brian3772
By:
brian3772

Additional IP addresses? Internal network IP addresses?

November 5, 2012 16.8k views
Is it possible to have multiple IP's on the same server and is it possible to reach other instances on the private network using a private IP?
1 comment
  • What's up with not having multiple public IPv4's anyway? Is supply that short already?

15 Answers
We do not offer multiple public IP addresses on the same virtual server but if there is a particular application that you would like to run we can help you troubleshoot/configure how to optimize it for a single IP.

We will be rolling out private networking for all virtual servers so that you will be able to communicate between virtual servers via the private network in the future.
Is there an ETA for the private net IPs? I'm not sure who asked this question, but I need either multiple external IPs, or at the very least an internal network. I need multiple SSL sites and I can not use SNI since it's not supported widely enough.

Instead of multiple externals I was going to use a proxy/balancer to do the SSL termination and then send unencrypted to the back end servers, but I can only do that on a private network.
We are looking to roll out a beta of private IPs in the next 1-2 months and let customers test. This will be a beta which means customers should not trust production systems to it, but if they want to test it and help us work through bugs.

Then we would be looking to finalize it and put it into production as part of the fully supported platform in about 3 months time total.
We haven't yet rolled out private IPs as we've been focused on our core infrastructure the past couple months to announce double RAM and SSD-only virtual servers today.

But its next on the list.
Any estimation when could it be released? Is a VPN a good substitute for private networks for now? How would you set up a cluster of several droplets?
We are hopeful that we will have it deployed in the next couple of months.

In regards to your specific question it depends on what you are looking to accomplish. If you want to secure your virtual servers the best route is to employ firewall rules. If you have a completely segregated private network it reduces the need for this, however you still want to employ firewall rules because that completely limits exactly which hosts can connect where and on what ports.

With a private network you will still have public servers, if one of those is compromised that user can then attempt to login to backend servers. If however you have firewall rules that restrict access even on top of the internal network you can limit the type of communication the servers have.

Essentially it's more work but it is more secure because instead of assuming that all private network communications are secure, you are instead assuming all communications are by default not secure and then opening up communication ports accordingly.
Thanks. What I want to accomplish is safe communication between droplets. For example one of them would be data machine (elasticsearch and/or mongo) while the other would serve http requests. I was thinking how to configure firewall so the machines will be able to communicate. Should I allow traffic from explicit ip numbers of my droplets? Normally if they were in a private network I would allow some traffic from LAN.
You would restrict it based on the IPs of the other servers that you want to communicate with the DB servers and only allow explicit access to the ports on which those services run on.

Then you may want to have a bastion host that you use to login to those servers to administer them.
Note that the mentioned article on using multiple certs on a single IP is now here: https://www.digitalocean.com/community/articles/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apache-on-ubuntu-12-04
by Etel Sverdlov
Although hosting several sites on a single virtual private server is not a challenge with the use of virtual hosts, providing separate SSL certificates for each site traditionally required separate IP addresses. The process has recently been simplified through the use of Server Name Indication (SNI), which sends a site visitor the certificate that matches the requested server name.
@ericrobertscott you can follow the progress on private networking here: http://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3020028-private-back-end-network-support
Hi,,

any update?

Regards
Milosz
Is there any indication when you might offer the possibility of additional public IP addresses on a droplet?

These are absolutely required to run mutiple SSL sites on an instance with a single SSL certificate, and to setup a website requiring mutile IP addresses to use multiple webserver programs --- nginx for front page, images and static HTML, Apache for SSL private site and scripted content...
The day DigitalOcean offers additional IPs it will be nail in the coffin for companies like Linode! We manage over 30 servers that we would migrate here because it would cut costs in 1/2!! But IP = no go.

Of course if Linode adds SSD options without increasing current pricing then since they already have much more to offer just from the GUI control panel alone and no IP limitations, Linode would be killer!
Have another answer? Share your knowledge.