Creating a Load Balancer Listener

Describes how to create a listener for a load balancer.

Using the Console

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Load Balancer under Type to only display load balancers.

  5. Select the load balancer for which you want to create a listener.

    The Load Balancer Details dialog box appears.

  6. Click Listeners under Resources.

    The Listeners list appears. All listeners are listed in tabular form.

  7. Click Create Listener.

    The Create Listener dialog box appears.

  8. Enter the following:

    • Name: Required. Specify a friendly name for the listener. The name must be unique, and cannot be changed.

    • Hostname: Optional. Select up to 16 virtual hostnames for this listener.

      Note

      To apply a virtual hostname to a listener, the name must be part of the load balancer's configuration. If the load balancer has no associated hostnames, you can create one on the Hostnames page. See Virtual Hostnames for Load Balancer for more information.

    • Protocol: Required. Specify the protocol to use, either HTTP or TCP.

    • Port: Required. Specify the port on which to listen for incoming traffic.

    • Use SSL: Required for HTTP/2 and HTTPS, optional for HTTP and TCP (check box to enable). The following settings are required to associate an SSL certificate bundle with the listener to enable SSL handling. See SSL Certificates for Load Balancers for more information on using SSL certificates with load balancers.

      The load balancer automatically detects changes and consumes the current version of the Certificates service entities (certificates, certificate authorities, and CABundles) for use in SSL configuration. See Certificates for more information on automated certificate rotations.

      • Certificate Resource: Select the certificate resource type from the list:

        The method of importing the certificate varies depending on the certificate resource type you select.

        • Certificate Service Managed Certificate: Select the certificate in the specified compartment from the Certificate list. Click Change Compartment to choose a different compartment from where to select the certificate.

          Advanced options are available with this selection. Click Show Advanced Options and select the Advanced SSL tab. This option is described later in this topic.

        • Load Balancer Managed Certificate: Select one of these options to import the certificate:

          • Choose SSL Certificate File: Required. Drag and drop the certificate file, in PEM format, into the SSL Certificate field.
          • Alternatively, you can choose the Paste SSL Certificate option to paste a certificate directly into this field.

            Important

            If you submit a self-signed certificate for backend SSL, you must submit the same certificate in the corresponding CA Certificate field.

          • Specify Private Key: Optional. (Required for SSL termination.) Select (check) this box if you want to provide a private key for the certificate.

            • Choose Private Key File: Drag and drop the private key, in PEM format, into the Private Key field.

              Alternatively, you can choose the Paste Private Key option to paste a private key directly into this field.

            • Enter Private Key Passphrase: Optional. Specify the private key passphrase.

      • Verify Peer Certificate: Optional. Select this option to enable peer certificate verification. See SSL Certificates for Load Balancers for more information.

        Mutual TLS (mTLS) is not supported for communication between a load balancer and its backend servers. You can use mTLS for communication between load balancers and users.

      • Verify Depth: Optional. Specify the maximum depth for certificate chain verification. See SSL Certificates for Load Balancers for more information.

    • Backend Set: Required. Specify the default backend set to which the listener routes traffic.

    • Idle Timeout in Seconds: Optional. Specify the maximum idle time in seconds. This setting applies to the time allowed between two successive receive or two successive send network input/output operations during the HTTP request-response phase.

      Note

      The maximum value is 7200 seconds. For more information, see Load Balancer Timeout Connection Settings.

    • Choose either a Routing Policy or a Path Route Set.

      • Routing Policy: Optional. Specify the name of the routing policy that applies to this listener's traffic.

      • Path Route Set: Optional. Specify the name of the set of path-based routing rules that applies to this listener's traffic.

        Note

        • To apply a path route set to a listener, the set must be part of the load balancer's configuration.

        • To remove a path route set from an existing listener, choose None as the Path Route Set option. The path route set remains available for use by other listeners on this load balancer.

    • Rule Sets: Optional. Select a rule set to apply to this listener's traffic.

      Important

      • To apply a rule set to a listener, the set must be part of the load balancer's configuration.
      • To remove a rule set from the list, click the corresponding red box. The rule set remains available for use by other listeners on this load balancer.
    • Show Advanced Options: Click to display the following options:

      • Advanced SSL tab: (Only present if the Certificate Service Managed Certificate certificate resource is selected.) Select one of these options if you picked Certificate Service Managed Certificate when selecting the certificate resource for the listener.

        • CA Bundle: Select the certificate authority bundle in the specified compartment from the list. Click Change Compartment to choose a different compartment from where to select the certificate authority bundle.

        • Certificate Authority: Select the certificate authority in the specified compartment from the list. Click Change Compartment to choose a different compartment from where to select the certificate authority bundle.

      • TLS Version: Specify the Transport Layer Security (TLS) versions:

        • 1.0

        • 1.1

        • 1.2 (recommended)

        You can select any combination of versions. Choose the ones you want from the list. If you do not specify the TLS versions, the default TLS is version 1.2 only.

        • Select Cipher Suite: Select a set of cipher suites from the list. (default).

          All choices present in the list have at least one cipher associated with each TLS version you selected.

      • Click Show Cipher Suite Details to display the individual ciphers the selected cipher suite contains.

      • Server Order Preference:: Select Enable to give preference to the server ciphers over the client.

  9. Click Create Listener.

When you create a listener, you must also update your VCN's security rules to allow traffic to that listener.

Using the CLI

Use the oci lb listener create command and required parameters to to create a listener for a load balancer:

oci lb listener create --name name --default-backend-set-name default_backend_set_name --load-balancer-id load_balancer_id --port port --protocol protocol [OPTIONS]

For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

Using the API

Run the CreateListener operation to create a listener for a load balancer.