# Enable External Access to a PostgreSQL Database ## Overview This tutorial shows how to use a [Network Load Balancer (NLB)](https://docs.ionos.com/cloud/network-services/network-load-balancer) to access a PostgreSQL database hosted in a private LAN within the IONOS Cloud. The database instances are connected to a private LAN; hence, NLB acts as a reverse proxy, forwarding traffic from a public IP address to the private IP address of the database. This setup lets you connect using your existing tools and workflows from outside the IONOS Cloud environment. The tutorial demonstrates the use of the following: | **Component** | **Description** | | ------------------------- | ---------------------------------------------------------------------------------------------------- | | Virtual Data Center (VDC) | Provides an isolated cloud environment to deploy the PostgreSQL database. | | PostgreSQL Database | The database instance is running privately and is accessible only within the VDC's internal network. | | NLB | Acts as a reverse proxy to route traffic from a public IP address to the private database. | ## Target audience This tutorial is intended to help both developers and technical decision-makers. ## What you will learn By following this tutorial, you will learn how to: * Configure a Network Load Balancer (NLB) for external PostgreSQL access in IONOS Cloud. * Assign and reserve public IP addresses for secure connectivity. * Set up forwarding rules to route traffic from public to private database IPs. * Add and configure targets for the NLB to connect to your PostgreSQL instance. * Verify external connectivity to your managed PostgreSQL database. ## Before you begin ### Necessary configurations To enable secure external access to a PostgreSQL database in the IONOS Cloud using an NLB, ensure you have the following configuration values: | **Component** | **Value (Example)** | **Purpose** | | ------------------------- | ----------------------------------- | -------------------------------------------------------------------------- | | **Public Listener IP** | `85.x.x.x` | Public IP address assigned to the NLB. | | **Listener Port** | `5432` | Port exposed on the NLB for PostgreSQL access. | | **Target Private IP** | `10.7.226.4` | Internal IP address of the PostgreSQL database. | | **Target Port** | `5432` | Port on which the database listens. | | **Protocol** | `TCP` | Network protocol used by PostgreSQL. | | **LAN (Database Subnet)** | `LAN 1` | Private LAN where the database is hosted. | | **NLB LANs** | `LAN 3` (Public), `LAN 2` (Private) | LANs connected to the NLB—one for public access, one for internal routing. | {% hint style="info" %} **Note:** In this setup, we assume you already have a VDC in the IONOS Cloud with a PostgreSQL database connected to a private LAN. {% endhint %} ### Reserve IP Addresses {% hint style="info" %} **Prerequisite:** Before proceeding, ensure you have a free public IP address. This address will be assigned to the NLB, so it can receive external traffic. For more information, see [Reserve an IPv4 Address](https://docs.ionos.com/cloud/network-services/vdc-networking/how-tos/ip-addresses). {% endhint %} ## Cost considerations The following resources outlined in this tutorial are billable and will incur costs when used: * **Managed Network Load Balancer (NLB):** Charges depend on how many NLBs you provision. The outbound traffic from the NLB to external destinations is also billed per gigabyte. * **Public IP address:** Each reserved public IPv4 address has a fixed monthly charge, regardless of whether it is currently attached to a resource. * **PostgreSQL database:** Charges are determined by the selected instance size (vCPU and RAM), the amount of storage allocated, and the backup retention period. * **Virtual Data Center (VDC):** Certain VDC resources, such as LANs and network configuration components, may result in additional charges. To set up cost alerts and estimate costs based on your traffic, see [Cost Alert](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/usage/cost-alert) and [Cost & Usage](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/usage/cost-and-usage). ## Procedure The configuration enables the NLB to forward external PostgreSQL traffic to your private database instance. The execution process is divided into the following steps: {% stepper %} {% step %} #### Create an NLB To create a Network Load Balancer that acts as a reverse proxy to connect to your PostgreSQL database, follow these steps: 1\. In the **DCD**, open the data center where your PostgreSQL is already deployed. 2\. Drag the **Network Load Balancer** element into the workspace. 3\. In the **Settings** tab, configure the following: * **Primary IPv4:** Assign the public IP address reserved earlier to enable external access. ![Network Load Balancer settings](https://3040852435-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEpuEvuLJIyhyeRGhmrv1%2Fuploads%2Fgit-blob-ffa4808116caee95076a9a566477b4956cba1434%2Fpostgres-network-load-balancer-settings.png?alt=media) 4\. In the **Forwarding rules** tab, create a rule by providing the following information: * **Name:** A name for your forwarding rule. * **Algorithm:** `Round Robin`. * **Protocol:** `TCP`. * **Listener IP:** The public IP address. * **Listener Port:** `5432`. 5\. Select **Create** to create the forwarding rule. {% hint style="success" %} **Expected result:** A forwarding rule is successfully created. {% endhint %} ![Network Load Balancer forwarding rule settings](https://3040852435-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEpuEvuLJIyhyeRGhmrv1%2Fuploads%2Fgit-blob-e6c93b06cc6790037c34cb7a7c8e37e5a60d2328%2Fpostgres-network-load-balancer-forwarding-rule-settings.png?alt=media) {% endstep %} {% step %} #### Configure Target 1\. Select **Add target** to add targets for your forwarding rule and provide the following information: * **Target IP:** Internal IP address of the PostgreSQL database. * **Target Port:** `5432`. * **Weight:** `1`. * **Proxy Protocol:** `none`. 2\. Select **Add Target** to create the new target. {% hint style="success" %} **Expected result:** A target is successfully created for your forwarding rule. {% endhint %} ![Network Load Balancer Add target Settings](https://3040852435-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEpuEvuLJIyhyeRGhmrv1%2Fuploads%2Fgit-blob-31c6d78dc738b09b3ae52a6901c2b7960d096b42%2Fpostgres-network-load-balancer-add-target-settings.png?alt=media) {% endstep %} {% step %} #### Provision your changes {% endstep %} {% endstepper %} ### Final result The NLB has been successfully created. You can now access the PostgreSQL instance through the public IP address attached to the load balancer. ## Verify connectivity To confirm that the external connection to your PostgreSQL database is working, use a terminal or PostgreSQL client from your local system: ```bash nc -vz <85.x.x.x> 5432 ``` Replace the following: * `<85.x.x.x>` with your public IP. {% hint style="success" %} **Result:** You see the database is accepting connections. {% endhint %} ```bash Connection to 85.x.x.x 5432 port [tcp/postgresql] succeeded! ``` ## Conclusion You have successfully configured secure external access to a Managed PostgreSQL database hosted in the IONOS Cloud by using an NLB. The NLB acts as a reverse proxy, forwarding traffic from a public IP address to the private database located in your VDC.