Set up a droplet only accessible by VPN
I have the following topology that I'd like to set up:
WebServer - publicly accessible
AppServer - publicly accessible
Database - Only accessible if VPN'd in
I would like to set up a droplet for a database such that it is not accessible from the open web, but I would be able to VPN into that droplet and access it that way. However, I would like AppServers (only) to be able to connect to the Database so that they can retrieve data.