How to Troubleshoot Load Balancer Health Check Issues

Validated on 25 Jul 2024 • Last edited on 30 Jul 2024

DigitalOcean Load Balancers periodically check the health of their target backend Droplets or DOKS nodes to ensure connections are routed only to healthy servers.

The backend service must be accessible and its health checks must be running to be in a Healthy state. A backend that fails the configured health checks is marked as Down in the control panel.

Note

Your health check configuration determines how long it takes for an unhealthy backend to be marked as Healthy after service is restored. Allow enough time between the troubleshooting steps for the status to change.

You must refresh the control panel in your browser to see the most recent health check status.

Check the following items to troubleshoot failing load balancer health checks:

  • Check that your backend server software is functioning properly and not frozen, disabled, or otherwise not responding.
  • Ensure any firewall running on the backend allows traffic on the correct ports and protocols.
  • Avoid using software such as Fail2Ban which may errantly block the load balancer IP instead of the original client IP.
  • If using Cloud Firewalls, make sure that the load balancer is added as a source in the appropriate firewall rules.
  • Ensure your server software is listening on the private network interface. All load balancer traffic goes through the specified private VPC network.
  • If using the PROXY protocol, make sure your health check endpoint (the URL specified in the Path setting of the health check) also accepts PROXY protocol.
  • If using HTTP or HTTPS for your health check endpoint, make sure you return an HTTP status code indicating success in the 200–299 range.
Load balancers return 503 errors when there are either no Droplets assigned to them or all of the assigned Droplets are unhealthy.
Kubernetes service ’externaltrafficpolicy’ field controls how nodes respond to health checks.
By default, load balancers time out after the connection has been idle for 60 seconds. You can customize the timeout duration.
Control Panel Blog Pricing Careers Terms Privacy Status API Docs Tutorials Support