Question
Static IPs, whitelisting
- Posted on November 23, 2020
- DigitalOcean App Platform
Asked by Manuel Meurer
Right now I’m using firewall rules on my AWS RDS db and external Redis db to only allow incoming connections from my droplets. Switching to the App Platform, how can this be handled? Since there doesn’t seem to be an option to assign a static IP (or a set of IPs) to the containers that are spun up, I would have to update the list of allowed IPs each time in an after deploy job I guess? Is that the recommended approach? If so, how can I access the container’s IP in the job? I don’t see a env var for this…
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hi there,
Quick update here, you can now add dedicated egress IP addresses to your apps on App Platform. Dedicated egress IP addresses allow your app to connect to resources outside of DigitalOcean using a publicly available static IP address.
Dedicated egress IP addresses are a paid feature that allows your app to connect to resources outside of DigitalOcean using a static IP address and allow you to restrict external resources to receive only outgoing traffic from your app. Dedicated egress IP addresses persist through redeployments but are removed from the app if you disable the feature or the app is destroyed.
You can add a dedicated egress IPs to your app after you deploy the app. To do so, in the DigitalOcean Control Panel, go to the Apps page and click your app. Click the Settings tab, scroll to the Dedicated Egress IP Addresses section, and then click the Edit button beside the section.
In the Edit menu, click the Add Dedicated Egress IP button. This assigns two IP addresses to your app and triggers a redeployment.
To remove a dedicated egress IP address, in the same Edit menu, click Release Dedicated Egress IPs. This removes the IP addresses from the app and triggers a redeployment. Once IP addresses have been released, the same addresses cannot be re-added to the app.
Hope that this helps!
Best,
Bobby
App Platform apps do not have a static-IPs. We’ve heard requests for static IPs as an add-on feature and are considering it. In the mean time, we recommend using TLS encryption and strong authentication to secure connections to external resources.
Facing the same issue. I need to redirect the non-www to www domain using the App platform of digital ocean. I had to migrate because of this reason of static Ip’s. Can DO team share when it will be published for end-users?