Question

Give droplet access to other droplet's couchdb

Posted April 3, 2017 2.1k views
Networking Firewall Ubuntu 16.04

Hi,

I have a droplet running Tornadoweb to serve some sweet REST apis and another droplet that hosts couchdb.

I have enabled private networking on both droplets however I am struggling to ping one from the other let alone curl droplet_ip:5984

I want to block all public access to the droplet running couchdb, only the droplet running tornado should be able to read/write said couchdb droplet.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers

And for the couchdb issue:

I change the bind_address in /etc/couchdb/default.ini to the droplets private IP address, so now I can access couch from the other droplet. I tried to curl the droplet from my local computer and could not access couch as desired.

  • @theplumptomato
    Great you got it working.
    Just remember that DigitalOcean sadly calls the feature “Private Networking”, which is very confusing, since it’s not private at all.
    Private Networking means “local network in the data center”, which means anyone in the data center can connect to your CouchDB.
    So remember to protect yourself with firewall, logins and/or VPN.

To answer the ping part of my question. One of the droplets was made before I selected enable private networking and as such I hadn’t followed the guide properly to set up the interfaces.

I can now ping the droplets via their private ip addresses. Still no luck on access to couchdb, though.
https://www.digitalocean.com/community/tutorials/how-to-enable-digitalocean-private-networking-on-existing-droplets

Submit an Answer