Light
Dark
System
1.0latest

Deploying EdgeDB to DigitalOcean

In this guide we show how to deploy EdgeDB to DigitalOcean either with a One-click Deploy option or a managed PostgreSQL database as the backend.

  • edgedb CLI (install)

  • DigitalOcean account

Click the button below and follow the droplet creation workflow on DigitalOcean to deploy an EdgeDB instance.

By default, the admin password is edgedbpassword; let’s change that to something more secure. First, find your droplet’s IP address on the DigitalOcean dashboard and assign it to an environment variable IP.

Copy
$ 
IP=<your-droplet-ip>

Then use the read command to securely assign a value to the PASSWORD environment variable.

Copy
$ 
echo -n "> " && read -s PASSWORD

Use these variables to change the password for the default role edgedb.

Copy
$ 
  
  
  
  
printf edgedbpassword | edgedb query \
    --host $IP \
    --password-from-stdin \
    --tls-security insecure \
    "alter role edgedb set password := '${PASSWORD}'"
OK: ALTER ROLE

You can now link and connect to the new EdgeDB instance:

Copy
$ 
  
  
  
  
  
printf $PASSWORD | edgedb instance link \
    --password-from-stdin \
    --trust-tls-cert \
    --host $IP \
    --non-interactive \
    digitalocean
Authenticating to edgedb://edgedb@your-droplet-ip:5656/edgedb
Trusting unknown server certificate
Successfully linked to remote instance. To connect run:
  edgedb -I digitalocean

You can now use the EdgeDB instance deployed on DigitalOcean as digitalocean, for example:

Copy
$ 
edgedb -I digitalocean
edgedb>

If you already have a PostgreSQL instance you can skip this step.

Copy
$ 
  
  
  
  
  
  
  
  
DSN="$( \
    doctl databases create edgedb-postgres \
        --engine pg \
        --version 13 \
        --size db-s-1vcpu-1gb \
        --num-nodes 1 \
        --region sfo3 \
        --output json \
    | jq -r '.[0].connection.uri' )"

Replace $SSH_KEY_IDS with the ids for the ssh keys you want to ssh into the new droplet with. Separate multiple values with a comma. You can list your keys with doctl compute ssh-key list. If you don’t have any ssh keys in your DigitalOcean account you can follow this guide to add one now.

Copy
$ 
  
  
  
  
  
  
  
  
IP="$( \
    doctl compute droplet create edgedb \
        --image edgedb \
        --region sfo3 \
        --size s-2vcpu-4gb \
        --ssh-keys $SSH_KEY_IDS \
        --format PublicIPv4 \
        --no-header \
        --wait )"

Configure the backend postgres DSN. To simplify the initial deployment, let’s instruct EdgeDB to run in insecure mode (with password authentication off and an autogenerated TLS certificate). We will secure the instance once things are up and running.

Copy
$ 

printf "EDGEDB_SERVER_BACKEND_DSN=${DSN} \
\nEDGEDB_SERVER_SECURITY=insecure_dev_mode\n" \
| ssh root@$IP -T "cat > /etc/edgedb/env"
Copy
$ 
ssh root@$IP "systemctl restart edgedb.service"

Set the superuser password.

Copy
$ 
echo -n "> " && read -s PASSWORD
Copy
$ 
  
edgedb -H $IP --tls-security insecure query \
    "alter role edgedb set password := '$PASSWORD'"
OK: ALTER ROLE

Set the security policy to strict.

Copy
$ 

printf "EDGEDB_SERVER_BACKEND_DSN=${DSN} \
\nEDGEDB_SERVER_SECURITY=strict\n" \
| ssh root@$IP -T "cat > /etc/edgedb/env"
Copy
$ 
ssh root@$IP "systemctl restart edgedb.service"

That’s it! You can now start using the EdgeDB instance located at edgedb://$IP.

To upgrade an existing EdgeDB droplet to the latest point release, ssh into your droplet and run the following.

Copy
$ 
apt-get update && apt-get install --only-upgrade edgedb-1
Copy
$ 
systemctl restart edgedb
Light
Dark
System