diff --git a/gke_server/main.go b/gke_server/main.go
index 3246d85..06d8e35 100644
--- a/gke_server/main.go
+++ b/gke_server/main.go
@@ -39,6 +39,10 @@ func (p *ReverseProxy) retrieveClusterInfo(ctx context.Context) error {
 	p.clusterInfo, err = clusterinfo.NewCache(ctx, p.ProjectID, credentials, 5*time.Minute)
 	return err
 }
+func healthCheckHandler(w http.ResponseWriter, _ *http.Request) {
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	fmt.Fprintf(w, "service is healthy\n")
+}
 
 func (p *ReverseProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
@@ -85,6 +89,8 @@ func (p *ReverseProxy) Run() {
 	}
 
 	http.Handle("/", p)
+	http.HandleFunc("/__health", healthCheckHandler)
+
 	srv := &http.Server{
 		Addr:         fmt.Sprintf(":%d", p.Port),
 		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
diff --git a/terraform/iap-proxy.service b/terraform/iap-proxy.service
index 19610cc..259926e 100644
--- a/terraform/iap-proxy.service
+++ b/terraform/iap-proxy.service
@@ -5,7 +5,7 @@ After=docker.service network-online.target
 
 
 [Service]
-Environment="IMAGE=gcr.io/binx-io-public/simple-iap-proxy:0.3.2"
+Environment="IMAGE=gcr.io/binx-io-public/simple-iap-proxy:0.3.3"
 
 ExecStartPre=ctr images pull ${IMAGE}
 
diff --git a/terraform/main.tf b/terraform/main.tf
index 1531a80..26ce83d 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -30,7 +30,7 @@ resource "google_compute_backend_service" "iap_proxy" {
   }
 
   health_checks = [
-    google_compute_health_check.iap_proxy_tcp.id
+    google_compute_health_check.iap_proxy_https.id
   ]
 }
 
@@ -52,7 +52,7 @@ resource "google_compute_region_instance_group_manager" "iap_proxy" {
   }
 
   auto_healing_policies {
-    health_check      = google_compute_health_check.iap_proxy_tcp.id
+    health_check      = google_compute_health_check.iap_proxy_https.id
     initial_delay_sec = 300
   }
 
@@ -64,15 +64,16 @@ resource "google_compute_region_instance_group_manager" "iap_proxy" {
   }
 }
 
-resource "google_compute_health_check" "iap_proxy_tcp" {
-  name                = "iap-proxy-tcp"
+resource "google_compute_health_check" "iap_proxy_https" {
+  name                = "iap-proxy-https"
   check_interval_sec  = 10
   timeout_sec         = 5
   healthy_threshold   = 2
   unhealthy_threshold = 10 # 100 seconds
 
-  tcp_health_check {
-    port = "8443"
+  https_health_check {
+    port         = "8443"
+    request_path = "/__health"
   }
 
   log_config {