Give droplet access to other droplet's couchdb

April 3, 2017 591 views
Firewall Networking Ubuntu 16.04

Hi,

I have a droplet running Tornadoweb to serve some sweet REST apis and another droplet that hosts couchdb.

I have enabled private networking on both droplets however I am struggling to ping one from the other let alone curl droplet_ip:5984

I want to block all public access to the droplet running couchdb, only the droplet running tornado should be able to read/write said couchdb droplet.

2 Answers
theplumptomato April 3, 2017
Accepted Answer

And for the couchdb issue:

I change the bind_address in /etc/couchdb/default.ini to the droplets private IP address, so now I can access couch from the other droplet. I tried to curl the droplet from my local computer and could not access couch as desired.

  • @theplumptomato
    Great you got it working.
    Just remember that DigitalOcean sadly calls the feature "Private Networking", which is very confusing, since it's not private at all.
    Private Networking means "local network in the data center", which means anyone in the data center can connect to your CouchDB.
    So remember to protect yourself with firewall, logins and/or VPN.

    • @hansen
      Thanks!
      Yes, I wasn't sure about how exactly they would isolate the private networks, thanks for that information.

      To update my firewall should I be doing something along the lines of:
      sudo ufw allow from tornado_droplet_ip
      and denying all other in-comings?

To answer the ping part of my question. One of the droplets was made before I selected enable private networking and as such I hadn't followed the guide properly to set up the interfaces.

I can now ping the droplets via their private ip addresses. Still no luck on access to couchdb, though.
https://www.digitalocean.com/community/tutorials/how-to-enable-digitalocean-private-networking-on-existing-droplets

by Justin Ellingwood
DigitalOcean has announced private networking in certain data centers. This feature can be enabled easily on newly created Droplets. In this article, we will discuss how to enable private networking on existing Droplets located in data centers where private networking has been implemented.
Have another answer? Share your knowledge.