Only the issue you might be running into is that you can whitelist the Fly-provided IP for incoming connections (to the Fly network, on to the VM). Since that is fixed and you know what it is. So that’s fine for (a).
However you can’t get a fixed outgoing IP from Fly. If your setup is (b). You can’t fix the IP the request will come from. You could grab the current one that happens to be used. But that is subject to change so I wouldn’t want to rely on that for production (I assume if you have a dev environment using that approach that’s not so much of a problem as that wouldn’t matter if the IP did change).
Ah. It would seem not then. Since if your DO server has a firewall that only allows incoming connections from known IPs (e.g 184.108.40.206 is allowed to access port 1234) … you can’t guarantee the IP your Fly VM will use to connect to DO.
You could maybe check this thread for any ideas but I guess it would involve some kind of additional peer/proxy/complexity: