Are your metrics and health endpoints not separate? Or, do you mean, you want to http health-check the (private) metrics endpoint?
If the latter, then one can run local checks (custom, built-in), if that makes sense, for (private) ports not exposed via fly-proxy.