I about to deploy a server to DO but I have a concern that I thought I should address before I do. My server will not have a domain name because I'm going to be sending HTTP requests to it from a mobile application using it's IP. My question is, is this do-able? Does DO allow sending requests to droplets using their IP/port or do I have to mess around with the firewall and opening ports etc?
Droplet's are essentially VPS's, which means they'll function however you set them up. You can setup the web server or backend (of your choice) to accept requests via IP, or you can use a domain. It just depends on what you need. There's really no limitation there :-).
In terms of using a firewall, it is recommended as the IP's are public and therefore open to the public. That means that without a firewall running and limiting what ports a visitor can connect to, they could potentially attempt to connect on any port.
Ideally, I setup ufw in the following manor:
Disable the Firewall
ufw disable
Reset the Firewall
ufw reset
Deny All Incoming Requests
ufw default deny incoming
Allow All Outgoing Requests
ufw default allow outgoing
Now, we'll only allow in a select few ports -- 22 (SSH), 80 (HTTP), and 443 (HTTPS).
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
With ufw now setup, we'll turn it on.
ufw enable
Now the only ports that anyone is allowed to connect on are 22, 80, and 443. The rest will be denied.
Thanks for this. Do I have to do this when I spin up my droplet? My server automatically listens on port 5000, so according to what to my understand from your comment, I should either allow port 5000 like 22, 80 and 443 or the server should listen on all three of your example ports (if thats even a thing)?
Setting up ufw should be done after the Droplet is deployed, yes.
When setting up the firewall, you definitely want to allow Port 22, otherwise once you turn it on, you'll be locked out and won't be able to connect to the CLI using SSH.
If you won't be accepting any connections on ports 80 and 443, you don't have to allow them through, though if you will be using port 5000, I would allow it through. You'd simply replace 80 with 5000 in the previous code.
Hi @mustard
Technically there is no difference between having requests going to a domain or not - from DigitalOcean' point. So yes, DO allows this.
But from long experience, please don't do this. If you suddenly want to move to another server or do anything where you loose the IP, then you need to create a new mobile application and push that to every device.
Use (sub)domains, that way you can modify the DNS and you won't have to redo your mobile app.
That is a valid point. However I have never used subdomains and to my knowledge, I think I'll need to buy one to make this work (unless theres a free alternative you can link me to).
Thanks!
Do you own a domain? If yes, then you can create as many sub-domains as you would like through your DNS provider of the domain - free of charge.