tencent cloud

Feedback

HTTP/HTTPS Listener Management

Last updated: 2022-06-20 15:51:05

    Adding an HTTP/HTTPS Listener

    1. Log in to the GAAP console. Enter the Access Management page. Click the ID/Connection Name of the specific connection.
    2. On the page that appears, select HTTP/HTTPS Listener Management > Create. You can select either the HTTP or HTTPS protocol. (Note: currently, HTTP/HTTPS listener configuration is not supported for IPv6 connections.)
    3. The specific configuration is as follows:
      1. If HTTP is selected, only the listener port number is required, and the listener will forward packets using the HTTP protocol by default.
      2. If HTTPS is selected, certificates and additional information need to be configured, as shown below:
        • Listeners communicate with the origin server using HTTP protocol means that the HTTPS protocol is used between the client and the acceleration connection VIP, while the HTTP protocol is used between the VIP and the origin server, which requires an HTTP port to be opened on the origin server;
          Listeners communicate with the origin server using HTTPS protocol means that the HTTPS protocol is used between the client and the origin server, which requires an HTTPS port to be opened on the origin server.
        • SSL Parsing: Both one-way and two-way authentication are supported.
        • Server/Client Certificate: Upload/Update a certificate in Certificate Management of the GAAP console, and then select the certificate when creating/modifying an HTTPS listener. For more information, see Certificate Management.

    Configuring an HTTP/HTTPS Listener

    Under the HTTP/HTTPS Listener Management tab, click Set a rule in the operation column to enter the domain name and URL management page.

    Creating a distribution

    1. To add a domain name for an HTTP listener, enter a valid domain name. It must be 3 to 80 characters containing [a-z], [0–9], [.-]. Only exact match is supported.
    2. To add a domain name for an HTTPS listener, enter a valid domain name and select the corresponding server certificate.
      • Domain: 3 to 80 characters containing [a-z], [0–9], [.-]. Only exact match is supported.
      • Server Certificate: by default, it is the certificate used to create the listener. If you upload another certificate, the domain name is authenticated with the uploaded certificate.
      • HTTP3 Transfer: enables it to support QUIC. If the client does not support this protocol, HTTP2.0 and previous versions will be used for access.

    Adding a rule

    After adding a domain name, click Add Rule to add the corresponding URL and select the origin server type. You can add up to 20 URL rules for one domain name as shown below:

    1. Basic configuration:

      • URL: It contains 1-80 characters in the following types: [a-z], [0–9], and [_.-/].
      • Origin Domain: The host field of the origin-pull request can be modified.
      • Origin Server Type: It supports an IP or a domain name. A listener supports only one type.
    2. Processing policy for the origin server:
      Configure the origin server processing policy, that is, if a listener is bound with multiple origin servers, you need to select a scheduling policy for origin servers.

      • RR: Multiple origin servers perform origin-pull according to the RR policy.
      • Weighted RR: Multiple origin servers perform origin-pull according to the weight ratio (this configuration is not supported if the origin server type is a domain name).
      • Least Connections: It schedules the origin server with the least number of connections first.
      • Origin-pull SNI: It forwards SNI to the origin server before an SSL connection is established, and based on the SNI value the origin server returns a certificate.
    3. Origin health check mechanism:
      The health check mechanism can be enabled. For the current domain name, you can configure an independent check URL. HEAD and GET request methods are supported. Check status codes include http_1xx, http_2xx, http_3xx, http_4xx, and http_5xx, and one or multiple codes can be selected. When a specified status code is detected, the listener considers that the backend origin server is normal. If no status code is detected, the listener considers that the backend origin server has an exception.

    Modifying a domain name

    After adding a domain name, you can click Modify Domain Name to modify the domain name.

    Deleting a domain name

    After adding a domain name, you can click Delete to delete the domain name. If a rule under the domain name has been bound to an origin server, you need to select Force deletion of listeners bound with origin server.

    HTTP3 configuration

    The HTTP3 configuration controls whether to support HTTP3 (QUIC). Currently, HTTP3 can only be configured for HTTPS listeners.

    Modifying a rule

    Refer to the Adding a rule section above. The main difference is that the domain name and origin server type cannot be modified.

    Binding an origin server

    For more information, see Binding Origin Server. You can bind different ports to different origin servers. For more information on the Cover Port and Complement Port features, see Binding TCP/UDP Listener to Origin Server.

    Note:

    A rule can be bound to up to 100 origin servers.

    Deleting a rule

    After adding a rule, you can click Delete to delete the rule. If the rule has been bound to an origin server, you need to select Force deletion of listeners bound with origin server first.

    Configuring origin-pull request header

    1. After adding a rule, you can select More in the Operation column of the rule and click Set Origin-Pull Request Header.
    2. Click Add Parameter and enter the request header's name and value. The $remote_addr variable can be used to specify the real client IP carried in the request header (by default, the X-Forwarded-For header carries the client IP for origin-pull). To use other variables with $, please submit a ticket.
    Note:

    1. The Key value of the HTTP header name can contain 1–100 digits (0–9), letters (a–z, A–Z), and special symbols (-, _, :, and space). The Value can contain 1–100 characters;
    2. Up to 10 origin-pull HTTP request headers can be configured for each rule;
    3. The standard headers listed below cannot be set/added/deleted in a self-service manner.
    www-authenticate authorization proxy-authenticate proxy-authorization
    age cache-control clear-site-data expires
    pragma warning accept-ch accept-ch-lifetime
    early-data content-dpr dpr device-memory
    save-data viewport-width width last-modified
    etag if-match if-none-match if-modified-since
    if-unmodified-since vary connection keep-alive
    Accept accept-charset expect max-forwards
    access-control-allow-origin access-control-max-age access-control-allow-headers access-control-allow-methods
    access-control-expose-headers access-control-allow-credentials access-control-request-headers access-control-request-method
    origin timing-allow-origin dnt tk
    content-disposition content-length content-type content-encoding
    content-language content-location forwarded x-forwarded-host
    x-forwarded-proto via from host
    referer-policy allow server accept-ranges
    range if-range content-range cross-origin-embedder-policy
    cross-origin-opener-policy cross-origin-resource-policy content-security-policy content-security-policy-report-only
    expect-ct feature-policy strict-transport-security upgrade-insecure-requests
    x-content-type-options x-download-options x-frame-options(xfo) x-permitted-cross-domain-policies
    x-powered-by x-xss-protection public-key-pins public-key-pins-report-only
    sec-fetch-site sec-fetch-mode sec-fetch-user sec-fetch-dest
    last-event-id nel ping-from ping-to
    report-to transfer-encoding te trailer
    sec-websocket-key sec-websocket-extensions sec-websocket-accept sec-websocket-protocol
    sec-websocket-version accept-push-policy accept-signature alt-svc
    date large-allocation link push-policy
    retry-after signature signed-headers server-timing
    service-worker-allowed sourcemap upgrade x-dns-prefetch-control
    x-firefox-spdy x-pingback x-requested-with x-robots-tag
    x-ua-compatible max-age

    Deleting an HTTP/HTTPS Listener

    Open the HTTP/HTTPS Listener Management tab, click Delete on the right of the selected listener. If the listener has been bound with the origin server, you need to check Allow force deletion of listeners bound with origin servers first. After it is deleted, acceleration of the listener port will stop.

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support