For AI agents: The documentation index is at https://docs.digitalocean.com/llms.txt. Markdown versions of pages use the same URL with index.html.md in place of the HTML page (for example, append index.html.md to the directory path instead of opening the HTML document).

DigitalOcean’s Global Load Balancers allow you to distribute traffic to regional load balancers or Droplets in different regions for high availability (HA) and performance. Regional load balancers distribute traffic within a single region. Global load balancers span multiple regions and route users to the nearest available backend resource.

This document guides you through how to create a global load balancer and route a domain to it.

Create a Global Load Balancer

To start creating a global load balancer, click Create at the top of the DigitalOcean Control Panel, then select Load Balancer. Alternatively, on the Load Balancers overview page, click Create Load Balancer.

On the Create Load Balancer page, in the Choose a Load Balancer type section, select Global. You cannot change the type after the load balancer is created.

In the CDN Caching section, toggle Enable CDN Caching on or off. CDN caching improves performance by caching static assets like images, scripts, and pages on edge servers closer to your users. For steps to configure origin responses for CDN caching, see CDN Caching.

In the Finalize section, enter a unique name in the Name field and select a project from the Select Project drop-down. Names must contain only alphanumeric characters, dashes, and periods, and must be 32 characters or fewer. You can rename a load balancer later from its detail page.

The Summary panel in the right rail shows the projected monthly cost. Click Create Load Balancer to provision the global load balancer. The Control Panel takes you to the new load balancer’s detail page.

Configure Backends, Forwarding, and Advanced Settings After Creation

After the global load balancer is created, configure backend resources, the forwarding rule, and advanced settings on the load balancer’s detail page. See How to Manage Global Load Balancers for the post-creation flows.

To add backend resources, use the search field on the detail page to add Droplets, regional load balancers, or groups of tagged Droplets to the load balancer’s pool. All resources you add must be of the same type; for example, you cannot mix Droplets and regional load balancers in the same pool. You can add or remove resources from the load balancer’s pool at any time.

Unlike regional load balancers, global load balancers allow only one forwarding rule. The rule determines which protocol (HTTP, HTTPS, or HTTP/2) and port (80 or 443) the load balancer uses to forward traffic to its backend resources. The default rule sends HTTP traffic to port 80 on the backend.

You can also configure the following advanced settings:

• Sticky sessions: Sticky sessions send subsequent requests from the same client to the same backend by setting a cookie with a configurable name and TTL (Time-To-Live) duration. This is useful for applications that require a persistent connection.
• Health checks: Health checks monitor the health of your backend resources. You can change the thresholds of what is considered an unhealthy resource in these settings.
• SSL: The SSL option redirects HTTP requests on port 80 to HTTPS on port 443. When you enable this option, HTTP URLs are forwarded to HTTPS with a 307 redirect.
• HTTP Idle Timeout: The HTTP idle timeout sets the amount of time a connection can be idle before the load balancer closes it. The default is 60 seconds.

For forwarding rules, health checks, SSL, and related options, see Modify Advanced Settings.

Connect a Domain

Once you have created the global load balancer, you can connect a domain to it to begin routing traffic to your backend Droplets. Connecting a domain requires you to set up DNS records that direct traffic to the load balancer’s IP address. If your domain uses HTTPS, you also need to configure SSL/TLS certificates.

This part of the guide provides two different use cases for connecting a domain to a global load balancer:

• Your domain is new and DigitalOcean manages its DNS.
• You have an existing website hosted by DigitalOcean, but another provider manages the domain’s DNS, and you want to migrate your traffic to use the global load balancer.

CAA Records for Generated Certificates

When you choose Generate a new SSL certificate while connecting a domain, DigitalOcean issues the certificate through Let’s Encrypt (letsencrypt.org) or Google Trust (pki.goog). Your domain’s Certification Authority Authorization (CAA) DNS records control which authorities can issue certificates for the domain. Create or update these records at whichever DNS host is authoritative for the domain.

• If your domain has no CAA records, you do not need to add any for certificate issuance.
• If your domain has one or more CAA records, you must authorize at least one of Let’s Encrypt (letsencrypt.org) or Google Trust (pki.goog). You can authorize both.
• If your domain is an internationalized domain name (IDN), you must include a CAA record that authorizes Let’s Encrypt.

If your selection is Use an existing SSL certificate or bring your own, these CAA rules do not apply to DigitalOcean’s issuance flow. If you obtain or renew certificates outside DigitalOcean, follow that CA’s CAA requirements.

The following examples show typical zone file lines for each certificate authority.

example.com. IN CAA 0 issue "letsencrypt.org"
example.com. IN CAA 0 issue "pki.goog"

For step-by-step CAA setup in DigitalOcean DNS, see How to Manage CAA Records.

Connect a Domain that Uses DigitalOcean DNS

If you manage your domain’s DNS with DigitalOcean DNS, connect it from the load balancer’s detail page: click the Settings tab, then click Connect a Domain. You can also add the domain from the Getting Started panel that appears after creation.

On the Connect a Domain screen, enter your domain name into the search field. The field retrieves a list of domains from your DigitalOcean account. Locate the domain you want to connect and then select it from the drop-down list.

In the SSL certificate section, select how you want to add SSL/TLS certificates. You can add certificates using two options:

• Generate a new SSL certificate: DigitalOcean generates a new, free SSL certificate for your domain using Let’s Encrypt.
• Use an existing SSL certificate or bring your own: You can select an existing SSL certificate that you have uploaded to DigitalOcean or bring your own SSL certificate by uploading a private key and certificate bundle.

If you use the Bring your own certificate option, you must provide the following information:

• Name: A unique name for the SSL certificate.
• Certificate: The certificate’s public key.
• Private key: The secret key associated with the public key.
• Certificate chain: This is the full trust chain between the trusted certificate authority’s certificate and your domain’s certificate.

Select an SSL certificate option, fill out the additional configuration fields, and then click Connect Domain. This automatically creates the necessary DNS records (two A records and two AAAA records) in DigitalOcean DNS that route traffic from your domain to your load balancer. It may take several minutes to a few hours for the DNS changes to propagate across the internet.

Once you have added your domain and the DNS changes have propagated, you can begin routing traffic to the global load balancer.

Connect a Domain using External DNS

If you manage your domain’s DNS using a third-party provider like Cloudflare or Namecheap, you can still connect your domain to the global load balancer by creating DNS records that direct traffic to the load balancer’s IP addresses.

If your domain is currently managing traffic, this may result in some downtime but you can take steps to minimize the downtime. To migrate traffic to the new load balancer, we recommend setting the TTL (Time To Live) values of your domain’s existing A and AAAA records to the lowest values that your provider allows, then create the new records. This allows existing clients to continue using the old records while new clients get directed to the new load balancer. Once you’ve set up the new records, wait for the TTL expire for the old records and then remove them to complete the migration.

To set up the new DNS records, you need the global load balancer’s IPv4 and IPv6 addresses, which are listed on the load balancer’s detail page.

At your DNS provider, create a record for each address. This should add four new records to your domain: two A records (one for each IPv4 address) and two AAAA records (one for each IPv6 address). See your DNS provider’s documentation for the exact steps.

Once you’ve added the DNS records at your DNS provider, it may take time for the changes to propagate across the internet. You can verify the migration by viewing traffic on the load balancer’s Insights tab or by testing connectivity to the domain from different locations.