Hello I would like to setup a firewall rule that would allow access only from some of my deployed apps. Unfortunately those rules don’t seem to be available. Any ideas how I can restrict access to a droplet to just my apps?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $200 of credit to try our products over 60 days!
if you are using two Droplets they’ll both have static IP addresses. In your DB Droplet, you can use the firewall to restrict all access but from the IP address you require.
Let’s say you are using UFW.
Then you can allow specific IPs with:
This will allow IP address 192.168.1.10 to any port on your firewall. You just need to change the IP address to your Droplet’s IP address.
Please note that once you run the first command all connections should be lost, so I would recommend doing it over the recovery console. Additionally, allow your IP address as well so that you can SSH at any time.
Lastly, before doing anything I’ll also recommend creating a Snapshot just in case something happens. You can read more about them here https://docs.digitalocean.com/products/images/snapshots/
Are you referring to the DigitalOcean App Platform? If this is the case, currently the App Platform does not offer static IP addresses that you could use for your external firewalls.
It looks like someone has had the same idea before and has posted it on our Product Ideas board. The best thing to do would be to head over and add your vote to it, as well as adding any additional information in the comments for exactly what you’d like to see implemented!
If you are not referring to the App Platform, then what you could do is to use the IP addresses of the Droplets that you’ve deployed your apps on and allow those IP addresses via your firewalls:
Hope that helps!