DigitalOcean

Report this

What is the reason for this report?
Question

Block all IP access to database droplet, except for one

Posted on August 24, 2017
API
Ubuntu
Jonata Santos

By Jonata Santos

Hi, I have an droplet which is running a NGINX and I wish to block my another droplet running Mongo to be visible exclusively for the NGINX one. Could you help me? Both are running Ubuntu.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
ramperto
ramperto
August 25, 2017

Using ufw, first you need to deny all traffic to your database port

sudo ufw deny 3306/tcp

then allow your IP to your server:

sudo ufw allow from Your.IP.Address to any port 3306 proto tcp
0
Ben B.
Ben B.
August 24, 2017

https://help.ubuntu.com/community/UFW

0
alexdo
alexdo
September 27, 2023

Heya,

You should configure the firewall on your MongoDB droplet to only allow incoming connections from the IP address of your NGINX droplet. You can do this using ufw, the Uncomplicated Firewall, which is a frontend for managing iptables.

First, you need to check the IP address of your NGINX droplet:

  1. curl ifconfig.me

Make note of the NGINX droplet’s public IP address.

Next, on your MongoDB droplet, allow incoming connections from the NGINX droplet’s IP address:

  1. sudo ufw allow from NGINX_DROPLET_IP to any port 27017

Replace NGINX_DROPLET_IP with the actual IP address of your NGINX droplet.

Enable the firewall if it’s not already enabled:

  1. sudo ufw enable

Now, your MongoDB droplet should only allow incoming connections from the NGINX droplet’s IP address. Other external connections will be blocked by the firewall, and MongoDB will only be accessible locally on the MongoDB droplet itself.

Please make sure to replace NGINX_DROPLET_IP with the actual IP address of your NGINX droplet and ensure that your MongoDB application still functions as expected after making these changes.

Hope that this helps!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.