Question

I'm afraid that my DigitalOcean account will get banned

Posted February 27, 2020 261 views
DigitalOceanConfiguration ManagementDeploymentDigitalOcean AccountsDigitalOcean API and CLI (doctl)

Hi, I’m planning to make all of my startup’s infrastructure on DO, I was thinking about the best possible solution to provide my Saas service to multiple clients with multiple domain names, So here is what I decided and what I’m afraid of.

My Plan for the infrastructure:
I will use a LoadBalancer as an entry point, then all requests will be forwarded to some workers (Mirrored Droplets have same configs), each droplet will get the requested domain name from the request to use it to load the configuration of that specific client, then each worker will connect to a separate Database on a separate droplet, and connect to my DO space for files of that client, and there is another droplet works as an administration, Let’s say I added some new clients configuration or some software updates and I want to update my workers (droplets) then the admin droplet will create a new snapshot with the new configuration, and let’s say we have 5 workers (droplets) working, then the the admin droplet will create 5 new workers (droplets) with the new configurations and assign them to the main LoadBalancer, and wait for the 5 old ones to complete their current tasks and destroy them, and like this I have explain all of my structure except some side droplets for (Cache calculation, Stats, Monitoring, …), that they are not important to mention.

Problems that I have because of DO:
1- The LoadBalancer have a limit of 10,000 concurrent connections and that’s a bottle neck if I want to scale up, even linking a floating IP address to a loadBalancer so I can create multiple LoadBalancers is not possible.
2- The loadBalancer can handle a single HTTPS Certificate, while I have too many domain names, and If I will select HTTPS pass-through, I won’t have the user’s IP address, and if I want to create my own LoadBalancer, I will be limited by the maximum bandwidth of a single droplet, even if I will choose other types of certificates that supports multiple domain, that will make me frequently update the certificate and I will reach the limited number of domains per certificate with other browser certificate compatibility issues that no ones want to think about.
3- And Finally which is the most dangerous part, what if I have many updates, and destroy and create many droplets per day, let’s suppose the above scenario of workers update happened 5 to 10 times per day to make 25 to 50 droplets deletion and 25 to 50 droplets creation, then DO takes it as an API abuse and ban my account, to find myself out of business.

What happened for me to think so:
I have many projects and I want to have a last clear decision, I have an East personality, so I stick with rules and hate too much changes, I love static data, that’s why I care too much when choosing.
I spend too much time searching for the best provider to find my self in “DigitalOcean vs AWS” searches, to finally decide that I will stick with DO for the rest of my life, with the main reason that all the rules are stated, and I personally love that, then and I don’t know how I ended up searching for “My DigitalOcean account is blocked/banned”, in fact nothing happened to me, I just was curious about what results in Google I will find, and I started reading, too many sad stories, In fact that do not change what DO is, but the new information is that DO is using some automated scripts that may block out some users when they reach some hidden red lines, In fact I have no problem with all the stated problems in the Problems section as long as all the rules are already mentioned, I can find some workarounds, I can play, I can do anything, because there is rules, I can know what to do and what not to do, and I will take my full responsibility if I do something against the rules, no problem, tell me that I can’t send more that an API request per minute, and I will see what I can do, but don’t block my account because I didn’t respect a rule that I don’t know, define your definition to abusing, we may not share the same one, does my third problem abuse the API, I’m I reaching some red lines, What if I create new droplets and delete many others more frequently, is there a limit, Why you don’t make it a paid service, (like if you request a new droplet more than 10 times a day you will be paying for each additional request) something like that.

I wish I get a satisfying answer, I loved DigitalOcean and the way it works, and I see a big future for it, since the community is a part of it’s decisions, I know that there is too many bad peoples trying to do bad things using your servers, I know that nor local nor international laws are fair for companies, you will always end up paying for someone else’s mistakes, I personally prefer that you ask me for any action I do, and I will tell you why, and If I don’t state a logic reason, block me out, but at least I want to be heard, I may not be able to do like some of the others who shared their problems on twitter to reach thousands of peoples to finally reach you.

Thanks for reading this long post, I can not start my project now until I get answers for what I said, whether from you (here) or from your users on the Internet.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

I definitely appreciate wanting to plan ahead and set things up with a long-term mindset from the beginning. I’ll do my best to address each of your questions below:

*Question 1:
*

The DigitalOcean Load Balancers do have a hard limit of 10,000 concurrent connections so if you foresee this becoming an issue you may want to consider setting up an HAProxy instead. I’m including some links below that you can review, and I’m happy to continue discussing any additional questions you have about this kind of setup:

https://www.digitalocean.com/community/tutorials/an-introduction-to-haproxy-and-load-balancing-concepts#high-availability

https://www.digitalocean.com/docs/networking/load-balancers/resources/performance-tips/#scale-droplets-horizontally-or-vertically

https://probablywrong.org/how-i-scaled-a-fortnite-website-for-a-sudden-peak-every-day-on-a-low-budget

*Question 2:
*

Since you are managing multiple domains, you may want to consider the ‘Bring Your Own Certificate’ option as that will allow you to use a single SAN certificate on the DigitalOcean Load Balancer. Based on your previous question regarding the concurrent connection limitations though, you might be setting up your own HAProxy environment using a floating IP address. In that case, you would configure the SAN SSL certificate directly on the Droplet(s): https://www.digitalocean.com/community/tutorials/how-to-set-up-highly-available-haproxy-servers-with-keepalived-and-floating-ips-on-ubuntu-14-04

https://www.digitalocean.com/docs/accounts/security/certificates/#bring-your-own-certificate

I believe this approach would give you more control over balancing the load as well as more options for application load balancing rather than network load balancing.

*Question 3:
*

We want you to be successful using our services, and we’re always happy to work with you. If your main concern is creating and removing Droplets on a daily basis, we want to assure you that this would not result in a ban. If you are using the API for these actions, you might run into some rate limiting issues depending on your activity. We discuss our API limits here: https://developers.digitalocean.com/documentation/v2/#rate-limit

Also, please note that you will be billed a minimum of one hour of use for each Droplet created. You will find the pricing for our Droplets here: https://www.digitalocean.com/pricing/

It’s not our intention to punish you for using our platform in unique ways, and we’ll always contact you regarding any account activity that we’re concerned about. It’s unfortunate that there are bad actors out there that want to find ways to abuse our products and use our platform for malicious purposes towards others. Because of this, we have to do our best to prevent this from happening by having security policies in place, but we will work with you first to try and understand your use-case before taking permanent action on your account. If you’d like to read our Acceptable Use Policy, you will find it here: https://www.digitalocean.com/legal/acceptable-use-policy/

For any follow-up questions, you’re welcome to continue the conversation here or open a ticket so our support team can continue discussing this further with you!

by Mitchell Anicas
An introduction to basic load balancing concepts and terminology, using HAProxy, with some examples.
  • Thank you so much for that, I will make some monthly offsite backups, but I will stick with Digital Ocean for all of my projects, now I can work because I got all of my answers, with your answer and some searches, I can say from my place, as a developer trying to make some Saas services Digital Ocean is the best place to start.

Submit an Answer