VPC, Gateway, Debian 10, Best Practices and other related questions.

Since the release of VPCs in DigitalOcean I’ve been considering changing my current setup to use VPCs.

The idea is to set up a Gateway for all internal/backend services and leave webapps droplets their public facing IP as they currently are. This has brought me to few questions, and challenges, that I thought of asking first before going too deep through the rabbit hole.

I’m considering using FreeBSD and install pfSense to act as gateway? Would I get any performance/feature worth the effort to do this as opposed to have a CentOS/Debian droplet do the work?

I’d like to have a FreeIPA server for internal DNS, in addition to a possibly pi-hole droplet for DHCP (or even with pfSense) and also DNS. Is it possible to disable, or change config, for DHCP/DNS at the VPC level from /etc/network/interfaces.d/50-cloud-init.cfg at all?

Talking about /etc/network/interfaces.d/50-cloud-init.cfg in Debian 10. I don’t seem to be able to make a droplet in the back end have the gateway changed upon reboots. And whatever change I do in the file I get connection refused afterwards. With Ubuntu or CentOS is fine, but different files are used in these.

If I decided to have a single point of entry to my VPC (for all services), what is best practice? Having something like Caddy/Traefik in the gateway instance or putting it behind and let this one re-distribute?

Sorry for so many questions and thanks!

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

hello, how did you resolve this? im planning on doing the same.

one gateway and multiple droplets (crm, erp etc) behind the gateway on the same vpc.

not sure what os to use on the gateway, i want full access control, filter acces by server, by ip, by domain, by schedule etc.

i want full control of who access my servers.

i was also thinking of pfsense, but not sure if its the best option.

can you elaborate on your solution?