Articles

Build High Availability on DigitalOcean with Load Balancers and Replicas (2026)

April 16, 2026 4 min read

DigitalOcean Load Balancers don’t actually distribute traffic; they forward it to a single, designated Droplet that’s responsible for handling the actual distribution.

Let’s see this in action. Imagine you’ve got a web application running across three Droplets, each with its own web server process listening on port 80. You’ve set up a DigitalOcean Load Balancer to front these three Droplets, and you’ve configured it to forward traffic to port 80 on each of them.

Here’s what the Load Balancer doesn’t do:

  • Directly serve requests: The Load Balancer itself isn’t running Nginx or Apache or any kind of web server that processes HTTP requests. It’s a network device.
  • Magically balance: It doesn’t have a built-in algorithm to decide which of your backend Droplets gets the next request. That logic lives on one of your Droplets.

Here’s what it does do:

  1. Listens on a public IP: The Load Balancer gets its own public IP address. When a user types yourdomain.com and your DNS points to the Load Balancer’s IP, their browser connects to this IP.
  2. Forwards to a single backend: Crucially, the Load Balancer is configured with a forwarding rule. This rule tells it, "When you receive traffic on port X, send it to Droplet Y on port Z." For high availability, you’d typically configure this to forward to a single Droplet that’s running your actual load balancing software.

So, how do you achieve high availability then? The magic happens on one of your application Droplets, running a piece of software like HAProxy or Nginx, configured as a reverse proxy.

Here’s a typical setup:

  • Droplet A (Load Balancer Node): Runs HAProxy. It listens on port 80 and 443. Its configuration directs incoming traffic to Droplets B and C.
  • Droplet B (App Node): Runs your web application (e.g., Node.js, Python/Flask). It also listens on port 80 and 443.
  • Droplet C (App Node): Runs your web application, identical to Droplet B.

The DigitalOcean Load Balancer’s single forwarding rule would point to Droplet A on port 80. Your HAProxy configuration on Droplet A then intelligently distributes traffic to Droplets B and C.

HAProxy Configuration Snippet (on Droplet A):

frontend http_frontend
    bind *:80
    mode http
    default_backend http_backend

backend http_backend
    mode http
    balance roundrobin
    option httpchk GET /healthcheck
    server app1 192.168.1.10:80 check
    server app2 192.168.1.11:80 check
  • frontend http_frontend: Defines how HAProxy listens for incoming connections. bind *:80 means it listens on all network interfaces on port 80.
  • backend http_backend: Defines the pool of servers to send traffic to.
  • balance roundrobin: This is HAProxy’s simple load balancing algorithm, distributing requests sequentially. Other options include leastconn (sends to server with fewest active connections) or source (hashes client IP to pick a server).
  • option httpchk GET /healthcheck: HAProxy periodically sends an HTTP GET request to /healthcheck on each backend server. If a server doesn’t respond successfully (e.g., returns a 200 OK), HAProxy marks it as down and stops sending traffic to it.
  • server app1 192.168.1.10:80 check: Defines a backend server named app1 at IP 192.168.1.10 on port 80. The check keyword enables health checking.

The DigitalOcean Load Balancer’s role:

Its configuration would be:

  • Frontend Protocol: HTTP
  • Frontend Port: 80
  • Backend Protocol: HTTP
  • Backend Port: 80
  • Forwarding Rules:
    • Forward traffic from port 80 to Droplet A (IP: 192.168.1.9) on port 80

When a user hits the DO Load Balancer’s public IP, the DO LB forwards that request to Droplet A (192.168.1.9). HAProxy on Droplet A then decides, based on its balance roundrobin rule and health checks, whether to send the request to Droplet B (192.168.1.10) or Droplet C (192.168.1.11).

Achieving High Availability:

  1. Redundant App Servers: Droplets B and C are your application replicas. If Droplet B fails, HAProxy on Droplet A will detect this via the health check and automatically stop sending traffic to it, directing all requests to Droplet C.
  2. Redundant Load Balancer (HAProxy): To make HAProxy itself highly available, you’d typically run a second HAProxy instance on another Droplet (Droplet D). You’d then use a tool like Keepalived with VRRP (Virtual Router Redundancy Protocol) to manage a virtual IP address. This virtual IP would be the one the DigitalOcean Load Balancer forwards to. If the primary HAProxy Droplet (A) fails, Keepalived on Droplet D takes over the virtual IP, and HAProxy on Droplet D starts handling traffic.

The one thing most people don’t know: The DigitalOcean Load Balancer’s health checks are not checking your application servers directly. They’re only checking if the forwarding target (Droplet A in our example) is reachable and responding. The actual application-level health is managed by the software on Droplet A. This means if your HAProxy on Droplet A crashes but the Droplet itself is still online, the DO Load Balancer will keep sending traffic to it, and users will get errors because HAProxy isn’t there to forward it.

The next step in making this setup truly robust is implementing a failover mechanism for the HAProxy instances themselves, often using Keepalived and VRRP.

Want structured learning?

Take the full Digitalocean course →