QuestDB

QuestDB is a high-performance, open-source SQL database for applications in financial services, IoT, machine learning, DevOps and observability. It includes endpoints for PostgreSQL wire protocol, high-throughput schema-agnostic ingestion using InfluxDB Line Protocol, and a REST API for queries, bulk imports, and exports.

Creating an App using the Control Panel

Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

Deploy to DO

Creating an App using the API

In addition to creating a Droplet from the QuestDB 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB QuestDB Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token) to an environment variable or substitute it in the command below.

curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "questdb-20-04"}' \
        "https://api.digitalocean.com/v2/droplets"

Getting Started After Deploying QuestDB

In addition to QuestDB installation, One-Click image enables the Ubuntu firewall limiting the opened ports by default to:

  • 22 for SSH access
  • 9009 - InfluxDB line protocol (TCP and UDP)
  • 9000/tcp - Web Console & REST API
  • 8812/tcp - PostgreSQL wire protocol
  • 9003/tcp - Health monitoring & Prometheus /metrics

The QuestDB Web Console is available at your_droplet_public_ipv4:9000

Once the Droplet is created, you can use DigitalOcean’s web console to start a session or you can SSH directly to the server as root:

ssh root@your_droplet_public_ipv4

The server configuration for QuestDB is located in /home/questdb/server.conf and the following parameters may be used to further secure an instance:

  • HTTP access can be set to readonly using http.security.readonly
  • HTTP access can be fully disabled using http.enabled
  • Default postgres credentials can be set using pg.user and pg.password

The following example server.conf file creates new database credentials for Postgres connections and sets HTTP access to read-only:

http.security.readonly=true
pg.password=my_password
pg.user=my_user

For more information on settings, see the server configuration documentation.

Using UFW and firewalls

It’s recommended to disable ports for protocols which are not needed. Aside from QuestDB server configuration, ufw can be used to easily disable access for specific ports, for example to disable the Web Console and REST API access via ufw, the following command can be run in the Droplet as root:

ufw deny 9000

It’s also recommended to use DigitalOcean firewall rules which enable public access for these protocols by whitelisted IP only.