Give Feedback

How to Create Regional Load Balancers

Validated on 27 Mar 2025 • Last edited on 9 Jun 2026

DigitalOcean fully manages Regional Load Balancers and Global Load Balancers, ensuring they are highly available load balancing services. Load balancers distribute traffic to groups of backend resources in specific regions or across different regions, which prevents the health of a service from depending on the health of a single server, cluster, or region.

Copy page as Markdown View page as Markdown

Regional load balancers route traffic within a single datacenter. Setting up a regional load balancer is a two step process: creating the load balancer and then adding Droplets or Kubernetes nodes to its backend pool.

Note

You can create a new configuration file or modify your existing service config file to provision regional load balancers for a DigitalOcean Kubernetes cluster. Read How to Add Load Balancers to Kubernetes Clusters and How to Configure Advanced Load Balancer Settings in Kubernetes Clusters for more information.

Create a Load Balancer Using the CLI

You can only add firewall rules to a load balancer using the CLI or API. To add a firewall to a load balancer during its creation, use the --allow-list and --deny-list flags to define a list of IP addresses or CIDRs that the load balancer accepts or blocks connections from.

The load balancer creation command requires a value for the --region flag. Use the doctl compute region list command to retrieve a list of available datacenter regions.

You can also automatically add Droplets to a load balancer during creation by providing a list of Droplet IDs for the --droplet-ids flag. Use the doctl compute droplet list command to retrieve a list of Droplets and their ID’s.

To create an internal-only load balancer that has no public IP address and is only accessible by resources in its VPC, use the --network INTERNAL flag with doctl version v1.108.0 or higher. You cannot switch load balancers between regular and internal after creation.

To create a load balancer with dual-stack IPv4 and IPv6 networking, use the --network-stack DUALSTACK flag with doctl version v1.121.0 or higher. You cannot change the network stack configuration after creation.

To create a network load balancer that routes TCP and UDP traffic at the network layer, use the --type REGIONAL_NETWORK flag with doctl version v1.108.0 or higher.

How to Create a Load Balancer Using the DigitalOcean CLI

Install doctl, the official DigitalOcean CLI.
Create a personal access token and save it for use with doctl.
Use the token to grant doctl access to your DigitalOcean account.
```
doctl auth init
```
Finally, run doctl compute load-balancer create. Basic usage looks like this, but you can read the usage docs for more details:
```
doctl compute load-balancer create [flags]
```

Create a Load Balancer Using the API

You can only add firewall rules to a load balancer using the CLI or API. To add a firewall to a load balancer during its creation, use the firewall field to define a list of IP addresses and CIDRs the load balancer accepts or blocks connections from.

The load balancer creation call requires a value for the region field. Use the /v2/regions endpoint to retrieve a list of available datacenter regions.

You can also automatically add Droplets to a load balancer during creation by providing an array of Droplet IDs in the droplet_ids field. Use the /v2/droplets endpoint to retrieve a list of Droplets and their IDs.

To create an internal-only load balancer that has no public IP address and is only accessible to resources in its VPC, specify the network field as INTERNAL. You cannot switch load balancers between regular and internal after creation.

To create a load balancer with dual-stack IPv4 and IPv6 networking, use the network_stack key with a value of DUALSTACK. You cannot change the network stack configuration after creation.

To create a network load balancer that routes TCP and UDP traffic at the network layer, set the type field to REGIONAL_NETWORK.

How to Create a Load Balancer Using the DigitalOcean API

Create a personal access token and save it for use with the API.

cURL

Send a POST request to https://api.digitalocean.com/v2/load_balancers.

Using cURL:

# Create new load balancer
curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
  -d '{"name": "example-lb-01","size_unit": 1, "region": "nyc3", "forwarding_rules":[{"entry_protocol":"http","entry_port":80,"target_protocol":"http","target_port":80,"certificate_id":"","tls_passthrough":false}, {"entry_protocol": "https","entry_port": 444,"target_protocol": "https","target_port": 443,"tls_passthrough": true}], "health_check":{"protocol":"http","port":80,"path":"/","check_interval_seconds":10,"response_timeout_seconds":5,"healthy_threshold":5,"unhealthy_threshold":3}, "sticky_sessions":{"type":"none"}, "firewall":{"deny":["ip:1.2.3.4","cidr:2.3.4.0/24"],"allow":["cidr:1.2.0.0/16","ip:2.3.4.5"]}, "droplet_ids": [3164444, 3164445]}' \
  "https://api.digitalocean.com/v2/load_balancers"

# Create new load balancer with Droplet tag
curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
  -d '{"name": "example-lb-01", "region": "nyc3", "size_unit": 1, "forwarding_rules":[{"entry_protocol":"http","entry_port":80,"target_protocol":"http","target_port":80,"certificate_id":"","tls_passthrough":false}, {"entry_protocol": "https","entry_port": 444,"target_protocol": "https","target_port": 443,"tls_passthrough": true}], "health_check":{"protocol":"http","port":80,"path":"/","check_interval_seconds":10,"response_timeout_seconds":5,"healthy_threshold":5,"unhealthy_threshold":3}, "sticky_sessions":{"type":"none"}, "firewall":{"deny":["ip:1.2.3.4", "cidr:2.3.4.0/24"],"allow":["cidr:1.2.0.0/16","ip:2.3.4.5"]}, "tag": "web:prod"}' \
  "https://api.digitalocean.com/v2/load_balancers"

Go

Using Godo, the official DigitalOcean API client for Go:

import (
    "context"
    "os"

    "github.com/digitalocean/godo"
)

func main() {
    token := os.Getenv("DIGITALOCEAN_TOKEN")

    client := godo.NewFromToken(token)
    ctx := context.TODO()

    createRequest := &godo.LoadBalancerRequest{
        Name:      "example-01",
        SizeUnit: "1",
        Algorithm: "round_robin",
        Region:    "nyc3",
        ForwardingRules: []godo.ForwardingRule{
            {
                EntryProtocol:  "http",
                EntryPort:      80,
                TargetProtocol: "http",
                TargetPort:     80,
            },
            {
                EntryProtocol:  "https",
                EntryPort:      443,
                TargetProtocol: "https",
                TargetPort:     443,
                TlsPassthrough: true,
            },
        },
        HealthCheck: &godo.HealthCheck{
            Protocol:               "http",
            Port:                   80,
            Path:                   "/",
            CheckIntervalSeconds:   10,
            ResponseTimeoutSeconds: 5,
            HealthyThreshold:       5,
            UnhealthyThreshold:     3,
        },
        StickySessions: &godo.StickySessions{
            Type: "none",
        },
        DropletIDs:          []int{3164444, 3164445},
        RedirectHttpToHttps: false,
        Firewall:            &godo.LBFirewall{
            Deny: []string{"ip:1.2.3.4", "cidr:2.3.4.0/24"},
            Allow: []string{"cidr:1.2.0.0/16", "ip:2.3.4.5"},
        }
  // Create new load balancer with Droplet tag
  //     Tag:                 "web:prod",
  //     RedirectHttpToHttps: false,
    }

    lb, _, err := client.LoadBalancers.Create(ctx, createRequest)

Ruby

Using DropletKit, the official DigitalOcean API client for Ruby:

require 'droplet_kit'
token = ENV['DIGITALOCEAN_TOKEN']
client = DropletKit::Client.new(access_token: token)

load_balancer = DropletKit::LoadBalancer.new(
  name: 'example-lb-01',
  size_unit: '1',
  algorithm: 'round_robin',
# Create new load balancer with Droplet tag
# tag: 'web:prod',
  droplet_ids: [ 3164444, 3164445],
  redirect_http_to_https: true,
  region: 'nyc3',
  forwarding_rules: [
    DropletKit::ForwardingRule.new(
      entry_protocol: 'http',
      entry_port: 80,
      target_protocol: 'http',
      target_port: 80,
      certificate_id: '',
      tls_passthrough: false
    ),
    DropletKit::ForwardingRule.new(
      entry_protocol: 'https',
      entry_port: 443,
      target_protocol: 'https',
      target_port: 443,
      certificate_id: '',
      tls_passthrough: true
    )
  ],
  sticky_sessions: DropletKit::StickySession.new(
    type: 'cookies',
    cookie_name: 'DO-LB',
    cookie_ttl_seconds: 5
  ),
  health_check: DropletKit::HealthCheck.new(
    protocol: 'http',
    port: 80,
    path: '/',
    check_interval_seconds: 10,
    response_timeout_seconds: 5,
    healthy_threshold: 5,
    unhealthy_threshold: 3
  )
)
client.load_balancers.create(load_balancer)

Python

Using PyDo, the official DigitalOcean API client for Python:

import os
from pydo import Client

client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))

req = {
  "name": "example-lb-01",
  "region": "nyc3",
  "forwarding_rules": [
    {
      "entry_protocol": "http",
      "entry_port": 80,
      "target_protocol": "http",
      "target_port": 80
    },
    {
      "entry_protocol": "https",
      "entry_port": 443,
      "target_protocol": "https",
      "target_port": 443,
      "tls_passthrough": True
    }
  ],
  "droplet_ids": [
    3164444,
    3164445
  ],
  "project_id": "9cc10173-e9ea-4176-9dbc-a4cee4c4ff30",
  "http_idle_timeout_seconds": 60,
  "firewall": {
    "deny": [
      "cidr:1.2.0.0/16",
      "ip:2.3.4.5"
    ],
    "allow": [
      "ip:1.2.3.4",
      "cidr:2.3.4.0/24"
    ]
  }
}

resp = client.load_balancers.create(body=req)

Create a Load Balancer Using the Control Panel

To start creating a regional load balancer, click Create at the top of the Control Panel and select Load Balancer. Alternatively, click Networking in the main menu, click Load Balancers, then click Create Load Balancer.

The Create Load Balancer page is a single form. The fields below the type selection adjust based on whether you choose Regional or Global. To create a regional load balancer, complete the form from top to bottom:

Choose a Load Balancer type. Select Regional. To create a global load balancer instead, see How to Create a Global Load Balancer. You cannot change the type after the load balancer is created.
Choose a datacenter region. Select the primary region for the load balancer. To distribute backends across more than one region, expand Additional datacenter regions and select the regions you want to add. Backend Droplets must be in the same region as the load balancer. After you choose a region, the form displays the VPC network the load balancer joins by default (for example, default-ams3).
Choose traffic management. Select HTTP for general web traffic, where routing decisions are based on the content of the request (such as HTTP headers and application protocols). Select Network for TCP and UDP protocol-level routing with low latency. You cannot change traffic management after the load balancer is created.
Choose network visibility. Select External to allow public web traffic to reach the load balancer, or Internal to allow access only through the private network from resources in the same VPC.
Enable IPv6 (optional). Select the Enable IPv6 checkbox to add an IPv6 address alongside the IPv4 address. You cannot enable IPv6 after the load balancer is created.
Choose Node Size. Use the Number of nodes field to set how many nodes the load balancer uses. We recommend at least two nodes for high availability. The form updates the simultaneous connections, requests per second, and SSL connections per second values based on the node count.

The load balancer’s scaling configuration allows you to adjust the load balancer’s number of nodes. The number of nodes determines:

* How much traffic the load balancer can handle:
  * For HTTP load balancers this is affects maximum requests per second and simultaneous connections
  * For network load balancers the number of nodes determines overall ingress throughput
* The load balancer's overall monthly cost

The load balancer must have at least one node. You can add or remove nodes at any time to meet your traffic needs.


    Note
    The quantity and size of the load balancers you can have on your account depends on your account’s resource limits. We use dynamic resource limits to protect our platform against bad actors. To request a limit increase, contact support. If you are a team owner or resource modifier, you can check your resource limits and request an increase on the Resource Limits page in the DigitalOcean Control Panel.

Finalize. Under Choose a unique name, enter a name. Names must be lowercase, up to 32 characters long, and may contain dashes. Under Select a project, choose the project to assign the load balancer to. You can rename a load balancer later from its detail page.

The Summary panel in the right rail shows the projected monthly cost. Click Create Load Balancer to provision the load balancer. The Control Panel takes you to the new load balancer’s detail page.

After creation, configure backends, forwarding rules, and advanced settings from the load balancer’s detail page. See How to Manage Load Balancers for the post-creation flows:

The load balancer joins the default VPC network for its region. To use a different VPC, change it from the load balancer’s Settings tab.
Add Droplets or Kubernetes nodes to the backend pool. New Droplets start in a DOWN state until they pass the load balancer’s health check. For Kubernetes-backed load balancers, see How to Add Load Balancers to Kubernetes Clusters.
Add or modify forwarding rules to control how traffic routes to backends. The default rule forwards HTTP traffic on port 80 to HTTP on port 80 on the backend Droplets.

If you create a forwarding rule that requires a Let’s Encrypt certificate, you have the option to allow us to automatically create the necessary DNS record, at the apex of your domain, to support the certificate. The Create DNS records for all the new Let’s Encrypt certificates box is checked by default. If you want to manage your own DNS records for your Let’S Encrypt certificate, uncheck the box to opt out of creating any records when creating the forwarding rule.

You can update this selection when adding or updating forwarding rules at a later time. However, the updated selection applies only to the new rules going forward, existing DNS records are not updated.

Configure advanced settings such as sticky sessions, health checks, SSL forwarding, and PROXY protocol.

Once you have at least one load balancer, you can view and manage all load balancers on the Networking > Load Balancers page.