CLB supports custom configurations, allowing you to set the configuration parameters for a single CLB instance, such as client_max_body_size and ssl_protocols, so as to meet your unique needs.
Note:
Each region can have up to 200 entries of custom configurations.
Each instance can be bound to only one custom configuration, while a single custom configuration can be associated with multiple instances.
Custom configurations are valid only for layer-7 HTTP/HTTPS CLB (former Application CLB) listeners.
CLB Custom Configuration Parameters
CLB custom configuration supports the following configuraitons:
Timeout period of obtaining client request headers. Status code 408 is returned in case of timeout.
client_header_buffer_size
4k
[1-256]k
Size of the default buffer where client request headers are stored.
client_body_timeout
60s
[30-120]s
Timeout period of obtaining a client request body, which is not the time for obtaining the entire body but refers to the idle period without data transmission. Status code 408 is returned in case of timeout.
client_max_body_size
60M
[1-10240]M
If you set this field to a value in the range of 1-256 MB, there are no other requirements.
The maximum supported size is 10240M, or 10G. When the configuration range of client_max_body_size exceeds 256M, the value of proxy_request_buffering must be set to 'off'.
keepalive_timeout
75s
[0-900]s
Hold time of the client-server persistent connection. If this field is set to 0, persistent connection is prohibited. If you want to set this parameter to over 900, submit a ticket. The maximum value allowed is 3600.
add_header
Custom
-
Headers returned to the client. Set this field in the format of add_header xxx yyy.
For example, you can set it to add_header Access-Control-Allow-Methods 'POST, OPTIONS'; add_header Access-Control-Allow-Origin *; for cross-region scenarios.
more_set_headers
Custom
-
Headers returned to the client. Set this field in the format of more_set_headers "A:B".
proxy_connect_timeout
4s
[4-120]s
Timeout period of connecting to a real server.
proxy_read_timeout
60s
[30-3600]s
Timeout period of reading a real server response.
proxy_send_timeout
60s
[30-3600]s
Timeout period of sending a request to a real server.
server_tokens
on
on,off
on: displays version information.
off: hides version information.
keepalive_requests
100
[1-10000]
Maximum number of requests that can be sent over the client-server persistent connection.
proxy_buffer_size
16k
[1-32]k
Size of server response headers, which is the size of a single buffer set in proxy_buffer by default. To use proxy_buffer_size, proxy_buffers must be set at the same time.
proxy_buffers
4 16k
[3-8] [4-16]k
Buffer quantity and size.
proxy_request_buffering
off
on,off
on: caches the client request body. The CLB instance caches the request and forwards it to the backend CVM instance in multiple parts after the request is completely received.
off: does not cache the client request body. After receiving a request, the CLB instance directly forwards it to the backend CVM instance, which increases pressure on the performance of the backend CVM instance.
proxy_set_header
X-Real-Port $remote_port
X-Real-Port $remote_port
X-clb-lbid $lbid
Stgw-request-id $stgw_request_id
X-Forwarded-Port $vport
X-Method $request_method
X-Uri $uri
X-Real-Port $remote_port: client port.
X-clb-lbid $lbid: CLB LBID, which is the identifier of a CLB instance.
Stgw-request-id $stgw_request_id: request ID (used in CLB only).
X-Forwarded-Port: CLB listener port.
X-Method: client request method.
X-Uri: client request URI.
send_timeout
60s
[1-3600]s
Timeout period of data transfer from the server to the client, which is the time interval between two consecutive data transfer actions, not the entire request transfer period.
ssl_verify_depth
1
[1,10]
Verification depth of the client certificate chain.
proxy_redirect
http:// https://
http:// https://
If the real server returns a redirect or refresh request (status code 301 or 302), proxy_redirect will reset http to https in the HTTP header Location or Refresh for safe redirection.
ssl_early_data
off
on,off
Enable or disable TLS 1.3 0-RTT. The ssl_early_data will only take effect when the ssl_protocols field includes TLSv1.3. Enabling ssl_early_data carries the risk of replay attacks, so proceed with caution.
http2_max_field_size
4k
[1-256]k
Maximum size of request headers after HPACK compression.
error_page
-
error_page code [ = [ response]] uri
Upon encountering a specific error code, a predefined URI is displayed, with the default response code set to 302. The URI must begin with a / path.
proxy_ignore_client_abort
off
on,off
Whether to disconnect the CLB instance from the real server when the client terminates its connection with the CLB instance without waiting for a response.
l7_toa
off
on,off
The TOA feature toggle enables the TOA functionality by default, adding the client source IP and client source port from TOA to $remote_addr and $remote_port, respectively. This means that the IP information from TOA is already passed through in the X-Forwarded-For and X-Real-IP headers.
Note: This parameter is only applicable to IPv4 CLB instance configurations.
l7_toa_proxy_transparent
off
on,off
When this configuration is disabled, the CLB instance, upon establishing a new connection with the real server, will by default encapsulate the source IP address of the received four-tuple as the client source IP and forward it to the backend.
When this configuration is enabled, it means that the client source IP packet in TOA will be sent to the backend real server. If persistent connections are enabled, IPs within the 100.127.0.0/16 network segment will be used.
Note: This parameter is only applicable to IPv4 CLB instance configurations.
Note:
The values of proxy_buffer_size and proxy_buffers must satisfy the constraint: 2 max(proxy_buffer_size, proxy_buffers.size) ≤ (proxy_buffers.num - 1) proxy_buffers.size. For example, if proxy_buffer_size is set to 24 KB and proxy_buffers is set to 8 8 KB, then 2 24 KB = 48 KB, and (8 - 1) 8 KB = 56 KB. In this case, 48 KB ≤ 56 KB, so the configuration will not result in an error; otherwise, an error will occur.
ssl_ciphers Configuration Instructions
When configuring the ssl_ciphers encryption suite, the format must be consistent with the one used by OpenSSL. The algorithm list consists of one or more <cipher strings>, with multiple algorithms separated by colons. "ALL" represents all algorithms, "!" disables the specified algorithm, and "+" moves the algorithm to the last position.
The default forcibly disabled encryption algorithms are: !aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!DHE.
2. At the top of the "Custom Configuration" page, select the region and click on Create.
3. On the "Create Custom Configuration" page, fill in the configuration name and code configuration items, with each code configuration item ending with a ;. Once the configuration is complete, click Finish.
4. Return to the "Custom Configuration" page and click on Bind to Instance under the operations column on the right.
5. In the pop-up "Bind to Instance" dialog, select the Cloud Load Balance instance to bind, and click Submit.
6. After binding an instance, click on the custom configuration ID you just set on the "Custom Configuration" page to access the details page. Click on the Bind Instance tab to view the load balancing instance you just bound.
7. (Optional) You can now view the corresponding custom configuration information on the instance list page.
Note:
If the "Bind Custom Configurations" column is not displayed on the list page, click the
icon in the top-right corner. In the pop-up "Customize List Field" dialog box, select "Bind Custom Configurations" and click OK. The "Bind Custom Configurations" column will then be displayed on the list page.
The default configuration sample code is as follows. When copying the code, please ensure there are no blank lines at the end to guarantee successful configuration:
