DigitalOcean

Report this

What is the reason for this report?
Question

Django App & PostgreSQL Database Connectivity Between Two Droplets

Posted on December 9, 2025
DigitalOcean Managed PostgreSQL Database
DigitalOcean Droplets
Django
4ae272398ee6445a9bf73f4cd632b5

By 4ae272398ee6445a9bf73f4cd632b5

Dear DigitalOcean Support Team,

I am planning to set up two separate droplets on DigitalOcean and need guidance on connecting them securely:

  1. Droplet 1: Django application
  2. Droplet 2: PostgreSQL database

I want the Django app to connect to the PostgreSQL database on the other droplet. Could you please provide guidance or best practices on:

  • Configuring PostgreSQL for remote access between droplets
  • Firewall and security recommendations
  • Any DigitalOcean-specific settings to allow smooth and secure connectivity

I would appreciate any sample configurations or documentation links that can help me set this up efficiently.

Thank you for your support.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
KFSys
KFSys
December 10, 2025

Heya,

Here is a guide on how to achieve that, hope it helps!

1. Use DigitalOcean VPC (Virtual Private Cloud)

The most secure approach is to place both droplets in the same VPC with private networking:

  • When creating your droplets, select the same VPC
  • Each droplet gets a private IP address (10.x.x.x range)
  • Traffic between droplets stays within DigitalOcean’s private network
  • Never expose PostgreSQL to the public internet

2. PostgreSQL Configuration

On your PostgreSQL droplet, edit the configuration files:

/etc/postgresql/[version]/main/postgresql.conf:

# Listen on private IP only (not 0.0.0.0)
listen_addresses = 'localhost,10.x.x.x'  # Replace with your DB droplet's private IP

/etc/postgresql/[version]/main/pg_hba.conf:

# Allow Django droplet's private IP to connect
host    all    all    10.x.x.x/32    scram-sha-256  # Replace with Django droplet's private IP

Restart PostgreSQL:

sudo systemctl restart postgresql

3. Firewall Configuration

Option A: DigitalOcean Cloud Firewall (Recommended)

  • Create a Cloud Firewall in the DigitalOcean control panel
  • Attach it to your PostgreSQL droplet
  • Add inbound rule:
    • Type: PostgreSQL (or Custom TCP)
    • Protocol: TCP
    • Port: 5432
    • Sources: Select your Django droplet (by tag or specific droplet)

Option B: UFW (Ubuntu Firewall) On the PostgreSQL droplet:

sudo ufw allow from 10.x.x.x to any port 5432  # Django droplet's private IP
sudo ufw enable

4. Django Database Configuration

In your Django settings.py:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'your_database_name',
        'USER': 'your_db_user',
        'PASSWORD': 'strong_password',
        'HOST': '10.x.x.x',  # PostgreSQL droplet's PRIVATE IP
        'PORT': '5432',
    }
}

5. Security Best Practices

DO:

  • Use strong passwords or certificate-based authentication
  • Create a dedicated database user for Django (not postgres superuser)
  • Use SSL/TLS for connections (configure sslmode='require' in Django settings)
  • Keep PostgreSQL updated with security patches
  • Use environment variables for credentials (python-decouple or django-environ)
  • Enable automatic backups on the PostgreSQL droplet

DON’T:

  • Expose PostgreSQL to 0.0.0.0 (public internet)
  • Use default passwords
  • Grant unnecessary privileges to the Django database user

For encrypted connections, configure PostgreSQL SSL:

# postgresql.conf
ssl = on
ssl_cert_file = '/path/to/server.crt'
ssl_key_file = '/path/to/server.key'

Update Django settings:

'OPTIONS': {
    'sslmode': 'require',
}

7. Testing the Connection

From your Django droplet, test connectivity:

# Install PostgreSQL client
sudo apt-get install postgresql-client

# Test connection using private IP
psql -h 10.x.x.x -U your_db_user -d your_database_name

Helpful DigitalOcean Documentation

0
alexdo
alexdo
December 11, 2025

Heya, @4ae272398ee6445a9bf73f4cd632b5

You can put both droplets (Django app and PostgreSQL) in the same VPC and region. Then use the PostgreSQL droplet’s private VPC IP as HOST in your Django DATABASES settings. On the PostgreSQL server, allow connections only on that private IP and open port 5432 only to the app droplet (via Cloud Firewall and/or UFW).

That way, all DB traffic stays on the private VPC network (never touches the public internet), and only your Django droplet can reach the database.

Regards

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.