Deploying EdgeDB to DigitalOcean
In this guide we show how to deploy EdgeDB to DigitalOcean either with a One-click Deploy option or a managed PostgreSQL database as the backend.
One-click Deploy
Prerequisites
-
edgedbCLI (install) -
DigitalOcean account
Click the button below and follow the droplet creation workflow on DigitalOcean to deploy an EdgeDB instance.
By default, the admin password is edgedbpassword; let’s change that to
something more secure. First, find your droplet’s IP address on the
DigitalOcean dashboard and assign
it to an environment variable IP.
$
IP=<your-droplet-ip>Then use the read command to securely assign a value to the PASSWORD
environment variable.
$
echo -n "> " && read -s PASSWORDUse these variables to change the password for the default role edgedb.
$
printf edgedbpassword | edgedb query \
--host $IP \
--password-from-stdin \
--tls-security insecure \
"alter role edgedb set password := '${PASSWORD}'"OK: ALTER ROLE
Construct the DSN
Let’s construct your instance’s DSN (also known as a “connection string”).
We’ll write the value to a file called dsn.txt so it doesn’t get stored in
shell logs.
$
echo edgedb://edgedb:$PASSWORD@$IP > dsn.txtCopy the value from dsn.txt. Run the following command to open a REPL
to the new instance.
$
edgedb --dsn <dsn> --tls-security insecureedgedb>
Success! You’re now connected to your remote instance.
It’s often useful to assign an alias to the remote instance using edgedb
instance link.
$
edgedb instance link \
--dsn <dsn> \
--trust-tls-cert \
--non-interactive \
my_instanceAuthenticating to edgedb://edgedb@1.2.3.4:5656/edgedb Trusting unknown server certificate: SHA1:1880da9527be464e2cad3bdb20dfc430a6af5727 Successfully linked to remote instance. To connect run: edgedb -I my_instance
You can now use the -I CLI flag to execute commands against your remote
instance:
$
edgedb -I my_instanceedgedb>
Deploy with Managed PostgreSQL
Create a managed PostgreSQL instance
If you already have a PostgreSQL instance you can skip this step.
$
DSN="$( \
doctl databases create edgedb-postgres \
--engine pg \
--version 13 \
--size db-s-1vcpu-1gb \
--num-nodes 1 \
--region sfo3 \
--output json \
| jq -r '.[0].connection.uri' )"Provision a droplet
Replace $SSH_KEY_IDS with the ids for the ssh keys you want to ssh into the
new droplet with. Separate multiple values with a comma. You can list your
keys with doctl compute ssh-key list. If you don’t have any ssh keys in
your DigitalOcean account you can follow this guide to
add one now.
$
IP="$( \
doctl compute droplet create edgedb \
--image edgedb \
--region sfo3 \
--size s-2vcpu-4gb \
--ssh-keys $SSH_KEY_IDS \
--format PublicIPv4 \
--no-header \
--wait )"Configure the backend postgres DSN. To simplify the initial deployment, let’s instruct EdgeDB to run in insecure mode (with password authentication off and an autogenerated TLS certificate). We will secure the instance once things are up and running.
$
printf "EDGEDB_SERVER_BACKEND_DSN=${DSN} \
\nEDGEDB_SERVER_SECURITY=insecure_dev_mode\n" \
| ssh root@$IP -T "cat > /etc/edgedb/env"$
ssh root@$IP "systemctl restart edgedb.service"Set the superuser password.
$
echo -n "> " && read -s PASSWORD$
edgedb -H $IP --tls-security insecure query \
"alter role edgedb set password := '$PASSWORD'"OK: ALTER ROLE
Set the security policy to strict.
$
printf "EDGEDB_SERVER_BACKEND_DSN=${DSN} \
\nEDGEDB_SERVER_SECURITY=strict\n" \
| ssh root@$IP -T "cat > /etc/edgedb/env"$
ssh root@$IP "systemctl restart edgedb.service"To upgrade an existing EdgeDB droplet to the latest point release, ssh
into your droplet and run the following.
$
apt-get update && apt-get install --only-upgrade edgedb-server-2$
systemctl restart edgedbThat’s it! Refer to the Construct the DSN section above to connect to your instance.
