Light
Dark
System

Deploying EdgeDB to DigitalOcean

In this guide we show how to deploy EdgeDB to DigitalOcean either with a One-click Deploy option or a managed PostgreSQL database as the backend.

  • edgedb CLI (install)

  • DigitalOcean account

Click the button below and follow the droplet creation workflow on DigitalOcean to deploy an EdgeDB instance.

By default, the admin password is edgedbpassword; let’s change that to something more secure. First, find your droplet’s IP address on the DigitalOcean dashboard and assign it to an environment variable IP.

Copy
$ 
IP=<your-droplet-ip>

Then use the read command to securely assign a value to the PASSWORD environment variable.

Copy
$ 
echo -n "> " && read -s PASSWORD

Use these variables to change the password for the default role edgedb.

Copy
$ 
  
  
  
  
printf edgedbpassword | edgedb query \
    --host $IP \
    --password-from-stdin \
    --tls-security insecure \
    "alter role edgedb set password := '${PASSWORD}'"
OK: ALTER ROLE

Let’s construct your instance’s DSN (also known as a “connection string”). We’ll write the value to a file called dsn.txt so it doesn’t get stored in shell logs.

Copy
$ 
echo edgedb://edgedb:$PASSWORD@$IP > dsn.txt

Copy the value from dsn.txt. Run the following command to open a REPL to the new instance.

Copy
$ 
edgedb --dsn <dsn> --tls-security insecure
edgedb>

Success! You’re now connected to your remote instance.

It’s often useful to assign an alias to the remote instance using edgedb instance link.

Copy
$ 
  
  
  
  
edgedb instance link \
  --dsn <dsn> \
  --trust-tls-cert \
  --non-interactive \
  my_instance
Authenticating to edgedb://edgedb@1.2.3.4:5656/edgedb
Trusting unknown server certificate:
SHA1:1880da9527be464e2cad3bdb20dfc430a6af5727
Successfully linked to remote instance. To connect run:
  edgedb -I my_instance

You can now use the -I CLI flag to execute commands against your remote instance:

Copy
$ 
edgedb -I my_instance
edgedb>

If you already have a PostgreSQL instance you can skip this step.

Copy
$ 
  
  
  
  
  
  
  
  
DSN="$( \
    doctl databases create edgedb-postgres \
        --engine pg \
        --version 13 \
        --size db-s-1vcpu-1gb \
        --num-nodes 1 \
        --region sfo3 \
        --output json \
    | jq -r '.[0].connection.uri' )"

Replace $SSH_KEY_IDS with the ids for the ssh keys you want to ssh into the new droplet with. Separate multiple values with a comma. You can list your keys with doctl compute ssh-key list. If you don’t have any ssh keys in your DigitalOcean account you can follow this guide to add one now.

Copy
$ 
  
  
  
  
  
  
  
  
IP="$( \
    doctl compute droplet create edgedb \
        --image edgedb \
        --region sfo3 \
        --size s-2vcpu-4gb \
        --ssh-keys $SSH_KEY_IDS \
        --format PublicIPv4 \
        --no-header \
        --wait )"

Configure the backend postgres DSN. To simplify the initial deployment, let’s instruct EdgeDB to run in insecure mode (with password authentication off and an autogenerated TLS certificate). We will secure the instance once things are up and running.

Copy
$ 

printf "EDGEDB_SERVER_BACKEND_DSN=${DSN} \
\nEDGEDB_SERVER_SECURITY=insecure_dev_mode\n" \
| ssh root@$IP -T "cat > /etc/edgedb/env"
Copy
$ 
ssh root@$IP "systemctl restart edgedb.service"

Set the superuser password.

Copy
$ 
echo -n "> " && read -s PASSWORD
Copy
$ 
  
edgedb -H $IP --tls-security insecure query \
    "alter role edgedb set password := '$PASSWORD'"
OK: ALTER ROLE

Set the security policy to strict.

Copy
$ 

printf "EDGEDB_SERVER_BACKEND_DSN=${DSN} \
\nEDGEDB_SERVER_SECURITY=strict\n" \
| ssh root@$IP -T "cat > /etc/edgedb/env"
Copy
$ 
ssh root@$IP "systemctl restart edgedb.service"

To upgrade an existing EdgeDB droplet to the latest point release, ssh into your droplet and run the following.

Copy
$ 
apt-get update && apt-get install --only-upgrade edgedb-server-2
Copy
$ 
systemctl restart edgedb

That’s it! Refer to the Construct the DSN section above to connect to your instance.

Light
Dark
System