DigitalOcean

Report this

What is the reason for this report?
Question

how to set up a private webserver on Digital Ocean: wireguard?

Posted on March 26, 2022
Security
Networking
David Mintz

By David Mintz

I have experience developing web applications and setting up web and database servers, but minimal experience with VPNs and not a really advanced understanding of networking. Now I would like to set up web and database servers that are not public-facing at all, but only accessible to a very select few devices/users. I’ve done some searching and reading, and seen competing ideas and products – OpenVPN, Algo, Wireguard. I like Wireguard, and wonder if a sound approach would be to set up a web server that only accepts connections from the handful of IP addresses that are part of my little Wireguard network. I hope my meaning is clear and terminology close enough to correct.

Does this idea make sense? Any other suggestions?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
March 26, 2022

Hi there,

A quick way to do this without a lot of server-side configuration would be:

  • Install a firewall on your server like csf:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu

  • Then close all ports for that server. That way only the IP’s that are in the CSF allow list would be able to access the ports and the services running on those ports.

  • After that, you can set up a separate VPN server like Wireguard or OpenVPN as you mentioned. You could use this 1-Click installation here:

https://marketplace.digitalocean.com/apps/openvpn-access-server

  • Then get the IP address of your VPN server and allow it in your csf firewall so that whenever you connect to the VPN you will also have access to your web server.

Alternatively to using CSF you could use the DigitalOcean Cloud Firewalls which are available at no additional cost:

https://docs.digitalocean.com/products/networking/firewalls/

Regarding the communication between the database server and the webserver, they could be created in the same VPC and could communicate via the private network so that the traffic would not go over the public network:

https://docs.digitalocean.com/products/networking/vpc/

Hope that this helps!

Best,

Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.