Add a HTTPS listener

Use this guide to add a new HTTPS listener to an existing Application Load Balancer (ALB).

Steps to Add a New HTTPS Listener

1. Access the Load Balancer Homepage: Go to https://hcm-3.console.vngcloud.vn/vserver/load-balancer/vlb.

2. Select Your Load Balancer: Click on the Load Balancer where you want to add the new listener.

3. Go to the Listener Tab: In the Load Balancer details page, select the "Listener" tab.

4. Click "Add New Listener": A pop-up window will appear, allowing you to configure the listener's information.

5. Configure Listener Settings:

   • Listener Name: Note that the listener name cannot be changed after creation.

   • Protocol & Port: Select the HTTPS protocol and choose a port (the default is port 443, and it will increment if lower ports are already in use).

   • Default Certificate: Choose the default SSL/TLS certificate for the listener.

   • SNI Certificates (Optional): Select additional certificates to use for Server Name Indication (SNI). Note that you cannot remove or change SNI certificates after creating the HTTPS listener.

   • Request Header Configuration (Advanced): The default headers are X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Port. You can deselect these if they are not needed.

   • Client Certificate Authentication (Optional): Enable client certificate authentication to add an extra layer of security by requiring client-side SSL/TLS certificates. Learn more about Client Certificate Authentication.

   • Default Pool and Action: If incoming requests to the listener are not covered by configured policies, they will be directed to the default pool for processing.

   • Advanced Configuration: Refer to the guides below for advanced configuration options:

     • Configuring Timeouts

     • Configuring IP Whitelists for Load Balancers

Additional Notes

• Certificate Management: Ensure you have valid SSL/TLS certificates uploaded to your VNG Cloud account before creating an HTTPS listener.

• SNI (Server Name Indication): SNI allows you to host multiple HTTPS websites on a single Load Balancer using different domain names and certificates.

• Client Certificate Authentication: This feature is useful for applications that require strong client authentication.

• Default Pool: As with HTTP listeners, the default pool serves as a fallback for requests that don't match any specific routing rules.

• Advanced Configurations: Explore the timeout and IP whitelisting options to fine-tune your listener's behavior.