Creating an HTTP router for HTTP traffic
To create an HTTP router and add a route to it:
-
In the management console
, select the folder where you want to create your HTTP router. -
From the list of services, select Application Load Balancer.
-
In the left-hand panel, select
HTTP routers. -
Click Create HTTP router.
-
Specify your HTTP router name.
-
Under Virtual hosts, click Add virtual host.
-
Specify the host name.
-
Optionally, in the Authority field, specify the HTTP/1.1
Host
(HTTP/2:authority
) header value for virtual host selection. -
Optionally, in the Security profile field, select the Yandex Smart Web Security security profile. A security profile allows you to enable WAF and filter incoming requests, limiting their number for protection against malicious attacks. For more information, see Security profiles.
-
Optionally, under Manage headers, click Change header and configure the HTTP header
.- In the Type field, select:
Request
: To modify the incoming request header, from client to load balancer.Response
: To modify outgoing response header, from backend to external client.
- In the Header name field, give the header a name, e.g.,
Host
,User-Agent
,X-Forwarded-For
, orStrict-Transport-Security
. - In the Operation field, select:
append
: To add a specified string to the header value.replace
: To replace the header value with a specified string.remove
: To remove the header. Both the header value and the header will be removed.rename
: To rename the header. The header value will not change.
- Enter a string to modify the header value or a new header name.
- In the Type field, select:
-
Click Add route.
-
Specify the route Name.
-
In the Path field, select one of the options:
Matches
: Route all requests matching the specified path, e.g.,/
.Starts with
: Route all requests with a specific prefix.Regular expression
: Route all requests matching the RE2 regular expression .
-
In the HTTP methods list, select the required methods.
-
In the Action field, select one of the options:
Routing
,Forward
, orResponse
. Depending on the selected option:Routing
:- In the Backend group field, select a backend group from your HTTP router folder.
- Optionally, in the Rewrite path or start field, specify where the HTTP router should redirect traffic. If you select
Matches
in the Path field, the path will be completely rewritten. If you selectStarts with
, only the prefix will be rewritten. - Optionally, in the Host header rewrite field, select one of these options:
none
: No rewriting.rewrite
: Rewrite to the specified value.auto
: Rewrite to the target VM address.
- Optionally, in the Timeout, s field, specify the maximum connection time.
- Optionally, in the Idle timeout, seconds field, specify the maximum keep-alive time during which the connection can remain idle without transmitting data.
- Optionally, in the Valid values for the Upgrade header field, specify the protocols the backend group can use within a single TCP connection based on the client's request.
- Optionally, select WebSocket if you want to use the WebSocket protocol.
Forward
:- In the HTTP status code field, select the HTTP forwarding status code.
- Optionally, in the Rewrite path or start field, specify where the HTTP router should redirect traffic. If you select
Matches
in the Path field, the path will be completely overwritten, even withStart
selected in the Rewrite path or start field. - Optionally, select Delete query parameters.
- Optionally, select Replace scheme. If the original URI has the
http
orhttps
scheme, the specified port,80
or443
, will be deleted upon changing the scheme. - Optionally, select Replace host and specify the new host.
- Optionally, select Replace port and specify the new port.
Response
:- In the HTTP status code field, select the HTTP response status code.
- In the Response body field, click Select and do the following in the window that opens:
- Select a response Method: Text or File.
- Depending on the selected method, attach a file or specify the text the load balancer will send in response to requests received via this route.
-
Click Create.
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID>
command. You can also set a different folder for any specific command using the --folder-name
or --folder-id
parameter.
-
See the description of the CLI command for creating an HTTP router:
yc alb http-router create --help
-
Run this command:
yc alb http-router create <HTTP_router_name>
Result:
id: a5dcsselagj4******** name: test-http-router folder_id: aoerb349v3h4******** created_at: "2021-02-11T21:04:59.438292069Z"
-
See the description of the CLI command for creating a virtual host:
yc alb virtual-host create --help
-
To create a virtual host, run this command with the HTTP router name and virtual host settings specified:
yc alb virtual-host create <virtual_host_name> \ --http-router-name <HTTP_router_name> \ --authority your-domain.foo.com \ --modify-request-header name=Accept-Language,append=ru-RU \ --rate-limit rps=100,all-requests \ --security-profile-id <security_profile_ID>
Where:
--http-router-name
: HTTP router name.--authority
: HTTP/1.1Host
(HTTP/2authority
) header domains associated with this virtual host. You can use wildcards, e.g.,*.foo.com
or*-bar.foo.com
. This is an optional argument.--modify-request-header
: Request header modification settings:name
: Modified header name.append
: String appended to the header.
--rate-limit
: Request rate limit. This is an optional setting.rps
orrpm
: Number of allowed incoming requests per second or per minute.all-requests
: Limits all incoming requests.requests-per-ip
Limits the total number of requests per IP address. That is, for each IP address, only the specified number of requests is allowed per unit of time.
--security-profile-id
: Yandex Smart Web Security security profile ID. This is an optional setting. A security profile allows you to enable WAF and filter incoming requests, limiting their number for protection against malicious attacks. For more information, see Security profiles.
Result:
name: test-virtual-host authority: - your-domain.foo.com modify_request_headers: - name: Accept-Language append: ru-RU route_options: security_profile_id: fevcifh6tr********** rate_limit: all_requests: per_second: "100"
-
See the description of the CLI command for adding a route:
yc alb virtual-host append-http-route --help
-
To add a route, run this command with the HTTP router ID / name and routing settings specified:
yc alb virtual-host append-http-route <route_name> \ --virtual-host-name <virtual_host_name> \ --http-router-name <HTTP_router_name> \ --prefix-path-match / \ --backend-group-name <backend_group_name> \ --request-timeout <request_timeout>s \ --request-idle-timeout <request_idle_timeout>s --rate-limit rps=<request_limit>,requests-per-ip
Where:
-
--virtual-host-name
: Virtual host name. -
--http-router-name
: HTTP router name. -
--prefix-path-match
: Route all requests with a specific prefix. Add path/
after this option.To specify routing conditions, you can also use the following options:
--exact-path-match
: Route all requests matching the specified path. Add/<path>/
after this option.--regex-path-match
: Route all requests matching the RE2 regular expression . Add/<regular_expression>
after this option.
-
--backend-group-name
: Backend group name. -
--request-timeout
: Request timeout in seconds. -
--request-max-timeout
: Maximum request timeout in seconds. -
--rate-limit
: Request rate limit.
For more information about
yc alb virtual-host append-http-route
options, see this CLI reference.Result:
done (1s) name: test-virtual-host authority: - your-domain.foo.com routes: - name: test-route http: match: path: prefix_match: / route: backend_group_id: a5d4db973944******** timeout: 2s idle_timeout: 3s modify_request_headers: - name: Accept-Language append: ru-RU
-
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
If you do not have Terraform yet, install it and configure its Yandex Cloud provider.
-
In the configuration file, specify your HTTP router and virtual host settings:
resource "yandex_alb_http_router" "tf-router" { name = "<HTTP_router_name>" labels = { tf-label = "tf-label-value" empty-label = "" } } resource "yandex_alb_virtual_host" "my-virtual-host" { name = "<virtual_host_name>" http_router_id = yandex_alb_http_router.tf-router.id route { name = "<route_name>" http_route { http_route_action { backend_group_id = "<backend_group_ID>" timeout = "60s" } } } authority = "<domains>" route_options { security_profile_id = "<security_profile_ID>" } }
Where:
yandex_alb_http_router
: HTTP router description.-
name
: HTTP router name. Follow these naming requirements:- It must be from 2 to 63 characters long.
- It can only contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
labels
: HTTP router labels. Specify a key-value pair.
-
yandex_alb_virtual_host
: Virtual host description:-
name
: Virtual host name. Follow these naming requirements:- It must be from 2 to 63 characters long.
- It can only contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
http_router_id
: HTTP router ID. -
route
: Route description:name
: Route name.http_route_action
: Action applied to HTTP traffic.backend_group_id
: Backend group ID.timeout
: Maximum request timeout in seconds.
-
authority
: HTTP/1.1Host
(HTTP/2authority
) header domains associated with this virtual host. You can use wildcards, e.g.,*.foo.com
or*-bar.foo.com
. This is an optional parameter. -
route_options
: Additional virtual host parameters (optional):security_profile_id
: Yandex Smart Web Security security profile ID. A security profile allows you to enable WAF and filter incoming requests, limiting their number for protection against malicious attacks. For more information, see Security profiles.
-
Learn more about the properties of Terraform resources in the relevant Terraform guides:
-
Create the resources:
-
In the terminal, go to the directory where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
You will see a detailed list of resources. No changes will be made at this step. Terraform will show any errors found in your configuration.
-
Apply the changes:
terraform apply
-
Type
yes
and press Enter to confirm the changes.
Terraform will create all the required resources. You can check your new resources and their settings in the management console
or using this CLI command:yc alb http-router get <HTTP_router_name>
-
Use the create REST API method for the HttpRouter resource or the HttpRouterService/Create gRPC API call.