Question

I have a droplet setup with a DB Server running

Hello I would like to setup a firewall rule that would allow access only from some of my deployed apps. Unfortunately those rules don’t seem to be available. Any ideas how I can restrict access to a droplet to just my apps?

Raphael

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
August 16, 2022

Hi @rapsli,

if you are using two Droplets they’ll both have static IP addresses. In your DB Droplet, you can use the firewall to restrict all access but from the IP address you require.

Let’s say you are using UFW.

  1. sudo ufw enable && sudo ufw default deny incoming

Then you can allow specific IPs with:

  1. sudo ufw allow from 192.168.1.10 to any

This will allow IP address 192.168.1.10 to any port on your firewall. You just need to change the IP address to your Droplet’s IP address.

Please note that once you run the first command all connections should be lost, so I would recommend doing it over the recovery console. Additionally, allow your IP address as well so that you can SSH at any time.

Lastly, before doing anything I’ll also recommend creating a Snapshot just in case something happens. You can read more about them here https://docs.digitalocean.com/products/images/snapshots/

Bobby Iliev
Site Moderator
Site Moderator badge
August 15, 2022

Hey @rapsli,

Are you referring to the DigitalOcean App Platform? If this is the case, currently the App Platform does not offer static IP addresses that you could use for your external firewalls.

It looks like someone has had the same idea before and has posted it on our Product Ideas board. The best thing to do would be to head over and add your vote to it, as well as adding any additional information in the comments for exactly what you’d like to see implemented!

https://ideas.digitalocean.com/digitalocean/p/app-platform-static-ip

If you are not referring to the App Platform, then what you could do is to use the IP addresses of the Droplets that you’ve deployed your apps on and allow those IP addresses via your firewalls:

https://docs.digitalocean.com/products/networking/firewalls/how-to/manage-droplets/

Hope that helps!

- Bobby.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up