Oracle Cloud Infrastructure Documentation

Creating a Load Balancer Listener

Create a listener to check for incoming traffic on the load balancer's IP address.

For prerequisite information, see Listeners for Load Balancers.

    1. Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer. The Load balancers page appears.

    2. Select the Compartment from the list. All load balancers in that compartment are listed in tabular form.

    3. Select a State from the list to limit the load balancers displayed to that state.

    4. Select the load balancer for which you want to create a listener. The load balancer's Details page appears.

    5. Click Listeners under Resources. The Listeners list appears. All listeners are listed in tabular form.

    6. Click Create listener. The Create listener dialog box appears.

    7. Complete the following:

      • Name: Enter a friendly name for the listener. The name must be unique, and can't be changed.

      • Hostname: (Optional) Select up to 16 virtual hostnames for this listener.

        Note

        To apply a virtual hostname to a listener, the name must be part of the load balancer's configuration. If the load balancer has no associated hostnames, you can create one on the Hostnames page. See Virtual Hostnames for Load Balancer for more information.

      • Protocol: Specify the protocol to use: HTTP, HTTP/2, TCP, or HTTPS.

      • Port: Specify the port on which to listen for incoming traffic.

      • Use SSL: (Required for HTTP/2 and HTTPS, optional for HTTP and TCP) Select to enable. The following settings are required to associate an SSL certificate bundle with the listener to enable SSL handling. See SSL Certificates for Load Balancers for more information on using SSL certificates with load balancers.

        The load balancer automatically detects changes and consumes the current version of the Certificates service entities (certificates, certificate authorities, and CABundles) for use in SSL configuration. See Certificates for more information on automated certificate rotations.

        • Certificate resource: Select the certificate resource type from the list:

          The method of importing the certificate varies depending on the certificate resource type you select.

          Certificate service managed certificate: Select the certificate in the specified compartment from the Certificate list. Click Change compartment to choose a different compartment from where to select the certificate.

          • Advanced options are available with this selection. Click Show advanced options and select the Advanced SSL tab. This option is described later in this topic.

          • Load balancer managed certificate: Select one of these options to import the certificate:

            Choose SSL certificate file: Drag the certificate file, in PEM format, into the SSL certificate field. Alternatively, you can choose the Paste SSL certificate option to paste a certificate directly into this field. If you submit a self-signed certificate for backend SSL, you must submit the same certificate in the corresponding CA Certificate field.

            Specify private key: (Required for SSL termination, optional for all else) Select box to provide a private key for the certificate.

            Choose private key file: Drag the private key, in PEM format, into the Private key field. You can also choose the Paste private key option to paste a private key directly into this field.

            Enter private key passphrase: (Optional) Specify the private key passphrase.

        • Verify peer certificate: (Optional) Select this option to enable peer certificate verification. See SSL Certificates for Load Balancers for more information.

          Mutual TLS (mTLS) isn't supported for communication between a load balancer and its backend servers. You can use mTLS for communication between load balancers and users.

        • Verify depth: (Optional) Specify the maximum depth for certificate chain verification. See SSL Certificates for Load Balancers for more information.

      • Backend set: Specify the default backend set to which the listener routes traffic.

      • Idle timeout in seconds: (Optional) Specify the maximum idle time in seconds. This setting applies to the time allowed between two successive receive or two successive send network input/output operations during the HTTP request-response phase. The maximum value is 7200 seconds. For more information, see Load Balancer Timeout Connection Settings.

      • Choose either a Routing policy or a Path route set.

        • Routing policy: (Optional) Specify the name of the routing policy that applies to this listener's traffic.

        • Path route set: (Optional) Specify the name of the set of path-based routing rules that applies to this listener's traffic.

          To apply a path route set to a listener, the path route set must be part of the load balancer's configuration.

          To remove a path route set from an existing listener, choose None as the Path Route Set option. The path route set remains available for use by other listeners on this load balancer.

      • Rule sets: (Optional) Select a rule set to apply to this listener's traffic. To apply a rule set to a listener, the set must be part of the load balancer's configuration. To remove a rule set from the list, click the corresponding red box. The rule set remains available for use by other listeners on this load balancer.

      • Show advanced options: Click to display the following options:

        • Advanced SSL: (Only present if the Certificate Service Managed Certificate certificate resource is selected.) Select one of these options if you picked Certificate Service Managed Certificate when selecting the certificate resource for the listener.

          CA bundle: Select the certificate authority bundle in the specified compartment from the list. Click Change compartment to choose a different compartment from where to select the certificate authority bundle.

          Certificate authority: Select the certificate authority in the specified compartment from the list. Click Change compartment to choose a different compartment from where to select the certificate authority bundle.

        • TLS version: Specify the Transport Layer Security (TLS) versions: 1.0, 1.1, 1.2 (recommended), and 1.3.

          You can select any combination of versions. Choose the ones you want from the list. If you do not specify the TLS versions, the default TLS is version 1.2 only.

          Select cipher suite: Select a set of cipher suites from the list. (default). All choices present in the list have at least one cipher associated with each TLS version you selected.

          Create an SSL certificate using the signing algorithm that is based on the ciphers that are enabled for your security policy.

        • Show cipher suite details: Click to display the individual ciphers the selected cipher suite contains.

        • Server order preference: Select Enable to give preference to the server ciphers over the client.

    8. Click Create listener.

    When you create a listener, you must also update your VCN's security rules to allow traffic to that listener.

  • Use the oci lb listener create command and required parameters to to create a listener for a load balancer:

    oci lb listener create --name name --default-backend-set-name default_backend_set_name --load-balancer-id load_balancer_id --port port --protocol protocol [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateListener operation to create a listener for a load balancer.