Health check

Proxy

Proxy provides health endpoint at GET /api/v1/health which checks whether the application is running.

Example request:

curl https://enroll.example.com/api/v1/health

Response:

• alive with status code 200 – Proxy is working

To verify gRPC services for Proxy are alive, there is endpoint at GET /api/v1/health-grpc that verify it.

Example request:

curl https://enroll.example.com/api/v1/health-grpc

Response:

• alive with status code 200 – Proxy is working and is connected to Core

• Not connected to Defguard Core with status code 503 – Proxy is working, but is not connected to Core

Core

To check if Core is working, you can use endpoint at GET /api/v1/health which verify it.

Example request:

curl https://defguard.example.com/api/v1/health

Response:

• alive with status code 200 – Core is working

To check if core gRPC service is alive, we recommend to use community tools like grpc_health_probe.

Example request for Core:

Example response:

Gateway

In Gateway configuration, a health check port can be enabled by adding the following line (see also example config):

In this example, Gateway will open an additional HTTP port number 55003. Now we can use GET /api/v1/health endpoint to verify whether Gateway is working correctly.

If running in Docker you can also enable it by setting the HEALTH_PORT environment variable.

By default the HTTP server will listen on all interfaces, but if you prefer to bind only a specific IP you can set it by using the http_bind_address config option (or DEFGUARD_HTTP_BIND_ADDRESS environment variable). For example:

Example request:

Response:

• alive with status code 200 – Gateway is working and is connected to Core

• Not connected to core with status code 503 – Gateway is working but is not connected to Core

By default, no health check ports are open.