Oracle Cloud Infrastructure Documentation

Creating a Load Balancer Listener

On Compute Cloud@Customer, you can configure a listener for a load balancer (LB). The listener checks for incoming traffic on the LB IP address. Configure at least one listener per traffic type: HTTP, HTTP/2, HTTPS, and TCP.

Prerequisites

  1. Ensure that your VCN's security rules allow the listener to accept traffic.

  2. Know the traffic protocols that the LB accepts.

    • Using the Console: On the LB details page, under Resources, select Create Listener. The supported traffic protocols are shown on the Protocol drop-down list.

    • Using the CLI: oci lb protocol list -c compartment_OCID

  3. If the LB accepts HTTPS traffic, and you plan to select HTTPS, create a certificate and cipher suite for use in SSL configuration. See Adding a Load Balancer Certificate and Creating a Load Balancer SSL Cipher Suite.

  4. At least one backend set must exist for this LB. See Managing Backend Sets.

    1. In the Compute Cloud@Customer Console navigation menu, select Networking, then select Load Balancers.

    2. At the top of the page, select the compartment that contains the load balancer.

    3. Select the name of the Load Balancer for which you want to create the listener.

      Any existing listeners are listed under the Load Balancer Information, otherwise the list says No data available.

    4. Select Create Listener.

    5. Enter the following information. Name, protocol, port, and backend set are required. Other parameters, such as hostnames, path route sets, SSL certificate, and cipher suites can be added later.

      • Name: Enter a descriptive name for the Listener. The name must be unique and cannot be changed.

      • Protocol: Select the protocol to listen for (HTTP, HTTP/2, HTTPS, TCP) from the drop-down list.

        If you select HTTP/2, HTTPS, or TCP, an SSL section appears at the bottom of the dialog, after Idle Timeout in Seconds.

      • Port: A default port value, depending on the protocol you selected, is preselected. Use the up or down arrows to change the port value, or enter a value between 1 and 65,535.

      • Backend Set: Select a backend set from the list.

      • Hostnames: Select a hostname from the list.

      • Path Route Set: Select a path route set from the list.

      • Idle Timeout in Seconds: Use the up or down arrows to change the idle timeout value, or enter a value greater than or equal to 1.

      • SSL: This item appears if you select HTTP/2, HTTPS, or TCP for protocol.

        • Use SSL: For HTTP/2 and HTTPS protocols, this box is selected and can't be cleared. For TCP protocol, this box isn't checked. If you check this box, the following parameters appear, just as they do if you selected HTTP/2 or HTTPS protocol.

          Selecting this box enables SSL handling for this listener. The following settings are required to associate an SSL certificate bundle with the listener to enable SSL handling.

        • Certificates: Select a certificate from the list.

        • Verify peer certificate: Select this box to enable peer certificate verification.

        • TLS Version: Select at least one TLS version.

        • Cipher Suite: Select a cipher suite from the list.

    6. Select Create Listener.

      To display the details of the listener, you must view the details for the entire load balancer.

  • Use the oci lb listener create command and required parameters to create a listener for an existing load balancer. You must list the traffic protocols that the load balancer accepts before you create the listener.

    Procedure

    1. Get the LB OCID: oci lb load-balancer list

    2. Run the create listener command.

      Syntax:

      oci lb listener create --default-backend-set-name backend-set-name \
--load-balancer-id load-balancer_OCID \  
--name listener-name --port listener-port \
--protocol listener-protocol

      Option values:

      backend-set-name - The name of the associated backend set.

      load-balancer_OCID - The OCID of the load balancer on which to add a listener.

      listener_name - A user-friendly name for the listener. It must be unique and it can't be changed.

      listener-port - The communication port number for the listener.

      listener-protocol - The protocol on which the listener accepts connection requests.

      Example:

      This example shows only required parameters. Other parameters, such as hostnames, path route sets, SSL certificate, and cipher suites can be added later. Use the -h option for more information.

      $ oci lb listener create --default-backend-set-name PublicLB1-Backend-Set --load-balancer-id ocid1.loadbalancer.unique_ID --name LB1-Listener --port 80 --protocol HTTP  

{
 "opc-work-request-id": "ocid1.workrequest.oc1.pca.loadbalancer.unique_ID"
}

      To view the listener details, use the load-balancer get command. In the following example, most of the command output is omitted to show only the listener details:

      $ oci lb load-balancer get --load-balancer-id ocid1.loadbalancer.unique_ID
{
  "data": {
    ...
    "listeners": {
      "LB1_Listener": {
        "connection-configuration": {
          "backend-tcp-proxy-protocol-version": null,
          "idle-timeout": 60
          },
        "default-backend-set-name": "PublicLB1-Backend-Set",
        "hostname-names": null,
        "name": "LB1_Listener",
        "path-route-set-name": null,
        "port": 80,
        "protocol": "HTTP",
        "routing-policy-name": null,
        "rule-set-names": null,
        "ssl-configuration": null
        }
      },
    ...
    },
  "etag": "9326dbb5-d842-4975-9cfb-ced7717e92d6"
}

    For a complete list of CLI commands, flags, and options, see the Command Line Reference.

  • Use the CreateListener operation to create a listener for an existing load balancer.

    For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.