.. role:: green .. role:: red .. role:: blue .. role:: orange Ports & Health Checks ===================== This area is for configuring the ports and protocols your balancer will use, along with health checks it performs on the backend servers. Health Checks ------------- .. image:: ../_static/images/health_checks.png :target: ../_static/images/health_checks.png In order to provide *high availability*, the balancer performs *health checks* on all backend servers, according to criteria set here. The default is to simply check '/' over plain HTTP expecting a 2xx response. Backend servers failing health checks will automatically be set to :red:`DOWN` state and the balancer will stop sending traffic. Checks continue, and when the backend server starts passing checks again, the balancer will set it back to :green:`UP` state and resume passing traffic. You can click :guilabel:`Edit` to modify your checks, the parameters are described below: Port The port to check. This must be open on all backend servers. Protocol * **TCP**: Only check if the port is open ("Layer 4"). The "Path" option (described below) is ignored. This is the only check available when balancing protocols other than HTTP. * **HTTP**: Plain HTTP (protocol-aware, "Layer 7"). Will make a request to "Path", expecting a 2xx response. * **HTTPS**: Same as HTTP, but use TLS. .. Note:: TLS certificates are not verified for connections to backend servers. Path With HTTP or HTTPS, /path/to/check Interval Number of seconds between checks. Timeout before failure Number of seconds to wait for a response before failing. This must be less than Interval. Number of failed attempts (fall) Number of failed checks before setting a backend server :red:`DOWN`. Number of successful attempts (rise) Number of successful checks before setting a :red:`DOWN` server back :green:`UP`. .. Note:: Health checks are run across *all backend servers* at the interval specified. Ports ----- .. image:: ../_static/images/ports.png :target: ../_static/images/ports.png Balancer ports consist of two parts: a *frontend*, which is a port open on it's Public IPv4 address, and a *backend* which is the "destination" port it sends traffic to on the backend servers. Additionally, just like health checks you specify a protocol, and optionally a certificate. Add a port ++++++++++ To add a port, click :guilabel:`Add port`. Set the parameters in the form that opens: Protocol * **TCP**: Direct TCP connection. This is the simplest and also used when forwarding protocols other than HTTP. * **HTTP**: Plain HTTP, protocol aware so options under :doc:`settings ` also work (SSL Redirect, Cookies, etc.) * **HTTPS**: Same as HTTP but with TLS. If HTTPS is selected, another dropdown appears: "Certificate". If "Passthrough" is selected, TLS is passed through to be terminated and verified on each backend server. If a :doc:`certificate ` is available, it can be selected here to terminate TLS *at the load balancer* instead. This is typically more efficient as you only need to worry about maintaining the one certificate on the balancer, as opposed to one on every backend server. .. Note:: If a frontend port is added that matches an existing frontend port, it will simply update the existing port.