Question

Setting up a database server on another droplet in VPC

Hi. I am currently running database and web server on single droplet, but because of site traffic increase, I am planning to put database on separate droplet with enough RAM, but there are some questions:

  1. I want my database server to be secured and accessed only by my application (web) servers. Is VPC (Private Networking) correct solution to this?

  2. Is it possible to remove public IP from database server, and make it isolated from outer network? If yes, then how can it be setup and administrated via ssh (because, well, ssh connection will be also blocked)?

  3. What IP my application/client should use to connect to database server, if they both will be added to VPC network?

  4. In general, are these steps correct for balancing the load and securing a database on other droplet?

Thanks in advance for any help regarding these questions.

P.S. If that helps, I am running Ubuntu / Node.js / Nginx / MongoDB.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSysMay 4, 2020
Accepted Answer

Hi @xrjMaker,

It’s totally possible what you are aiming for and I believe if the traffic to your application is huge that it’s a step in the right direction!

Let’s start with your questions.

  1. Private Networking is a really good solution and you’ve correctly decided to turn your attention to it. For more information you can check the docs here -> https://www.digitalocean.com/docs/networking/vpc/ . Additionally, if you don’t want to use the Private Network product, you can achieve everything with a few Firewall rules.

  2. It’s not possible to remove the public IP of your Droplet however if you are going to use it for an SQL instance only, closing all ports to the public should be enough of a security.

  3. There are two possibilities, the first one is using the public IP of your SQL droplet to connect to it. For that to work,you’ll need to allow access from the SQL droplet to the Droplet where your application is being held. The second option would be if you are using Private Networking to use the internal IP addresses you’ll be granted.

  4. I’ve actually stated it at the beginning but yes. Separating your SQL and Application to different droplets does help balancing the load.

Regards, KDSys