Hi everyone!
I am moving from Digital Ocean to Fly.io, but I can’t quite get my head around the right configuration to allow my Fly.io app to safely access my Digital Ocean managed postgres instances.
As you all likely know, Digital Ocean’s Managed DBs limit requests based on IP, but Fly.io instances don’t have a fixed outgoing IP address, so that’s an issue.
I’m assuming what we’d do is:
- Run a Wireguard VPN server on a Digital Ocean Droplet on the same Digital Ocean account as my databases like so
- Create a Wireguard config for that Droplet now running Wireguard
- I add the Droplet now running Wireguard to the “Trusted Sources” of my databses
- I add Wireguard to my existing app’s Docker container and include said Wireguard config like so
- I push the new image to Fly.io and boom my app is now routing all outgoing traffic through my Wireguard droplet and as a result my database connections actually work?
I’m checking all of this is correct because this thread seems to imply that something about Fly.io makes using Wireguard easier than OpenVPN (which we already have running in the Digital Ocean account for other reasons), but that’s not actually clear to me in this configuration.
It also says “it also requires more Docker shenanigans to get connected” and I’m far too serious of a person to engage in shenanigans.
@kurt also keeps linking this page in response to these types of threads, but I’m confused by that because this page is all about routing between fly resources or connecting from the outside internet… into Fly… I think?
Thank you friends I hope this makes sense <3