DocsICP FilingConsole
官方文档
首页

Manage NLB listeners

更新时间:
复制 MD 格式
产品详情
我的收藏

After creating a listener, you can modify, start, stop, or delete it, and change its server group.

Prerequisites

You have created a TCP, UDP, or TCP/SSL listener. For more information, see the following topics:

Modify a listener

  1. Log on to the NLB console.

  2. In the top menu bar, select the region of the NLB instance.

  3. On the Instances page, find the target NLB instance, and click the instance ID.

  4. On the Instance Details tab, click the Listener tab. Find the target listener and use one of the following methods to modify its basic information:

    • Click the listener ID. On the Listener Details tab, in the Basic Information section, click Modify Listener.

    • In the Actions column, click View Details. Then, on the Listener Details tab, in the Basic Information section, click Modify Listener.

    • In the Actions column, choose More > Modify Listener.

  5. In the Modify Listener dialog box, you can modify the listener name and settings in the Advanced Settings section. Then, click Save.

    If full-port listening is enabled for the listener, you can modify the listener port range.

Start or stop a listener

You can start or stop a listener. While a listener is in the Starting or Stopping state, you cannot modify it, delete it, or change its server group.

Warning

Stopping a listener interrupts service. Proceed with caution.

  1. Log on to the NLB console.

  2. In the top menu bar, select the region of the NLB instance.

  3. On the Instances page, find the target NLB instance and click the instance ID.

  4. On the Instance Details tab, click the Listener tab. Find the target listener and use one of the following methods to start or stop it.

    • Start a listener

      • In the Actions column, click Enable. In the Enable dialog box that appears, click OK.

      • Click the listener ID. On the listener details page, click Enable in the upper-right corner.

    • Stop a listener

      • In the Actions column, click Disable. In the Disable dialog box that appears, click OK.

        Note

        For a TCP/SSL listener, you must choose More > Disable in the Actions column. Then, in the dialog box that appears, click OK.

      • Click the listener ID. On the listener details page, click Disable in the upper-right corner.

Delete a listener

  1. Log on to the NLB console.

  2. In the top menu bar, select the region of the NLB instance.

  3. On the Instances page, find the target NLB instance and click the instance ID.

  4. On the Instance Details tab, click the Listener tab. Find the target listener, and then in the Actions column, choose More > Delete.

  5. In the Delete dialog box, click OK.

Change the server group

  1. Log on to the NLB console.

  2. In the top menu bar, select the region of the NLB instance.

  3. On the Instances page, find the target NLB instance, and click the instance ID.

  4. Click the Listener tab. Find the target listener and use one of the following methods to change the server group:

    • In the Actions column, choose More > Change Server Group (Default Forwarding Rule).

    • Click the listener ID. On the Listener Details tab, in the Server Group (Default Forwarding Rule) section, click Change Server Group (Default Forwarding Rule).

      Note

      You can also click View/Modify Backend Server in the Server Group (Default Forwarding Rule) section to view, add, or remove backend servers associated with the listener.

  5. In the Change Server Group (Default Forwarding Rule) dialog box, select a server group or click Create Server Group to create a new one. Then, click OK.

    For more information about how to create a server group, see NLB server groups.

Manage certificates (for TCP/SSL listeners only)

  1. Log on to the NLB console.

  2. In the top menu bar, select the region of the NLB instance.

  3. On the Instances page, find the target NLB instance, and click the instance ID.

  4. On the Instance Details tab, click the Listener tab. Find the target TCP/SSL listener and use one of the following methods to manage its certificates:

    • In the Actions column, click Manage Certificates.

    • Click the listener ID. On the Listener Details tab, in the SSL Certificate section, click Manage Certificates.

  5. On the Certificates tab, manage certificates as described in the following table.

    Type

    Actions

    Description

    Server certificate

    Change the default server certificate

    1. On the Server Certificates tab, find the target certificate and click Change.

    2. Select a server certificate and click OK.

      If no server certificates are available, click Create SSL Certificate in the certificate drop-down list to go to the Certificate Management Service console. In the console, you can purchase a commercial certificate or upload, sync, and share SSL certificates.

    Add an additional certificate

    You can add additional certificates to the listener. Each instance supports up to 25 additional certificates, and you can add up to 15 at a time.

    1. On the Server Certificates tab, click Add Additional Certificate.

    2. In the Add Additional Certificate dialog box, select one or more server certificates and click OK.

      If no server certificates are available, click Purchase Certificate in the upper-right corner to go to the Certificate Management Service console. In the console, you can purchase a commercial certificate or upload, sync, and share SSL certificates.

    Delete an additional certificate

    You can delete unneeded additional server certificates. After a certificate is deleted, it is no longer used to authenticate backend servers.

    1. On the Server Certificates tab, find the target additional certificate and click Delete in the Actions column.

    2. In the dialog box that appears, click OK.

    CA certificate

    Enable mutual authentication

    1. Click the CA Certificates tab and turn on the Mutual Authentication switch, or click Enable Mutual Authentication.

      Note

      You can also enable mutual authentication in the SSL Certificate section on the Listener Details tab.

    2. In the dialog box that appears, set the CA Certificate Source and Default CA Certificate parameters, and then click OK.

      • If you select a certificate issued by Alibaba Cloud and no CA certificates are available, click Purchase CA Certificate from the drop-down list to purchase and enable a private CA.

      • If you select a certificate that is not issued by Alibaba Cloud and no self-signed CA certificates are available, click Upload Self-signed CA Certificate in the drop-down list. On the Certificate Application Repository page, create a repository for which the data source is Uploaded CA Certificates. Then, upload a self-signed root CA certificate or a self-signed intermediate CA certificate to the certificate application repository. For more information, see Manage certificates in a certificate application repository.

    Change a CA certificate

    1. Click the CA Certificates tab. Find the target certificate, and in the Actions column, click Replace.

    2. In the dialog box that appears, set the CA Certificate Source and Default CA Certificate parameters, and then click OK.

      • If you select a certificate issued by Alibaba Cloud and no CA certificates are available, click Purchase CA Certificate from the drop-down list to purchase and enable a private CA.

      • If you select a certificate that is not issued by Alibaba Cloud and no self-signed CA certificates are available, click Upload Self-signed CA Certificate in the drop-down list. On the Certificate Application Repository page, create a repository for which the data source is Uploaded CA Certificates. Then, upload a self-signed root CA certificate or a self-signed intermediate CA certificate to the certificate application repository. For more information, see Manage certificates in a certificate application repository.

    Disable mutual authentication

    Click the CA Certificates tab and turn off the mutual authentication switch. This reverts the listener to one-way authentication.

Modify a TLS security policy (for TCP/SSL listeners only)

  1. Log on to the NLB console.

  2. In the top menu bar, select the region of the NLB instance.

  3. On the Instances page, find the target NLB instance, and click the instance ID.

  4. On the Instance Details tab, click the Listener tab. Find the target TCP/SSL listener, and click the listener ID or click View Details in the Actions column.

  5. On the Listener Details tab, find the SSL Certificate section and click the Edit icon next to TLS Security Policy.

  6. In the Modify TLS Security Policy dialog box, select a TLS security policy and click Save.

    If no TLS security policies are available, click Create TLS Security Policy in the drop-down list. For more information, see TLS security policies.

Related APIs

Previous:TLS security policiesNext:NLB server groups