Configure multi-domain HTTPS websites on a single CLB instance

更新时间:
复制 MD 格式

This topic describes how to configure a single listener on a Classic Load Balancer (CLB) instance to route HTTPS requests for different domain names to different backend servers, allowing you to host multiple HTTPS websites.

Example

The CLB instance inspects the domain name in the HTTPS request, selects the matching certificate to complete authentication, and then forwards the request to the appropriate backend server based on your forwarding rules.

This topic uses the following configuration as an example:

  • The listener's default certificate default is bound to the domain name aliyundoc.com, and the default backend server group is RS1.

  • When the listener's additional certificate example1 is bound to the domain name www.example.com, client requests to https://www.example.com are forwarded to the backend server group RS1.

  • The listener's additional certificate example2 is bound to the domain name www.example.org, and client requests to https://www.example.org are forwarded to the backend server group RS2.

image

Prerequisites

  • A CLB instance is created. For more information, see Create and manage a CLB instance.

  • Two vServer groups, RS1 and RS2, are created. For more information, see Create and manage a vServer group.

  • An ECS instance, ECS01, is added to RS1, and another ECS instance, ECS02, is added to RS2. Application services are deployed on both ECS01 and ECS02.

  • You have registered domain names and completed ICP filing. For more information, see Register a domain name on Alibaba Cloud and ICP filing process.

  • You must purchase or upload certificates from a third-party provider to Certificate Management Service and bind them to their respective domain names. For more information, see Enable HTTPS access for a web-based service by using an official certificate. The following certificates are required for this topic:

    • A default certificate named default that is bound to the domain name aliyundoc.com.

    • A certificate named example1 that is bound to the domain name www.example.com.

    • A certificate named example2 that is bound to the domain name www.example.org.

    Note

    You must deploy the certificates to the CLB instance before they can be used. For more information, see Create a certificate.

Step 1: Add an HTTPS listener

  1. Log on to the CLB console.

  2. In the top menu bar, select the region where the CLB instance is located.

  3. On the Instances page, find the target CLB instance, and in the Actions column, click Configure Listener.

  4. On the Protocol & Listener tab, configure the following parameters and click Next.

    This topic describes only the required parameters. You can leave other parameters at their default values or configure them as needed.

    • Select Listener Protocol: Select HTTPS.

    • Listener Port: Set the port to 443.

  5. On the Certificate Management Service tab, select the uploaded server certificate and click Next. In this example, we select the default certificate.

  6. On the Backend Servers tab, select vServer group, and then select RS1 from the Server Group drop-down list.

  7. Keep the default values for the other parameters and click Next until you reach the confirmation step. Then, click Submit.

Step 2: Add additional domain names

  1. On the Instances page, find the target CLB instance, and then click the target instance ID.

  2. On the Listener tab, find the HTTPS listener that you created. In the Actions column, click the More icon and select Manage Additional Certificate.

  3. In the Manage Additional Certificate panel, click Add Additional Certificate.

    1. For Additional Certificate, enter www.example.com. From the Server Certificate drop-down list, select the certificate associated with www.example.com, and then click OK.

    2. For Additional Certificate, enter www.example.org. From the Server Certificate drop-down list, select the certificate associated with www.example.org, and then click OK.

    Note

    Ensure the domain name in the certificate exactly matches the additional domain name you add.

Step 3: Configure forwarding rules

  1. On the Instances page, click the ID of the target CLB instance.

  2. On the Listener tab, find the listener and click Set Forwarding Rule in the Actions column.

  3. In the Add Forwarding Rules panel, add forwarding rules.

    In this example, only domain name-based forwarding rules are configured. The URL settings are not configured.

    1. In the Domain Name column, enter www.example.com, select the vServer group RS1, and then click Add Forwarding Policy.

    2. In the Domain Name column, enter www.example.org, select the vServer group RS2, and then click Add Forwarding Policy.

  4. After you configure the forwarding rules, close the Add Forwarding Rules panel.

Step 4: Configure domain name resolution

Add A records for www.example.com and www.example.org to point to the public IP address of the CLB instance.

  1. Log on to the CLB console.

  2. In the top navigation bar, select a region.

  3. Select the CLB instance for domain name resolution, and copy its corresponding public IP address.

  4. To add an A record:

    1. Log on to the Alibaba Cloud DNS console.

    2. On the Public Zone page, click Add Zone.

    3. In the Add Zone dialog box, enter your domain name and click OK.

      Important

      Verify your domain ownership by using a TXT record.

    4. Find the domain name that you want to manage and click Settings in the Actions column.

    5. On the Settings page, click Add Record.

    6. In the Add Record panel, configure the following parameters to add an A record and then click OK.

      Parameter

      Description

      Record Type

      Select A from the drop-down list.

      Hostname

      The prefix of your domain name.

      Query Source

      Select Default.

      Record Value

      The record value is the public IP address of the CLB instance that you copied.

      TTL

      Time to live (TTL). This specifies the amount of time that the DNS record is cached on a DNS server. This example uses the default value.

Step 5: Verify the results

You can use both www.example.com and www.example.org to access the service in a browser. In this topic, two static web pages are deployed on the two backend server instances that correspond to server groups RS1 and RS2.

  • In a browser, enter the domain name www.example.com, which is bound to the additional certificate example1. The request is forwarded to the backend server ECS01 of server group RS1 based on the configured forwarding rule. The result is shown in the following figure: Verification result for ECS01

  • In a browser, enter the domain name www.example.org that is bound to the additional certificate example2. The request is forwarded to the backend server ECS02 of server group RS2 based on the configured forwarding rule. As shown in the following figure:ECS02 verification result

Note

If you cannot access the domain names after the configuration is complete, restart your browser to clear the cache and try again.

Related documents