
Select A from the drop-down list.
Hostname
The prefix of your domain name.
Query Source
Select Default.
Record Value
The record value is the public IP address of the CLB instance that you copied.
TTL
Time to live (TTL). This specifies the amount of time that the DNS record is cached on a DNS server. This example uses the default value.
Step 5: Verify the results
You can use both www.example.com and www.example.org to access the service in a browser. In this topic, two static web pages are deployed on the two backend server instances that correspond to server groups RS1 and RS2.
In a browser, enter the domain name
www.example.com, which is bound to the additional certificate example1. The request is forwarded to the backend server ECS01 of server group RS1 based on the configured forwarding rule. The result is shown in the following figure:
In a browser, enter the domain name
www.example.orgthat is bound to the additional certificate example2. The request is forwarded to the backend server ECS02 of server group RS2 based on the configured forwarding rule. As shown in the following figure:
If you cannot access the domain names after the configuration is complete, restart your browser to clear the cache and try again.
Related documents
To forward requests for different URL paths of the same domain name to different backend server groups, see Use forwarding rules that are based on the same domain name but different paths to achieve precise traffic forwarding.
For more information about domain name-based and URL-based forwarding rules, see Forward requests based on domain names or URLs.