tencent cloud

Feedback

HTTP/HTTPS Listener Management

Last updated: 2024-10-14 16:50:58

    Adding an HTTP/HTTPS Listener

    1. Log in to the GAAP console. Enter the Access Management page. Click the ID/Connection Name of the specific connection.
    2. On the page that appears, select HTTP/HTTPS Listener Management > Create. You can select either the HTTP or HTTPS protocol. (Note: currently, HTTP/HTTPS listener configuration is not supported for IPv6 connections.)
    3. The specific configuration is as follows:
    3.1 If HTTP is selected, only the listener port number is required, and the listener will forward packets using the HTTP protocol by default.
    
    
    3.2 If HTTPS is selected, certificates and additional information need to be configured, as shown below:
    
    
    Listeners communicate with the origin server using HTTP protocol means that the HTTPS protocol is used between the client and the acceleration connection VIP, while the HTTP protocol is used between the VIP and the origin server, which requires an HTTP port to be opened on the origin server; Listeners communicate with the origin server using HTTPS protocol means that the HTTPS protocol is used between the client and the origin server, which requires an HTTPS port to be opened on the origin server.
    SSL Parsing: Both one-way and two-way authentication are supported.
    Server/Client Certificate: Upload/Update a certificate in Certificate Management of the GAAP console, and then select the certificate when creating/modifying an HTTPS listener. For more information, see Certificate Management.

    Configuring an HTTP/HTTPS Listener

    Under the HTTP/HTTPS Listener Management tab, click Set a rule in the operation column to enter the domain name and URL management page.

    Creating a distribution

    1. To add a domain name for an HTTP listener, enter a valid domain name. It must be 3 to 80 characters containing [a-z], [0–9], [.-]. Only exact match is supported.
    
    
    2. To add a domain name for an HTTPS listener, enter a valid domain name and select the corresponding server certificate.
    
    
    Domain: 3 to 80 characters containing [a-z], [0–9], [.-]. Only exact match is supported.
    Server Certificate: by default, it is the certificate used to create the listener. If you upload another certificate, the domain name is authenticated with the uploaded certificate.
    HTTP3 Transfer: enables it to support QUIC. If the client does not support this protocol, HTTP2.0 and previous versions will be used for access.

    Adding a rule

    After adding a domain name, click Add Rule to add the corresponding URL and select the origin server type. You can add up to 20 URL rules for one domain name as shown below:
    1. Basic configuration:
    
    
    URL: It contains 1-80 characters in the following types: [a-z], [0–9], and [_.-/].
    Origin Domain: The host field of the origin-pull request can be modified.
    Origin Server Type: It supports an IP or a domain name. A listener supports only one type.
    2. Processing policy for the origin server: Configure the origin server processing policy, that is, if a listener is bound with multiple origin servers, you need to select a scheduling policy for origin servers.
    
    
    RR: Multiple origin servers perform origin-pull according to the RR policy.
    Weighted RR: Multiple origin servers perform origin-pull according to the weight ratio (this configuration is not supported if the origin server type is a domain name).
    Least Connections: It schedules the origin server with the least number of connections first.
    Origin-pull SNI: It forwards SNI to the origin server before an SSL connection is established, and based on the SNI value the origin server returns a certificate.
    3. Origin health check mechanism: The health check mechanism can be enabled. For the current domain name, you can configure an independent check URL. HEAD and GET request methods are supported. Check status codes include http_1xx, http_2xx, http_3xx, http_4xx, and http_5xx, and one or multiple codes can be selected. When a specified status code is detected, the listener considers that the backend origin server is normal. If no status code is detected, the listener considers that the backend origin server has an exception.
    
    

    Modifying a domain name

    After adding a domain name, you can click Modify Domain Name to modify the domain name.
    
    

    Deleting a domain name

    After adding a domain name, you can click Delete to delete the domain name. If a rule under the domain name has been bound to an origin server, you need to select Force deletion of listeners bound with origin server.
    
    

    HTTP3 configuration

    The HTTP3 configuration controls whether to support HTTP3 (QUIC). Currently, HTTP3 can only be configured for HTTPS listeners.
    
    

    Modifying a rule

    Refer to the Adding a rule section above. The main difference is that the domain name and origin server type cannot be modified.

    Binding an origin server

    For more information, see Binding Origin Server. You can bind different ports to different origin servers. For more information on the Cover Port and Complement Port features, see Binding TCP/UDP Listener to Origin Server.
    Note:
    A rule can be bound to up to 100 origin servers.

    Deleting a rule

    After adding a rule, you can click Delete to delete the rule. If the rule has been bound to an origin server, you need to select Force deletion of listeners bound with origin server first.
    
    

    Configuring origin-pull request header

    1. After adding a rule, you can select More in the Operation column of the rule and click Set Origin-Pull Request Header.
    
    
    2. Click Add Parameter and enter the request header's name and value. The $remote_addr variable can be used to specify the real client IP carried in the request header (by default, the X-Forwarded-For header carries the client IP for origin-pull). To use other variables with $, please submit a ticket.
    Note:
    1. The Key value of the HTTP header name can contain 1–100 digits (0–9), letters (a–z, A–Z), and special symbols (-, _, :, and space). The Value can contain 1–100 characters;
    2. Up to 10 origin-pull HTTP request headers can be configured for each rule;
    3. The standard headers listed below cannot be set/added/deleted in a self-service manner.
    www-authenticate
    authorization
    proxy-authenticate
    proxy-authorization
    age
    cache-control
    clear-site-data
    expires
    pragma
    warning
    accept-ch
    accept-ch-lifetime
    early-data
    content-dpr
    dpr
    device-memory
    save-data
    viewport-width
    width
    last-modified
    etag
    if-match
    if-none-match
    if-modified-since
    if-unmodified-since
    vary
    connection
    keep-alive
    Accept
    accept-charset
    expect
    max-forwards
    access-control-allow-origin
    access-control-max-age
    access-control-allow-headers
    access-control-allow-methods
    access-control-expose-headers
    access-control-allow-credentials
    access-control-request-headers
    access-control-request-method
    origin
    timing-allow-origin
    dnt
    tk
    content-disposition
    content-length
    content-type
    content-encoding
    content-language
    content-location
    forwarded
    x-forwarded-host
    x-forwarded-proto
    via
    from
    host
    referer-policy
    allow
    server
    accept-ranges
    range
    if-range
    content-range
    cross-origin-embedder-policy
    cross-origin-opener-policy
    cross-origin-resource-policy
    content-security-policy
    content-security-policy-report-only
    expect-ct
    feature-policy
    strict-transport-security
    upgrade-insecure-requests
    x-content-type-options
    x-download-options
    x-frame-options(xfo)
    x-permitted-cross-domain-policies
    x-powered-by
    x-xss-protection
    public-key-pins
    public-key-pins-report-only
    sec-fetch-site
    sec-fetch-mode
    sec-fetch-user
    sec-fetch-dest
    last-event-id
    nel
    ping-from
    ping-to
    report-to
    transfer-encoding
    te
    trailer
    sec-websocket-key
    sec-websocket-extensions
    sec-websocket-accept
    sec-websocket-protocol
    sec-websocket-version
    accept-push-policy
    accept-signature
    alt-svc
    date
    large-allocation
    link
    push-policy
    retry-after
    signature
    signed-headers
    server-timing
    service-worker-allowed
    sourcemap
    upgrade
    x-dns-prefetch-control
    x-firefox-spdy
    x-pingback
    x-requested-with
    x-robots-tag
    x-ua-compatible
    max-age
    
    

    Deleting an HTTP/HTTPS Listener

    Open the HTTP/HTTPS Listener Management tab, click Delete on the right of the selected listener. If the listener has been bound with the origin server, you need to check Allow force deletion of listeners bound with origin servers first. After it is deleted, acceleration of the listener port will stop.
    
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support