Managing Listeners

This topic describes how to create and manage listeners. This topic is part of the setup and maintenance of a load balancer. For more Load Balancing information about managing load balancers, see Managing Load Balancers.

Warning

Avoid entering confidential information when assigning descriptions, tags, or friendly names to your cloud resources through the Oracle Cloud Infrastructure Console, API, or CLI.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a policy  written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which compartment  you should work in.

For administrators: For a typical policy that gives access to load balancers and their components, see Let network admins manage load balancers.

Also, be aware that a policy statement with inspect load-balancers gives the specified group the ability to see all information about the load balancers. For more information, see Details for Load Balancing.

If you're new to policies, see Getting Started with Policies and Common Policies.

Working with Listeners

A listener is a logical entity that checks for incoming traffic on the load balancer's IP address.

To handle TCP, HTTP, and HTTPS traffic, you must configure at least one listener per traffic type.

When you create a listener, you must ensure that your VCN's security rules allow the listener to accept traffic.

Tip

To accommodate high-volume traffic, Oracle strongly recommends that you use stateless security rules for your load balancer subnets.

You can have one SSL certificate bundle per listener. You can configure two listeners, one each for ports 443 and 8443, and associate SSL certificate bundles with each listener. For more information about SSL certificates for load balancers, see Managing SSL Certificates.

Click Listeners under Resources in the Load Balancer Details page to display the Listeners page. This page contains a button for creating listeners.

Creating Listeners

To create a listener
  1. Open the navigation menu. Under the Core Infrastructure group, go to Networking and click Load Balancers.
  2. Choose the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
  3. Click Listeners under the Resources menu, then click Create Listener.

    The Create Listener dialog box appears.

  4. Enter the following:

    • Name: Required. Specify a friendly name for the listener. The name must be unique, and cannot be changed. Avoid entering confidential information.
    • Hostname: Optional. Select up to 16 virtual hostnames for this listener.

      Important

      To apply a virtual hostname to a listener, the name must be part of the load balancer's configuration. If the load balancer has no associated hostnames, you can create one on the Hostnames page.
    • Protocol: Required. Specify the protocol to use, either HTTP or TCP.
    • Port: Required. Specify the port on which to listen for incoming traffic.
    • Use SSL: Optional. Check this box to associate an SSL certificate bundle with the listener. The following settings are required to enable SSL handling. See Managing SSL Certificates for more information.

      • Certificate Name: The friendly name of the SSL certificate bundle to use.
      • Verify Peer Certificate: Optional. Select this option to enable peer certificate verification.
      • Verify Depth: Optional. Specify the maximum depth for certificate chain verification.
    • Backend Set: Required. Specify the default backend set to which the listener routes traffic.
    • Idle Timeout in Seconds: Optional. Specify the maximum idle time in seconds. This setting applies to the time allowed between two successive receive or two successive send network input/output operations during the HTTP request-response phase.

      Tip

      The maximum value is 7200 seconds. For more information, see Connection Management.
    • Path Route Set: Optional. Specify the name of the set of path-based routing rules that applies to this listener's traffic.

      Important

      • To apply a path route set to a listener, the set must be part of the load balancer's configuration.
      • To remove a path route set from an existing listener, choose None as the Path Route Set option. The path route set remains available for use by other listeners on this load balancer.
    • Show Advanced Options: Click to display the following options:
      • TLS Version: Specify the Transport Layer Security (TLS) version(s):
        • 1.0
        • 1.1
        • 1.2 (recommended)

        You can select any combination of versions. Choose the ones you want from the list. If you do not specify the TLS versions, the default TLS is version 1.2 only.

        • Select Cipher Suite - Select a set of cipher suites from the list. (default).

          All choices present in the list have at least one cipher associated with each TLS version you selected.

      • Click Show Cipher Suite Details to display the individual ciphers the selected cipher suite contains.
      • Server Order Preference: Select Enable to give preference to the server ciphers over the client.
  5. Click Create.

When you create a listener, you must also update your VCN's security rules to allow traffic to that listener.

Editing Listeners

To edit a listener
  1. Open the navigation menu. Under the Core Infrastructure group, go to Networking and click Load Balancers.
  2. Choose the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
  3. Click Listeners under the Resources menu.
  4. Click the Actions icon (Actions icon) associated with the listener you want to edit, then click Edit.
  5. Edit the listener configuration as wanted.

    See Creating Listeners for details on specific configurations.

  6. Click Save Changes.

Deleting Listeners

To delete a listener
  1. Open the navigation menu. Under the Core Infrastructure group, go to Networking and click Load Balancers.
  2. Choose the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
  3. Click Listeners under the Resources menu.
  4. Click the Actions icon (Actions icon) associated with the listener you want to delete, then click Delete.
  5. Confirm when prompted.

Enabling Listeners to Accept Traffic

To enable a listener to accept traffic

To enable a listener to accept traffic, you must update your VCN's security rules:

  1. Open the navigation menu. Under Core Infrastructure, go to Networking and click Virtual Cloud Networks.

    The list of VCNs in the current compartment appears.

  2. Click the name of the VCN containing your load balancer, and then click Security Groups or Security Lists.

    A list of the security groups or lists in the cloud network appears.

  3. Click the name of the NSG or security list that applies to your load balancer.

  4. Add or edit the existing rules to allow access from the appropriate resources.

    An NSG's security rules appear on the Network Security Group Details page. From there you can add, edit, or remove rules.

    The Security List Details page provides access to separate tables in which you can add or edit Ingress Rules or Egress Rules.

    For details on rule configuration, see Security Rules.