I have a multi-tier architecture where my Rails web app and Nginx is on one server (that can be replicated and load-balanced if need be) and the Postgres database is on its own VPS in the same data centre.
Is there a common way to secure connections between the app and database in this setup so data isn't transmitted in plaintext?
An option I've considered is using an SSH tunnel but I'm not sure if that's a standard practice in a production setup.
You can use SSH tunnel or SSL certificates to secure remote PostgreSQL instance.
I suggest you to use SSH tunnel, because it will work for non-SSL-capable PostgreSQL clients and later you can use it for other services.
Links: