<p>This article describes how to create an external ELB HTTPS listener.</p> <p><strong><span style="font-size:18px">Prerequisites</span></strong></p> <p>You have created an external ELB instance.</p> <p><strong><span style="font-size:18px">Procedures</span></strong></p> <p>1.&nbsp;Log in to the <a href="https://pinganyun.com/console/loadBalance/overview" target="_blank">ELB Console</a>.</p> <p>2.&nbsp;In the left navigation pane, click <strong>Instance Management</strong> to enter the <strong>Instance Management</strong> page.</p> <p>3.&nbsp;Click the instance name of the target ELB instance and enter the <strong>Instance Information</strong> page.</p> <p>4.&nbsp;Click the <strong>Listener</strong> tab.</p> <p>5.&nbsp;In the upper-right corner of the tab, click <strong>Create</strong> to enter the <strong>Create Listener</strong> page.</p> <p>6.&nbsp;Configure the listener as described in the following tables.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607135320-1ed383c19792.png" style="height:565px; width:830px" /></p> <p><strong>Basic Information</strong></p> <table border="1" cellpadding="0" cellspacing="0" style="width:0px"> <tbody> <tr> <td style="background-color:#ededed; width:226px"> <p><strong>Configuration item</strong></p> </td> <td style="background-color:#ededed; vertical-align:top; width:555px"> <p><strong>Description</strong></p> </td> </tr> <tr> <td style="width:226px"> <p>Description</p> </td> <td style="vertical-align:top; width:555px"> <p>Customize the description of a listener.</p> </td> </tr> <tr> <td style="width:226px"> <p>Frontend protocol</p> </td> <td style="vertical-align:top; width:555px"> <p>Select HTTPS as the frontend protocol.</p> </td> </tr> <tr> <td style="width:226px"> <p>Port</p> </td> <td style="vertical-align:top; width:555px"> <p>Enter the port number used to receive the request and forward the request to the server resource pool.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607135356-1cde20e796d7.png" style="height:21px; margin:1px; width:50px" /><strong>:</strong> In the same ELB instance, the listener port number cannot be repeated.</p> </td> </tr> <tr> <td style="width:226px"> <p>Schedule algorithm</p> </td> <td style="vertical-align:top; width:555px"> <p>Select a schedule algorithm. Currently only <strong>Weighted Round Robin</strong> is supported. In the weighted round robin mode, the access request will be assigned to the hosts in the pool according to the weight value. The higher the host weight, the greater the probability of being distributed. If the weight values are the same, the round robin mode is implemented.</p> </td> </tr> <tr> <td style="width:226px"> <p>Pool</p> </td> <td style="vertical-align:top; width:555px"> <p>Select a server resource pool.</p> <p>You need to select a pool based on the following steps:</p> <p>1.&nbsp; Click <strong>Choose Pool</strong>, and the <strong>Choose Pool</strong> dialog box opens.</p> <p>2.&nbsp; Check the target pool, and click <strong>Confirm</strong>.</p> <p>If you have not yet created a pool, you need to create one before you can make a selection here. You can also create a server resource pool before you select one for a listener For more information about creating a pool, see Create a Pool.</p> </td> </tr> <tr> <td style="width:226px"> <p>Certificate</p> </td> <td style="vertical-align:top; width:555px"> <p>Upload SSL Certificate.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607135356-1cde20e796d7.png" style="height:21px; margin:1px; width:50px" /><strong>:</strong> Before uploading the certificate, make sure that the certificate has been created. For more information, see Create a Certificate.</p> <p>You can upload the certificate in the following steps:</p> <p>1.&nbsp;Click <strong>Select Certificate</strong>, and the <strong>Select Certificate</strong> dialog box opens.</p> <p>2.&nbsp;Check the target certificate, and click <strong>Confirm</strong>.</p> </td> </tr> </tbody> </table> <p><strong>&nbsp;Advanced configuration</strong></p> <table border="1" cellpadding="0" cellspacing="0" style="width:0px"> <tbody> <tr> <td style="background-color:#ededed; width:207px"> <p><strong>Configuration item</strong></p> </td> <td style="background-color:#ededed; vertical-align:top; width:574px"> <p><strong>Description</strong></p> </td> </tr> <tr> <td style="width:207px"> <p>Request header</p> </td> <td style="vertical-align:top; width:574px"> <p>If the front-end protocol is HTTP or HTTPS, by default, the client IP address is obtained through the X-Forwarded-For header field, and the ELB virtual service protocol is obtained through the X-Forwarded-Proto header field. Users do not need to do any operations.</p> </td> </tr> <tr> <td style="width:207px"> <p>Session persistence</p> </td> <td style="vertical-align:top; width:574px"> <p>You can choose to turn on or off the session persistence function. After you turn on the session persistence function, requests belonging to the same session will be forwarded to the same host for processing.</p> <p>If you choose to turn on the session persistence, you need to select COOKIE or SOURCE_ADDRESS as the session persistence method. If you select the COOKIE method, the user identity is determined by the session persistence value in the cookie carried by the HTTP/HTTPS request. If you select the SOURCE_ADDRESS method, the user identity is determined by the source address hash algorithm.</p> </td> </tr> <tr> <td style="width:207px"> <p>Access Control</p> </td> <td style="vertical-align:top; width:574px"> <p>You can choose to turn on or off the access control function. After you turn on the access control function, you can control the access permission of the specified IP address to ELB.</p> <p>If you turn on the access control function, you need to select the created access control policy group or create a new access control policy group and select the access control mode. The access control policy group includes one or more IP addresses. The access control modes include <strong>Whitelist</strong> and <strong>Blacklist</strong>. It decides whether to allow or deny the IP addresses in the policy group to access the ELB instance.</p> </td> </tr> <tr> <td style="width:207px"> <p>Gzip</p> </td> <td style="vertical-align:top; width:574px"> <p>You can choose to turn on or off Gzip data compression function. If you turn on the Gzip data compression, the access content above 1 K will be compressed, speeding up the data transmission speed.</p> </td> </tr> <tr> <td style="width:207px"> <p>Connect idle timeout</p> </td> <td style="vertical-align:top; width:574px"> <p>Set the idle timeout connection. If no access request has been received within this time, ELB will temporarily interrupt the current connection until the next request is received and then re-establish the connection. The value range is [1, 120] seconds.</p> </td> </tr> <tr> <td style="width:207px"> <p>Connection create timeout</p> </td> <td style="vertical-align:top; width:574px"> <p>Define the timeout period for establishing a connection. It means that how long the session will be disconnected if it is not established. It is 60 seconds by default. The value range is [10, 180] seconds.</p> </td> </tr> <tr> <td style="width:207px"> <p>Response interval timeout</p> </td> <td style="vertical-align:top; width:574px"> <p>Define the response interval timeout. During the timeout period between the two responses, if the back-end server has not sent the response content, the connection is disconnected. It is 60 seconds by default. The value range is [1, 180] seconds.</p> </td> </tr> <tr> <td style="width:207px"> <p>Request interval timeout</p> </td> <td style="vertical-align:top; width:574px"> <p>Define the request interval timeout. During the timeout period between the two requests, the back-end server has not received the request, the connection is disconnected. It is 60 seconds by default. The value range is [1, 180] seconds.</p> </td> </tr> </tbody> </table> <p>7.&nbsp;Click<strong> Next</strong> and configure the health check information of the listener as described in the following tables.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607140246-1f5a02da98de.png" style="height:512px; width:830px" /></p> <p><strong>Health check</strong></p> <table border="1" cellpadding="0" cellspacing="0" style="width:0px"> <tbody> <tr> <td style="background-color:#ededed; width:200px"> <p><strong>Configuration item</strong></p> </td> <td style="background-color:#ededed; vertical-align:top; width:581px"> <p><strong>Description</strong></p> </td> </tr> <tr> <td style="width:200px"> <p>Health check</p> </td> <td style="vertical-align:top; width:581px"> <p>You can choose to turn on or off the health check function. If you turn on the health check function, the ELB service will check the health status of the hosts in the server resource pool. If the ELB service finds that there is a problem with a host, it will forward the request to other normal hosts. When the host returns to normal, the ELB service will resend the request to the host.</p> <p>After you turn on the health check function, you need to configure the following parameters.</p> </td> </tr> <tr> <td style="width:200px"> <p>Protocol</p> </td> <td style="vertical-align:top; width:581px"> <p>Select the protocol for health check. The protocol available here includes HTTP and TCP.</p> </td> </tr> <tr> <td style="width:200px"> <p>Path</p> </td> <td style="vertical-align:top; width:581px"> <p>If the check method is HTTP, you need to enter the URL path for health check. Make sure that the path can be accessed normally.</p> </td> </tr> <tr> <td style="width:200px"> <p>Interval</p> </td> <td style="vertical-align:top; width:581px"> <p>Set the time interval between two health checks. The value range is 5 to&nbsp;300&nbsp;seconds.</p> </td> </tr> <tr> <td style="width:200px"> <p>Timeout</p> </td> <td style="vertical-align:top; width:581px"> <p>Set the maximum timeout period for each health check response. The value range is [2, 60] seconds. During the health check, if the hosts in the server resource pool do not respond correctly within this period of time, it is determined that the health check has will fail.</p> </td> </tr> <tr> <td style="width:200px"> <p>Frequency threshold</p> </td> <td style="vertical-align:top; width:581px"> <p>Set the number of consecutive health checks to determine the health status of the host. The value range is [2, 10] times. If the frequency threshold is set to 3, and if the host is determined to be healthy after three times of successive successful the health check result is received three times in succession, the host is determined to be healthy, and the host is determined to be unhealthy If the health check result is received three times in succession, the host is determined after three times of successive failed health check.</p> </td> </tr> </tbody> </table> <p>8.&nbsp;Click <strong>Create</strong>, and you will see an <strong>Operation succeeded</strong> message at the bottom of the page.</p>