ALIYUN::SLB::Listener用于创建负载均衡监听(Listener)。

语法

{
  "Type": "ALIYUN::SLB::Listener",
  "Properties": {
    "MasterSlaveServerGroupId": String,
    "AclStatus": String,
    "Protocol": String,
    "AclId": String,
    "ServerCertificateId": String,
    "HealthCheck": Map,
    "RequestTimeout": Integer,
    "IdleTimeout": Integer,
    "ListenerPort": Integer,
    "HttpConfig": Map,
    "Bandwidth": Integer,
    "AclType": String,
    "BackendServerPort": Integer,
    "Scheduler": String,
    "LoadBalancerId": String,
    "CACertificateId": String,
    "Persistence": Map,
    "VServerGroupId": String
  }
}

属性

属性名称 类型 必须 允许更新 描述 约束
MasterSlaveServerGroupId String 主备服务器组ID。
AclStatus String 是否开启访问控制功能。 取值:
  • on(默认值)
  • off
AclId String 监听绑定的访问策略组ID。 当AclStatus参数取值为on时,该参数为必选参数。
AclType String 访问控制类型。 取值:
  • white:仅转发来自所选访问控制策略组中设置的IP地址或地址段的请求。白名单适用于应用只允许特定IP访问的场景。设置白名单存在一定业务风险。一旦设置白名单,只有白名单中的IP可以访问负载均衡监听。如果开启了白名单访问,但访问策略组中没有添加任何IP,则负载均衡监听不会转发请求。
  • black:来自所选访问控制策略组中设置的IP地址或地址段的所有请求都不会转发。黑名单适用于应用只限制某些特定IP访问的场景。如果开启了黑名单访问,但访问策略组中没有添加任何IP,则负载均衡监听会转发全部请求。当AclStatus参数取值为on时,该参数为必选参数。
Protocol String IP协议。 取值:
  • http
  • https
  • tcp
  • udp
ListenerPort Integer 负载均衡实例前端使用的端口。 取值范围:1~65,535。
Bandwidth Integer 监听的带宽峰值。 取值范围:-1或1~1000。

单位:Mbps。

  • 针对按固定带宽计费方式的公网类型实例,不同Listener上的Bandwidth的峰值总和不能超出在创建负载均衡实例时设定的Bandwidth值,且不能将Listener上的Bandwidth值设置为-1。
  • 针对按使用流量计费方式的公网类型实例,可以选择将Listener上的Bandwidth值设置为-1,表示不限制带宽峰值。
BackendServerPort Integer 负载均衡实例后端使用的端口。 取值范围:1~65,535。
LoadBalancerId String 负载均衡实例的ID。
HealthCheck Map 健康检查设置。 详情请参见HealthCheck属性
Persistence Map 相关参数的持久化。 详情请参见Persistence属性
Scheduler String 调度算法。 取值:
  • wrr(默认值)
  • wlc
CACertificateId String CA证书ID。 只对HTTPS协议有效。
ServerCertificateId String 服务器证书的ID。 只对HTTPS协议有效,且必须指定该参数。
VServerGroupId String 虚拟服务器组ID。
RequestTimeout Integer 指定请求超时时间。 取值范围:1~180。

单位:秒。

IdleTimeout Integer 指定连接空闲超时时间。 取值范围:1~60。

单位:秒。

HttpConfig Map 用于配置HTTP协议。 详情请参见HttpConfig属性

HealthCheck 语法

"HealthCheck": {
  "Domain": String,
  "Interval": Integer,
  "URI": String,
  "HttpCode": String,
  "HealthyThreshold": Integer,
  "Timeout": Integer,
  "UnhealthyThreshold": Integer,
  "Port": Integer
}

HealthCheck属性

属性名称 类型 必须 允许更新 描述 约束
Domain String 用于健康检查的域名。 取值:
  • $_ip
  • 用户自定义字符串:长度为1~80个字符。可包含英文字母、数字、短划线(-)和英文句点(.)。
说明 用户设置此参数为$_ip或空时,负载均衡会使用各后端服务器的私网IP当做健康检查使用的域名。
Interval Integer 进行健康检查的时间间隔。 取值范围:1~5。

单位:秒。

URI String 用于健康检查的URI。 长度为1~80个字符。必须以正斜线(/)开头,可包含英文字母、数字、短划线(-)、正斜线(/)、英文句点(.)、百分号(%)、问号(?)、井号(#)和and(&)。
HttpCode String 健康检查正常的HTTP状态码。 取值:
  • http_2xx(默认值)
  • http_3xx
  • http_4xx
  • http_5xx

多个HTTP状态码间用英文逗号(,)分隔。

HealthyThreshold Integer 判定健康检查结果为success的阈值。即,健康检查连续成功多少次后,将后端服务器的健康检查状态由fail改为success。 取值范围:1~10。
Timeout Integer 每次健康检查响应的最大超时时间。

取值范围:1~50。

单位:秒。

注意 如果Timeout值小于Interval值,则Timeout无效,超时时间为Interval的值。
UnhealthyThreshold Integer 判定健康检查结果为fail的阈值,即健康检查连续失败多少次后,将后端服务器的健康检查状态由success改为fail。 取值范围:1~10。
Port Integer 用于健康检查的端口。 取值范围:0~65,535。

Persistence语法

"Persistence": {
  "PersistenceTimeout": Integer,
  "CookieTimeout": Integer,
  "XForwardedFor": String,
  "XForwardedFor_SLBID": String,
  "XForwardedFor_proto": String,
  "XForwardedFor_SLBIP": String,
  "Cookie": String,
  "StickySession": String,
  "StickySessionType": String
}

Persistence属性

属性名称 类型 必须 允许更新 描述 约束
StickySession String 是否开启会话保持。 取值:
  • on
  • off
PersistenceTimeout Integer 连接持久化的超时时间。 取值范围:0~1000。

默认值:0。表示关闭。

单位:秒。

CookieTimeout Integer Cookie超时时间。

取值范围:1~86,400。

单位:秒。

说明 当StickySession为on且StickySessionType为insert时,该参数必选。
XForwardedFor String 是否开启通过X-Forwarded-For的方式获取来访者真实IP。 取值: on。
XForwardedFor_proto String 是否通过X-Forwarded-Proto头字段获取负载均衡实例的监听协议。 取值:
  • on
  • off(默认值)
XForwardedFor_SLBID String 是否通过SLB-ID头字段获取负载均衡实例ID。 取值:
  • on
  • off(默认值)
XForwardedFor_SLBIP String 是否通过SLB-IP头字段获取客户端请求的真实IP。 取值:
  • on
  • off(默认值)
Cookie String 服务器上配置的Cookie。 长度为1~200个字符,不能以美元符号($)开头。可包含英文字母和数字,不能包含英文逗号(,)、分号(;)或空格( )。
说明 当StickySession为on且StickySessionType为server时,该参数必选。
StickySessionType String Cookie的处理方式。 取值:
  • insert:植入Cookie。
  • server:重写Cookie。
说明 当StickySession的值为on时,必须指定该参数。

HttpConfig语法

"HttpConfig": {
  "ForwardPort": Integer,
  "ListenerForward": String
}

HttpConfig属性

属性名称 类型 必须 允许更新 描述 约束
ForwardPort Integer HTTP到HTTPS监听转发端口。 取值范围:1~65,535。

默认值:443。

ListenerForward String 是否将HTTP启用为HTTPS转发。 取值:
  • on
  • off(默认值)

返回值

Fn::GetAtt

  • LoadBalancerId:负载均衡实例的唯一标识。
  • ListenerPortsAndProtocol:数组格式,负载均衡实例前端使用的端口和协议。

示例

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "RequestTimeout": {
      "Type": "Number",
      "Description": "Specify the request timeout in seconds. Valid value: 1-180 If no response is received from the backend server during the specified timeout period, Server Load Balancer will stop waiting and send an HTTP 504 error to the client.",
      "MinValue": 1,
      "MaxValue": 180
    },
    "ListenerPort": {
      "Type": "Number",
      "Description": "Port for front listener. Range from 1 to 65535.",
      "MinValue": 1,
      "MaxValue": 65535
    },
    "VServerGroupId": {
      "Type": "String",
      "Description": "The id of the VServerGroup which use in listener."
    },
    "CACertificateId": {
      "Type": "String",
      "Description": "CA server certificate id, for https listener only."
    },
    "Scheduler": {
      "Type": "String",
      "Description": "The scheduler algorithm. Support 'wrr' or 'wlc' only, default is 'wrr'",
      "AllowedValues": [
        "wrr",
        "wlc"
      ],
      "Default": "wrr"
    },
    "AclId": {
      "Type": "String",
      "Description": "The ID of the access control list associated with the listener to be created.\nIf the value of the AclStatus parameter is on, this parameter is required."
    },
    "HealthCheck": {
      "Type": "Json",
      "Description": "The properties of health checking setting."
    },
    "IdleTimeout": {
      "Type": "Number",
      "Description": "Specify the idle connection timeout in seconds. Valid value: 1-60 If no request is received during the specified timeout period, Server Load Balancer will temporarily terminate the connection and restart the connection when the next request comes.",
      "MinValue": 1,
      "MaxValue": 60
    },
    "LoadBalancerId": {
      "Type": "String",
      "Description": "The id of load balancer to create listener."
    },
    "BackendServerPort": {
      "Type": "Number",
      "Description": "Backend server can listen on ports from 1 to 65535.",
      "MinValue": 1,
      "MaxValue": 65535
    },
    "Persistence": {
      "Type": "Json",
      "Description": "The properties of persistence."
    },
    "AclStatus": {
      "Type": "String",
      "Description": "Indicates whether to enable access control.\nValid values: on | off. Default value: off",
      "AllowedValues": [
        "on",
        "off"
      ],
      "Default": "off"
    },
    "Bandwidth": {
      "Type": "Number",
      "Description": "The bandwidth of network, unit in Mbps(Million bits per second). If the specified load balancer with \"LOAD_BALANCE_ID\" is charged by \"paybybandwidth\" and is created in classic network, each Listener's bandwidth must be greater than 0 and the sum of all of its Listeners' bandwidth can't be greater than the bandwidth of the load balancer.",
      "MinValue": -1,
      "MaxValue": 1000
    },
    "MasterSlaveServerGroupId": {
      "Type": "String",
      "Description": "The id of the MasterSlaveServerGroup which use in listener."
    },
    "ServerCertificateId": {
      "Type": "String",
      "Description": "Server certificate id, for https listener only, this properties is required."
    },
    "HttpConfig": {
      "Type": "Json",
      "Description": "Config for http protocol."
    },
    "AclType": {
      "Type": "String",
      "Description": "The access control type:\n* white: Indicates a whitelist. Only requests from IP addresses or CIDR blocks in the selected access control lists are forwarded. This applies to scenarios in which an application only allows access from specific IP addresses.\nEnabling a whitelist poses some risks to your services.\nAfter a whitelist is enabled, only the IP addresses in the list can access the listener.\nIf you enable a whitelist without adding any IP addresses in the list, no requests are forwarded.\n* black: Indicates a blacklist. Requests from IP addresses or CIDR blocks in the selected access control lists are not forwarded (that is, they are blocked). This applies to scenarios in which an application only denies access from specific IP addresses.\nIf you enable a blacklist without adding any IP addresses in the list, all requests are forwarded.\n\nIf the value of the AclStatus parameter is on, this parameter is required.",
      "AllowedValues": [
        "white",
        "black"
      ]
    },
    "Protocol": {
      "Type": "String",
      "Description": "The load balancer transport protocol to use for routing: http, https, tcp, or udp.",
      "AllowedValues": [
        "http",
        "https",
        "tcp",
        "udp"
      ]
    }
  },
  "Resources": {
    "Listener": {
      "Type": "ALIYUN::SLB::Listener",
      "Properties": {
        "RequestTimeout": {
          "Ref": "RequestTimeout"
        },
        "ListenerPort": {
          "Ref": "ListenerPort"
        },
        "VServerGroupId": {
          "Ref": "VServerGroupId"
        },
        "CACertificateId": {
          "Ref": "CACertificateId"
        },
        "Scheduler": {
          "Ref": "Scheduler"
        },
        "AclId": {
          "Ref": "AclId"
        },
        "HealthCheck": {
          "Ref": "HealthCheck"
        },
        "IdleTimeout": {
          "Ref": "IdleTimeout"
        },
        "LoadBalancerId": {
          "Ref": "LoadBalancerId"
        },
        "BackendServerPort": {
          "Ref": "BackendServerPort"
        },
        "Persistence": {
          "Ref": "Persistence"
        },
        "AclStatus": {
          "Ref": "AclStatus"
        },
        "Bandwidth": {
          "Ref": "Bandwidth"
        },
        "MasterSlaveServerGroupId": {
          "Ref": "MasterSlaveServerGroupId"
        },
        "ServerCertificateId": {
          "Ref": "ServerCertificateId"
        },
        "HttpConfig": {
          "Ref": "HttpConfig"
        },
        "AclType": {
          "Ref": "AclType"
        },
        "Protocol": {
          "Ref": "Protocol"
        }
      }
    }
  },
  "Outputs": {
    "ListenerPortsAndProtocol": {
      "Description": "The collection of listener.",
      "Value": {
        "Fn::GetAtt": [
          "Listener",
          "ListenerPortsAndProtocol"
        ]
      }
    },
    "LoadBalancerId": {
      "Description": "The id of load balancer",
      "Value": {
        "Fn::GetAtt": [
          "Listener",
          "LoadBalancerId"
        ]
      }
    }
  }
}

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  RequestTimeout:
    Type: Number
    Description: >-
      Specify the request timeout in seconds. Valid value: 1-180 If no response
      is received from the backend server during the specified timeout period,
      Server Load Balancer will stop waiting and send an HTTP 504 error to the
      client.
    MinValue: 1
    MaxValue: 180
  ListenerPort:
    Type: Number
    Description: Port for front listener. Range from 1 to 65535.
    MinValue: 1
    MaxValue: 65535
  VServerGroupId:
    Type: String
    Description: The id of the VServerGroup which use in listener.
  CACertificateId:
    Type: String
    Description: 'CA server certificate id, for https listener only.'
  Scheduler:
    Type: String
    Description: 'The scheduler algorithm. Support ''wrr'' or ''wlc'' only, default is ''wrr'''
    AllowedValues:
      - wrr
      - wlc
    Default: wrr
  AclId:
    Type: String
    Description: >-
      The ID of the access control list associated with the listener to be
      created.

      If the value of the AclStatus parameter is on, this parameter is required.
  HealthCheck:
    Type: Json
    Description: The properties of health checking setting.
  IdleTimeout:
    Type: Number
    Description: >-
      Specify the idle connection timeout in seconds. Valid value: 1-60 If no
      request is received during the specified timeout period, Server Load
      Balancer will temporarily terminate the connection and restart the
      connection when the next request comes.
    MinValue: 1
    MaxValue: 60
  LoadBalancerId:
    Type: String
    Description: The id of load balancer to create listener.
  BackendServerPort:
    Type: Number
    Description: Backend server can listen on ports from 1 to 65535.
    MinValue: 1
    MaxValue: 65535
  Persistence:
    Type: Json
    Description: The properties of persistence.
  AclStatus:
    Type: String
    Description: |-
      Indicates whether to enable access control.
      Valid values: on | off. Default value: off
    AllowedValues:
      - 'on'
      - 'off'
    Default: 'off'
  Bandwidth:
    Type: Number
    Description: >-
      The bandwidth of network, unit in Mbps(Million bits per second). If the
      specified load balancer with "LOAD_BALANCE_ID" is charged by
      "paybybandwidth" and is created in classic network, each Listener's
      bandwidth must be greater than 0 and the sum of all of its Listeners'
      bandwidth can't be greater than the bandwidth of the load balancer.
    MinValue: -1
    MaxValue: 1000
  MasterSlaveServerGroupId:
    Type: String
    Description: The id of the MasterSlaveServerGroup which use in listener.
  ServerCertificateId:
    Type: String
    Description: >-
      Server certificate id, for https listener only, this properties is
      required.
  HttpConfig:
    Type: Json
    Description: Config for http protocol.
  AclType:
    Type: String
    Description: >-
      The access control type:
      * white: Indicates a whitelist. Only requests from IP addresses or CIDR
      blocks in the selected access control lists are forwarded. This applies to
      scenarios in which an application only allows access from specific IP
      addresses.
      Enabling a whitelist poses some risks to your services.
      After a whitelist is enabled, only the IP addresses in the list can access
      the listener.
      If you enable a whitelist without adding any IP addresses in the list, no
      requests are forwarded.
      * black: Indicates a blacklist. Requests from IP addresses or CIDR blocks
      in the selected access control lists are not forwarded (that is, they are
      blocked). This applies to scenarios in which an application only denies
      access from specific IP addresses.
      If you enable a blacklist without adding any IP addresses in the list, all
      requests are forwarded.
      If the value of the AclStatus parameter is on, this parameter is required.
    AllowedValues:
      - white
      - black
  Protocol:
    Type: String
    Description: >-
      The load balancer transport protocol to use for routing: http, https, tcp,
      or udp.
    AllowedValues:
      - http
      - https
      - tcp
      - udp
Resources:
  Listener:
    Type: 'ALIYUN::SLB::Listener'
    Properties:
      RequestTimeout:
        Ref: RequestTimeout
      ListenerPort:
        Ref: ListenerPort
      VServerGroupId:
        Ref: VServerGroupId
      CACertificateId:
        Ref: CACertificateId
      Scheduler:
        Ref: Scheduler
      AclId:
        Ref: AclId
      HealthCheck:
        Ref: HealthCheck
      IdleTimeout:
        Ref: IdleTimeout
      LoadBalancerId:
        Ref: LoadBalancerId
      BackendServerPort:
        Ref: BackendServerPort
      Persistence:
        Ref: Persistence
      AclStatus:
        Ref: AclStatus
      Bandwidth:
        Ref: Bandwidth
      MasterSlaveServerGroupId:
        Ref: MasterSlaveServerGroupId
      ServerCertificateId:
        Ref: ServerCertificateId
      HttpConfig:
        Ref: HttpConfig
      AclType:
        Ref: AclType
      Protocol:
        Ref: Protocol
Outputs:
  ListenerPortsAndProtocol:
    Description: The collection of listener.
    Value:
      'Fn::GetAtt':
        - Listener
        - ListenerPortsAndProtocol
  LoadBalancerId:
    Description: The id of load balancer
    Value:
      'Fn::GetAtt':
        - Listener
        - LoadBalancerId