QuestDB is a high-performance, open-source SQL database for applications in financial services, IoT, machine learning, DevOps and observability. It includes endpoints for PostgreSQL wire protocol, high-throughput schema-agnostic ingestion using InfluxDB Line Protocol, and a REST API for queries, bulk imports, and exports.
Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.
In addition to creating a Droplet from the QuestDB 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB QuestDB Droplet in the SFO2 region, you can use the following curl
command. You need to either save your API access token) to an environment variable or substitute it in the command below.
curl -X POST -H 'Content-Type: application/json' \
-H 'Authorization: Bearer '$TOKEN'' -d \
'{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "questdb-20-04"}' \
"https://api.digitalocean.com/v2/droplets"
In addition to QuestDB installation, One-Click image enables the Ubuntu firewall limiting the opened ports by default to:
22
for SSH access9009
- InfluxDB line protocol (TCP and UDP)9000/tcp
- Web Console & REST API8812/tcp
- PostgreSQL wire protocol9003/tcp
- Health monitoring & Prometheus /metrics
The QuestDB Web Console is available at your_droplet_public_ipv4:9000
Once the Droplet is created, you can use DigitalOcean’s web console to start a session or you can SSH directly to the server as root:
ssh root@your_droplet_public_ipv4
The server configuration for QuestDB is located in /home/questdb/server.conf
and the following parameters may be used to further secure an instance:
http.security.readonly
http.enabled
pg.user
and pg.password
The following example server.conf
file creates new database credentials for Postgres connections and sets HTTP access to read-only:
http.security.readonly=true
pg.password=my_password
pg.user=my_user
For more information on settings, see the server configuration documentation.
It’s recommended to disable ports for protocols which are not needed. Aside from QuestDB server configuration, ufw
can be used to easily disable access for specific ports, for example to disable the Web Console and REST API access via ufw
, the following command can be run in the Droplet as root:
ufw deny 9000
It’s also recommended to use DigitalOcean firewall rules which enable public access for these protocols by whitelisted IP only.