Ports & Health Checks

This area is for configuring the ports and protocols your balancer will use, along with health checks it performs on the backend servers.

Health Checks

../_images/health_checks.png

In order to provide high availability, the balancer performs health checks on all backend servers, according to criteria set here. The default is to simply check ‘/’ over plain HTTP expecting a 2xx response.

Backend servers failing health checks will automatically be set to DOWN state and the balancer will stop sending traffic. Checks continue, and when the backend server starts passing checks again, the balancer will set it back to UP state and resume passing traffic.

You can click Edit to modify your checks, the parameters are described below:

Port

The port to check. This must be open on all backend servers.

Protocol

  • TCP: Only check if the port is open (“Layer 4”). The “Path” option (described below) is ignored. This is the only check available when balancing protocols other than HTTP.

  • HTTP: Plain HTTP (protocol-aware, “Layer 7”). Will make a request to “Path”, expecting a 2xx response.

  • HTTPS: Same as HTTP, but use TLS.

Note

TLS certificates are not verified for connections to backend servers.

Path

With HTTP or HTTPS, /path/to/check

Interval

Number of seconds between checks.

Timeout before failure

Number of seconds to wait for a response before failing. This must be less than Interval.

Number of failed attempts (fall)

Number of failed checks before setting a backend server DOWN.

Number of successful attempts (rise)

Number of successful checks before setting a DOWN server back UP.

Note

Health checks are run across all backend servers at the interval specified.

Ports

../_images/ports.png

Balancer ports consist of two parts: a frontend, which is a port open on it’s Public IPv4 address, and a backend which is the “destination” port it sends traffic to on the backend servers. Additionally, just like health checks you specify a protocol, and optionally a certificate.

Add a port

To add a port, click Add port. Set the parameters in the form that opens:

Protocol

  • TCP: Direct TCP connection. This is the simplest and also used when forwarding protocols other than HTTP.

  • HTTP: Plain HTTP, protocol aware so options under settings also work (SSL Redirect, Cookies, etc.)

  • HTTPS: Same as HTTP but with TLS. If HTTPS is selected, another dropdown appears: “Certificate”. If “Passthrough” is selected, TLS is passed through to be terminated and verified on each backend server. If a certificate is available, it can be selected here to terminate TLS at the load balancer instead. This is typically more efficient as you only need to worry about maintaining the one certificate on the balancer, as opposed to one on every backend server.

Note

If a frontend port is added that matches an existing frontend port, it will simply update the existing port.