How do I get my Digital Ocean load balancer's private IP?
I’m trying to migrate two nginx servers to use the new Digital Ocean Load Balancers.
One issue I run into is the load balancer needs to use the internal network IP of both nginx servers (10.134.x.x) - we have firewall rules configured to block all traffic except from known hosts. I can get the external IP of the load balancer through the dashboard (138.x.x.x) but where can I get the internal IP so I can allow traffic from the load balancer only?
Likewise if I request information about the Load Balancer through the V2 API I can only get the external IP.
As a short term solution I can allow all traffic from the 10.134.0.0/16 subnet - monitor logs to see which servers are attempting to reach my server - whittle down the 5 ips to the one coming from my load balancer by process of trial and error (by creating an iptable rule for just that IP), but for a number of reasons this is not ideal and hard to scale.
I understand the load balancers themselves are configured to automatically failover to alternate instances in an event of a failure at the load balancer layer - would the failover machine have a different IP or does Digital Ocean use floating internal IP’s?
What is the current best compromise between allowing room for failover but not exposing one’s server to unknown traffic either at the network or global level?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×