How to Create Regional Load Balancers

DigitalOcean fully manages Regional Load Balancers and Global Load Balancers, ensuring they are highly available load balancing services. Load balancers distribute traffic to groups of backend resources in specific regions or across different regions, which prevents the health of a service from depending on the health of a single server, cluster, or region.


Regional load balancers route traffic within a single datacenter. Setting up a regional load balancer is a two step process: creating the load balancer and then adding Droplets or Kubernetes nodes to its backend pool.

Create a Load Balancer Using the CLI

You can only add firewall rules to a load balancer using the CLI or API. To add a firewall to a load balancer during its creation, use the --allow-list and --deny-list flags to define a list of IP addresses or CIDRs that the load balancer accepts or blocks connections from.

The load balancer creation command requires a value for the --region flag. Use the doctl compute region list command to retrieve a list of available datacenter regions.

You can also automatically add Droplets to a load balancer during creation by providing a list of Droplet IDs for the --droplet-ids flag. Use the doctl compute droplet list command to retrieve a list of Droplets and their ID’s.

To create an internal-only load balancer that has no public IP address and is only accessible by resources in its VPC, use the --network INTERNAL flag with doctl version v1.108.0 or higher. You cannot switch load balancers between regular and internal after creation.

How to Create a Load Balancer Using the DigitalOcean CLI
  1. Install doctl, the DigitalOcean command-line tool.

  2. Create a personal access token and save it for use with doctl.

  3. Use the token to grant doctl access to your DigitalOcean account.

              doctl auth init
              
  4. Finally, run doctl compute load-balancer create. Basic usage looks like this, but you can read the usage docs for more details:

                doctl compute load-balancer create [flags]
              

Create a Load Balancer Using the API

You can only add firewall rules to a load balancer using the CLI or API. To add a firewall to a load balancer during its creation, use the firewall field to define a list of IP addresses and CIDRs the load balancer accepts or blocks connections from.

The load balancer creation call requires a value for the region field. Use the /v2/regions endpoint to retrieve a list of available datacenter regions.

You can also automatically add Droplets to a load balancer during creation by providing an array of Droplet IDs in the droplet_ids field. Use the /v2/droplets endpoint to retrieve a list of Droplets and their IDs.

To create an internal-only load balancer that has no public IP address and is only accessible to resources in its VPC, specify the network field as INTERNAL. You cannot switch load balancers between regular and internal after creation.

How to Create a Load Balancer Using the DigitalOcean API
  1. Create a personal access token and save it for use with the API.

  2. Send a POST request to https://api.digitalocean.com/v2/load_balancers

    cURL

    Using cURL:

                    # Create new load balancer
    curl -X POST \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
      -d '{"name": "example-lb-01","size_unit": 1, "region": "nyc3", "forwarding_rules":[{"entry_protocol":"http","entry_port":80,"target_protocol":"http","target_port":80,"certificate_id":"","tls_passthrough":false}, {"entry_protocol": "https","entry_port": 444,"target_protocol": "https","target_port": 443,"tls_passthrough": true}], "health_check":{"protocol":"http","port":80,"path":"/","check_interval_seconds":10,"response_timeout_seconds":5,"healthy_threshold":5,"unhealthy_threshold":3}, "sticky_sessions":{"type":"none"}, "firewall":{"deny":["ip:1.2.3.4","cidr:2.3.4.0/24"],"allow":["cidr:1.2.0.0/16","ip:2.3.4.5"]}, "droplet_ids": [3164444, 3164445]}' \
      "https://api.digitalocean.com/v2/load_balancers"
    
    # Create new load balancer with Droplet tag
    curl -X POST \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
      -d '{"name": "example-lb-01", "region": "nyc3", "size_unit": 1, "forwarding_rules":[{"entry_protocol":"http","entry_port":80,"target_protocol":"http","target_port":80,"certificate_id":"","tls_passthrough":false}, {"entry_protocol": "https","entry_port": 444,"target_protocol": "https","target_port": 443,"tls_passthrough": true}], "health_check":{"protocol":"http","port":80,"path":"/","check_interval_seconds":10,"response_timeout_seconds":5,"healthy_threshold":5,"unhealthy_threshold":3}, "sticky_sessions":{"type":"none"}, "firewall":{"deny":["ip:1.2.3.4", "cidr:2.3.4.0/24"],"allow":["cidr:1.2.0.0/16","ip:2.3.4.5"]}, "tag": "web:prod"}' \
      "https://api.digitalocean.com/v2/load_balancers"
                  

    Go

    Using Godo, the official DigitalOcean V2 API client for Go:

                    import (
        "context"
        "os"
    
        "github.com/digitalocean/godo"
    )
    
    func main() {
        token := os.Getenv("DIGITALOCEAN_TOKEN")
    
        client := godo.NewFromToken(token)
        ctx := context.TODO()
    
        createRequest := &godo.LoadBalancerRequest{
            Name:      "example-01",
            SizeUnit: "1",
            Algorithm: "round_robin",
            Region:    "nyc3",
            ForwardingRules: []godo.ForwardingRule{
                {
                    EntryProtocol:  "http",
                    EntryPort:      80,
                    TargetProtocol: "http",
                    TargetPort:     80,
                },
                {
                    EntryProtocol:  "https",
                    EntryPort:      443,
                    TargetProtocol: "https",
                    TargetPort:     443,
                    TlsPassthrough: true,
                },
            },
            HealthCheck: &godo.HealthCheck{
                Protocol:               "http",
                Port:                   80,
                Path:                   "/",
                CheckIntervalSeconds:   10,
                ResponseTimeoutSeconds: 5,
                HealthyThreshold:       5,
                UnhealthyThreshold:     3,
            },
            StickySessions: &godo.StickySessions{
                Type: "none",
            },
            DropletIDs:          []int{3164444, 3164445},
            RedirectHttpToHttps: false,
            Firewall:            &godo.LBFirewall{
                Deny: []string{"ip:1.2.3.4", "cidr:2.3.4.0/24"},
                Allow: []string{"cidr:1.2.0.0/16", "ip:2.3.4.5"},
            }
      // Create new load balancer with Droplet tag
      //     Tag:                 "web:prod",
      //     RedirectHttpToHttps: false,
        }
    
        lb, _, err := client.LoadBalancers.Create(ctx, createRequest)
                  

    Ruby

    Using DropletKit, the official DigitalOcean V2 API client for Ruby:

                    require 'droplet_kit'
    token = ENV['DIGITALOCEAN_TOKEN']
    client = DropletKit::Client.new(access_token: token)
    
    load_balancer = DropletKit::LoadBalancer.new(
      name: 'example-lb-01',
      size_unit: '1',
      algorithm: 'round_robin',
    # Create new load balancer with Droplet tag
    # tag: 'web:prod',
      droplet_ids: [ 3164444, 3164445],
      redirect_http_to_https: true,
      region: 'nyc3',
      forwarding_rules: [
        DropletKit::ForwardingRule.new(
          entry_protocol: 'http',
          entry_port: 80,
          target_protocol: 'http',
          target_port: 80,
          certificate_id: '',
          tls_passthrough: false
        ),
        DropletKit::ForwardingRule.new(
          entry_protocol: 'https',
          entry_port: 443,
          target_protocol: 'https',
          target_port: 443,
          certificate_id: '',
          tls_passthrough: true
        )
      ],
      sticky_sessions: DropletKit::StickySession.new(
        type: 'cookies',
        cookie_name: 'DO-LB',
        cookie_ttl_seconds: 5
      ),
      health_check: DropletKit::HealthCheck.new(
        protocol: 'http',
        port: 80,
        path: '/',
        check_interval_seconds: 10,
        response_timeout_seconds: 5,
        healthy_threshold: 5,
        unhealthy_threshold: 3
      )
    )
    client.load_balancers.create(load_balancer)
                  

    Python

                    import os
    from pydo import Client
    
    client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))
    
    req = {
      "name": "example-lb-01",
      "region": "nyc3",
      "forwarding_rules": [
        {
          "entry_protocol": "http",
          "entry_port": 80,
          "target_protocol": "http",
          "target_port": 80
        },
        {
          "entry_protocol": "https",
          "entry_port": 443,
          "target_protocol": "https",
          "target_port": 443,
          "tls_passthrough": True
        }
      ],
      "droplet_ids": [
        3164444,
        3164445
      ],
      "project_id": "9cc10173-e9ea-4176-9dbc-a4cee4c4ff30",
      "http_idle_timeout_seconds": 60,
      "firewall": {
        "deny": [
          "cidr:1.2.0.0/16",
          "ip:2.3.4.5"
        ],
        "allow": [
          "ip:1.2.3.4",
          "cidr:2.3.4.0/24"
        ]
      }
    }
    
    resp = client.load_balancers.create(body=req)
                  

Create a Load Balancer Using the Control Panel

Start by creating a load balancer using the Create button at the top of the control panel. Alternatively, use the Create load balancer button on the Load Balancers overview page.

Create menu

On the creation page, you:

  1. Choose a Load Balancer type. Choose Regional to create a regional load balancer. To create a Global load balancer, see How to Create a Global Load Balancer.

  2. Choose a datacenter region. Ensure your regional load balancer and its backend Droplets are in the same datacenter. If you have existing Droplets, select that datacenter.

  3. Select a VPC Network for the load balancer. You can choose one you have created or use your default network for the datacenter region. VPC networking provides an additional networking interface accessible only to resources within the same VPC network. This keeps traffic between Droplets and other applicable resource from being routed outside the datacenter over the public internet.

  4. Set the Network Visibility of your regional load balancer. Choose External to create a load balancer that serves traffic publicly. Select Internal to create a private load balancer that is only accessible to resources on the same VPC network.

  5. Choose the load balancer’s Scaling configuration.

The load balancer’s scaling configuration allows you to adjust the load balancer’s number of nodes. The number of nodes determines:

  • How many simultaneous connections it can maintain.
  • How many requests per second it can handle.
  • How many SSL connections it can decrypt per second.
  • The load balancer’s overall monthly cost.

The load balancer must have at least one node. You can add or remove nodes at any time to meet your traffic needs.

Note
The quantity and size of the load balancers you can have on your account depends on your account’s resource limits. We use dynamic resource limits to protect our platform against bad actors. Currently, you can’t check your resource limit for load balancers, but you can contact support if you reach the limit and need to increase it. We are working on features that allow you to review this limit in the control panel.
  1. Connect Droplets to the load balancer. If you are creating this load balancer for DigitalOcean Kubernetes, you can skip this step. Use the Search for Droplet or a tag search bar to add Droplets or groups of tagged Droplets to the load balancer’s backend pool upon creation. You can add or remove resources from the load balancer’s pool at anytime after creation.

  2. Add forwarding rules. Forwarding rules define how traffic is routed from the load balancer to its backend Droplets. You need at least one rule.

    The default route is HTTP port 80 on the load balancer to HTTP port 80 on the backend Droplets. You can create new rules during creation with the New Rule drop-down. After creation, you can modify a load balancer’s rules at any time on its Settings page.

    If you create a forwarding rule that requires a Let’s Encrypt certificate, you have the option to allow us to automatically create the necessary DNS record, at the apex of your domain, to support the certificate. The Create DNS records for all the new Let’s Encrypt certificates box is checked by default. If you want to manage your own DNS records for your Let’S Encrypt certificate, uncheck the box to opt out of creating any records when creating the forwarding rule.

    You can update this selection when adding or updating forwarding rules at a later time. However, the updated selection applies only to the new rules going forward, existing DNS records are not updated.

  3. Set advanced settings. Advanced settings allow you to modify additional parameters for the load balancer, sticky sessions, health checks, SSL forwarding, and PROXY protocol. You can also modify these settings after you create the load balancer.

  4. Finalize and create, which includes Choose a name and Select project. Load balancer names must be unique and contain alphanumeric characters, dashes, and periods only. You can rename load balancers at any time after creation by clicking on the existing name on the load balancer page.

After you create the load balancer, you can add Droplets or Kubernetes nodes to the load balancer on its detail page. To add Kubernetes nodes, see our guide, How to Add Load Balancers to Kubernetes Clusters. To add Droplets, click Choose Droplets to open the Add Droplets window.

Add Droplets by tag window

You can add individual Droplets or you can choose a tag. You can only choose Droplets that are in the same region as the load balancer, and if you use a tag, only tagged Droplets in the same region as the load balancer are part of its backend. You can use one tag per load balancer.

When you’ve selected the tag or Droplets, click Add Droplets. When you add Droplets to a load balancer, the Droplets start in a DOWN state and remain in a DOWN state until they pass the load balancer’s health check. Once the backends have passed the health check the required number of times, they are marked healthy and the load balancer begins forwarding requests to them.

Once you have at least one load balancer, you can view and manage them on the load balancer index page.

The load balancer index page

Clicking on a load balancer from the index page takes you to its detail page. On the detail page, you can manage and customize the load balancer by modifying its backend Droplet pool, viewing its performance graphs, and changing advanced settings.