All Products
Search
Document Center

Server Load Balancer:Configure a CLB instance to serve multiple domain names over HTTPS

Last Updated:Jan 05, 2024

This topic describes how to enable an HTTPS listener of an Application Load Balancer (ALB) instance to forward HTTPS requests destined for different domain names to different backend servers.

Sample scenario

This topic describes how to configure multiple certificates for an HTTPS listener of a Classic Load Balancer (CLB) instance to forward HTTPS requests to different backend servers based on forwarding rules.

The following configurations are used in this example:

  • The default certificate of the listener is associated with the domain name aliyundoc.com. The default backend server group is RS1.

  • The additional certificate example1 of the listener is associated with the domain name www.example.com. Requests that are destined for https://www.example.com are forwarded to the backend server group RS1.

  • The additional certificate example2 of the listener is associated with the domain name www.example.org. Requests that are destined for https://www.example.or are forwarded to the backend server RS2.

image

Prerequisites

  • A CLB instance is created. For more information, see Create and manage a CLB instance.

  • A vServer group named RS1 and another vServer group named RS2 are created. For more information, see Create and manage vServer groups.

  • ECS01 is added to RS1 and ECS02 is added to RS2. Applications are deployed on ECS01 and ECS02.

  • The domain name is registered and an Internet content provider (ICP) number is obtained for the domain name. For more information, see Register a domain name on Alibaba Cloud and ICP filing application overview.

  • Required certificates are deployed. If the certificates are purchased from a third-party service provider, you must upload them to Certificate Management Service. In addition, make sure that the certificates are associated with your domain name. For more information about how to apply for a certificate, see Submit a certificate application. The following certificates are used in this example:

    • The default certificate that is associated with the domain name aliyundoc.com.

    • The additional certificate example1 that is associated with the domain name www.example.com.

    • The additional certificate example2 that is associated with the domain name www.example.org.

    Note

    Deploy the certificates on the CLB instance. Otherwise, the certificates cannot take effect. For more information, see Create a certificate.

Step 1: Create an HTTPS listener

  1. Log on to the CLB console.

  2. In the top navigation bar, select the region in which the CLB instance in created.

  3. On the Instances page, find the CLB instance that you want to manage, and click Configure Listener in the Actions column.

  4. In the Protocol & Listener step, set the parameters and click Next.

    The following section describes some of the parameters. Set the other parameters based on your business requirements.

    • Select Listener Protocol: HTTPS is selected in this example.

    • Listener Port: Port 443 is selected in this example.

  5. In the Certificate Management Service step, select a certificate that you uploaded and click Next. The default certificate is selected in this example.

  6. In the Backend Servers step, select vServer group and select RS1 from the Server Group drop-down list.

  7. Keep the default values for other parameters and click Next. In the Confirm step, click Submit.

Step 2: Add additional certificates

  1. On the Instances page, click the ID of the CLB instance that you want to manage.

  2. On the Listeners tab, find the HTTPS listener that you want to manage and choose 更多操作 > Manage Additional Certificate in the Actions column.

  3. In the Manage Additional Certificate panel, click Add Additional Certificate to add an additional certificate.

    1. Set Additional Certificate to www.example.com, select the certificate that is associated with www.example.com from the Server Certificate drop-down list, and then click OK.

    2. Set Additional Certificate to www.example.org, select the certificate that is associated with www.example.org from the Server Certificate drop-down list, and then click OK.

    Note

    The domain names of the certificates must be the same as those of the additional certificates.

Step 3: Add forwarding rules

  1. On the Instances page, click the ID of the CLB instance that you want to manage.

  2. On the Listeners tab, find the listener that you want to manage and click Set Forwarding Rule in the Actions column.

  3. In the Add Forwarding Rules panel, set the parameters to create a forwarding rule.

    In this example, a domain name-based forwarding rule is created. No URL-based forward rule is created.

    1. Set Domain Name to www.example.com, select a vServer group, and then click Add Forwarding Policy.

    2. Set Domain Name to www.example.org, select a vServer group, and then click Add Forwarding Policy.

  4. After you create the forwarding rules, close the Add Forwarding Rules panel.

Step 4: Configure domain name resolution

Add an A record for each of www.example.com and www.example.org to map them to the public IP address of the CLB instance.

  1. Log on to the CLB console.

  2. In the top navigation bar, select the region in which the CLB instance is deployed.

  3. Find the CLB that you want to manage and copy the IP address.

  4. Perform the following steps to add an A record:

    1. Log on to the Alibaba Cloud DNS console.

    2. On the Domain Name Resolution page, click Add Domain Name.

    3. In the Add Domain Name dialog box, enter the domain name of your host and click OK.

      Important

      Before you create the A record, you must use a TXT record to verify the ownership of the domain name.

    4. Find the domain names that you want to manage and click Configure in the Actions column.

    5. On the DNS Settings page, click Add Record.

    6. In the Add DNS Record panel, configure the following parameters and click OK.

      Parameter

      Description

      Type

      Select A from the drop-down list.

      Host

      Enter the prefix of your domain name.

      DNS Request Source

      Select Default.

      Record Value

      Enter the IP address of the CLB instance.

      TTL

      Select a time-to-live (TTL) value for the CNAME record to be cached on the DNS server. The default value is used in this example.

Step 5: Verify the result

Access www.example.com and www.example.org from a browser to test whether you can access ALB. In this example, a static webpage is created on each of the backend servers in RS1 and RS2.

  • Access the domain name www.example.com, which is associated with the additional certificate example1, from a browser. The request is forwarded to ECS01 on the backend server in RS1 based on the forwarding rule. The following figure shows the test result.ECS01验证结果

  • Access the domain name www.example.org, which is associated with the additional certificate example2, from a browser. The request is forwarded to ECS02 on the backend server in RS2 based on the forwarding rule. The following figure shows the test result.ECS02验证结果

Note

If you cannot access the domain names, restart your browser to clear the cache and try again.

References