In this guide we show how to deploy EdgeDB to DigitalOcean either with a One-click Deploy option or a managed PostgreSQL database as the backend.
edgedb
CLI (install)
DigitalOcean account
Click the button below and follow the droplet creation workflow on DigitalOcean to deploy an EdgeDB instance.
By default, the admin password is edgedbpassword
; let’s change that to
something more secure. First, find your droplet’s IP address on the
DigitalOcean dashboard and assign
it to an environment variable IP
.
$
IP=<your-droplet-ip>
Then use the read
command to securely assign a value to the PASSWORD
environment variable.
$
echo -n "> " && read -s PASSWORD
Use these variables to change the password for the default role edgedb
.
$
printf edgedbpassword | edgedb query \
--host $IP \
--password-from-stdin \
--tls-security insecure \
"alter role edgedb set password := '${PASSWORD}'"
OK: ALTER ROLE
You can now link and connect to the new EdgeDB instance:
$
printf $PASSWORD | edgedb instance link \
--password-from-stdin \
--trust-tls-cert \
--host $IP \
--non-interactive \
digitalocean
Authenticating to edgedb://edgedb@your-droplet-ip:5656/edgedb Trusting unknown server certificate Successfully linked to remote instance. To connect run: edgedb -I digitalocean
You can now use the EdgeDB instance deployed on DigitalOcean as
digitalocean
, for example:
$
edgedb -I digitalocean
edgedb>
If you already have a PostgreSQL instance you can skip this step.
$
DSN="$( \
doctl databases create edgedb-postgres \
--engine pg \
--version 13 \
--size db-s-1vcpu-1gb \
--num-nodes 1 \
--region sfo3 \
--output json \
| jq -r '.[0].connection.uri' )"
Replace $SSH_KEY_IDS
with the ids for the ssh keys you want to ssh into the
new droplet with. Separate multiple values with a comma. You can list your
keys with doctl compute ssh-key list
. If you don’t have any ssh keys in
your DigitalOcean account you can follow this guide to
add one now.
$
IP="$( \
doctl compute droplet create edgedb \
--image edgedb \
--region sfo3 \
--size s-2vcpu-4gb \
--ssh-keys $SSH_KEY_IDS \
--format PublicIPv4 \
--no-header \
--wait )"
Configure the backend postgres DSN. To simplify the initial deployment, let’s instruct EdgeDB to run in insecure mode (with password authentication off and an autogenerated TLS certificate). We will secure the instance once things are up and running.
$
printf "EDGEDB_SERVER_BACKEND_DSN=${DSN} \
\nEDGEDB_SERVER_SECURITY=insecure_dev_mode\n" \
| ssh root@$IP -T "cat > /etc/edgedb/env"
$
ssh root@$IP "systemctl restart edgedb.service"
Set the superuser password.
$
echo -n "> " && read -s PASSWORD
$
edgedb -H $IP --tls-security insecure query \
"alter role edgedb set password := '$PASSWORD'"
OK: ALTER ROLE
Set the security policy to strict.
$
printf "EDGEDB_SERVER_BACKEND_DSN=${DSN} \
\nEDGEDB_SERVER_SECURITY=strict\n" \
| ssh root@$IP -T "cat > /etc/edgedb/env"
$
ssh root@$IP "systemctl restart edgedb.service"
That’s it! You can now start using the EdgeDB instance located at
edgedb://$IP
.
To access the EdgeDB instance you’ve just provisioned on DigitalOcean from your local machine run the following command.
$
printf $PASSWORD | edgedb instance link \
--password-from-stdin \
--trust-tls-cert \
--host $IP \
--non-interactive \
digitalocean
Authenticating to edgedb://edgedb@137.184.227.94:5656/edgedb Trusting unknown server certificate: SHA1:1880da9527be464e2cad3bdb20dfc430a6af5727 Successfully linked to remote instance. To connect run: edgedb -I digitalocean
You can now use the EdgeDB instance deployed on DigitalOcean as
digitalocean
, for example:
$
edgedb -I digitalocean
edgedb>