Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
High lag observed on my first droplet on Banglore DC . Shows ping response more than 1 sec on avg with packet loss. Question Question
Is a wildcard CNAME DNS record valid? Question Question

Question

Connecting to a digital ocean Private Network

Posted August 9, 2016 8.1k views
NetworkingUbuntu 16.04

Hello

I am building out an infrastructure for an application that my team is building. I currently have 4 droplets (may end up being 5 droplets) each running Ubuntu 16.04. I have one droplet acting as a reverse proxy server (running NGINX), one droplet acting as my Application server, one application acting as my Database Server and one droplet is a Continuous Integration server (running jenkins). I want to make sure that all but the reverse proxy server are only accessible over the Private network that you guys provide. How ever, I obviously still want to be able to access these droplets even though they are only accessible on private Networking. How could I do this? Do I need to setup openVPN and have that connect to the your Private Networking or what?

Thanks for your help!

Add a comment
yoseph
By:
yoseph

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
High lag observed on my first droplet on Banglore DC . Shows ping response more than 1 sec on avg with packet loss. Question Question
Is a wildcard CNAME DNS record valid? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
ryanpq August 9, 2016

You’ve got a few different options here. In all cases, this guide should help you get a firewall set up on your droplets.

You could decide to keep SSH on the other droplets accessible on the public network (on a non-standard port) or you could SSH to the server hosting your reverse proxy and then ssh from there to your other droplets. A VPN would be another option. Additionally you can access your droplets via the console in the control panel though you will need to set up a password for your user to do so.

How To Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server
by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
Reply Report
  • yoseph August 9, 2016

    How would I set up the VPN? I would rather restrict all SSH activities to only being allowed on the private network. And I would rather use my own terminal rather than the online control panel one.

    Reply Report
    • ryanpq August 9, 2016

      Absolutely. That makes sense. This guide will walk you through setting up a VPN on a droplet. You can then configure the firewall on all the droplets except the nginx reverse_proxy to only accept connections coming from the VPN server’s IP address.

      How To Set Up an OpenVPN Server on Ubuntu 16.04
      by Justin Ellingwood
      Want to access the Internet safely and securely from your smartphone or laptop when connected to an untrusted network such as the WiFi of a hotel or coffee shop? A Virtual Private Network (VPN) allows you to traverse...
      Reply Report

Related

Looking for something else?

Ask a new question Search for more help