How to run VICIdial on DigitalOcean
DigitalOcean Droplets are a straightforward way to host VICIdial, but their firewall model, floating IPs, and thin default disk require a few deliberate choices before your dialer is production-ready.
DigitalOcean is a developer-friendly cloud with a clean control panel and predictable pricing, which makes it an appealing choice for running a VICIdial dialer. The platform is straightforward, but a few defaults — thin root disk, a firewall that blocks everything unless you add rules, and floating IP behavior — will trip you up if you do not plan for them.
This guide walks through Droplet sizing, firewall configuration, IP addressing for Asterisk, disk planning for recordings, and what the self-install path actually looks like. For the full cloud-hosting context, start with running VICIdial in the cloud.
Picking a Droplet size
VICIdial is CPU-light during normal dialing but MySQL-heavy. For a small center with up to 20 concurrent calls (Concurrent calls, the total number of active voice channels at one time), a General Purpose Droplet with 4 vCPUs and 8 GB RAM is a reasonable floor. The General Purpose line gives balanced CPU and memory without paying for the CPU-Optimized premium you only need if you run heavy transcoding.
For 30-60 agents running predictive dialing (Predictive dialing, the algorithm that dials multiple numbers ahead of available agents to keep idle time near zero), step up to 8 vCPUs and 16 GB. Beyond that, VICIdial's single-server architecture starts to saturate; you are better off splitting the database to a managed PostgreSQL or a separate MySQL Droplet than adding more RAM to one box.
Cloud Firewall: open SIP and the RTP range
DigitalOcean's Cloud Firewall is applied at the network edge, before packets reach your Droplet. By default it blocks all inbound traffic. You need explicit inbound rules for SIP (SIP (Session Initiation Protocol), the protocol that sets up and tears down calls) and for the RTP port range (RTP, the UDP stream that carries actual voice audio).
# DigitalOcean Cloud Firewall inbound rules (set via control panel or doctl):
# TCP/UDP 5060 All IPv4/IPv6 (SIP)
# UDP 10000-20000 All IPv4/IPv6 (RTP media)
# TCP 443 All IPv4/IPv6 (HTTPS)
# TCP 22 Your IP only (SSH)
# TCP 443,8088 All IPv4/IPv6 (Asterisk HTTP/WS optional)
# Also run ufw on the Droplet itself:
ufw allow 5060
ufw allow 10000:20000/udpsequenceDiagram
participant C as Carrier
participant FW as DO Cloud Firewall
participant A as Asterisk on Droplet
participant AG as Agent Browser
C->>FW: SIP INVITE port 5060
FW->>A: allowed - forward
A->>C: 200 OK
C->>FW: RTP UDP 10000-20000
FW->>A: allowed - forward
A->>AG: audio stream via WebRTCIP addressing and NAT
Every Droplet gets a direct public IPv4. There is no NAT between the Droplet and the internet, which simplifies Asterisk configuration. Set nat=no in your SIP peer config or rely on PJSIP's direct media mode. NAT traversal (NAT traversal, the technique for rewriting SDP contact addresses so audio flows correctly through address translation) is only needed if you place a Droplet behind a private VPC without a public IP.
DigitalOcean Floating IPs (now called Reserved IPs) let you reassign a fixed public address to a different Droplet without changing your carrier registration. If you plan to rebuild the server and keep the same IP for your trunk, attach a Reserved IP from the start. Your SIP trunk (SIP trunk, the authenticated channel between your Asterisk box and your carrier) should be registered to the Reserved IP, not the ephemeral Droplet IP.
Recordings and block storage
Call recordings (Call recording) grow steadily. DigitalOcean Droplets ship with a root SSD that is not expandable without resizing the whole Droplet. Attach a Volumes block storage device at provisioning time — it survives Droplet rebuilds and can be expanded later without downtime. Mount it at /var/spool/asterisk/monitor where VICIdial writes recordings. For long-term archiving, DigitalOcean Spaces (S3-compatible) is a cheap destination for a nightly rclone sync.
Also see choosing cloud disk for VICIdial recordings for a comparison of volume types and sizing math.
Self-install or managed
There is no one-click VICIdial Droplet in the DigitalOcean Marketplace. You pick Ubuntu 22.04, run the VICIdial installer by hand, configure Asterisk, set up your dialplan (Dialplan, the routing logic that decides where each call goes inside Asterisk), and tune MySQL. Plan for a half-day of hands-on work before you are dialing.
If you want a production-ready dialer without the install work, VICIfast managed plans deliver a fully configured VICIdial server in under 40 seconds. You supply the carrier and your lead list; the box arrives ready to dial.
About VICIfast LLC
VICIfast LLC operates a managed VICIdial hosting + BYOI service for outbound and inbound call centers. We run the dialers, the carriers, the recordings pipeline, and the compliance plumbing so operators don’t have to.
Citing this article
VICIfast Engineering. “How to run VICIdial on DigitalOcean”. VICIfast LLC, June 29, 2026. Retrieved from https://vicifast.com/blog/vicidial-on-digitalocean
Have questions?
Related posts
You might be interested in
VICIfast newsletter
Liked this? Get the next one in your inbox.
We ship the kind of stuff you just read — concrete, numbers-first, no drip. One email when a new post goes live. Unsubscribe in one click.
Comments
No comments yet — be the first.