# QuestDB

Generated on 6 Feb 2025 from [the QuestDB catalog page](https://marketplace.digitalocean.com/apps/questdb)

QuestDB is a high-performance, open-source SQL database for applications in financial services, IoT, machine learning, DevOps and observability. It includes endpoints for PostgreSQL wire protocol, high-throughput schema-agnostic ingestion using InfluxDB Line Protocol, and a REST API for queries, bulk imports, and exports.

## Software Included

*This Marketplace listing does not include a detailed software list.*

## Creating an App using the Control Panel

Click the **Deploy to DigitalOcean** button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

[![Deploy to DO](https://www.deploytodo.com/do-btn-blue.svg)](https://cloud.digitalocean.com/droplets/new?image=questdb-20-04)

## Creating an App using the API

In addition to creating a Droplet from the QuestDB 1-Click App using the control panel, you can also use the [DigitalOcean API](https://docs.digitalocean.com/reference/api). As an example, to create a 4GB QuestDB Droplet in the SFO2 region, you can use the following `curl` command. You need to either save your [API access token](https://docs.digitalocean.com/reference/api/create-personal-access-token/index.html.md) to an environment variable or substitute it in the command below.

```shell
curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image":"questdb-20-04"}' \
        "https://api.digitalocean.com/v2/droplets"
```

## Getting Started After Deploying QuestDB

In addition to QuestDB installation, One-Click image enables the [Ubuntu firewall](https://help.ubuntu.com/community/UFW) limiting the opened ports by default to:

- `22` for SSH access
- `9009` - InfluxDB line protocol (TCP and UDP)
- `9000/tcp` - Web Console &amp; REST API
- `8812/tcp` - PostgreSQL wire protocol
- `9003/tcp` - Health monitoring &amp; Prometheus `/metrics`

The QuestDB [Web Console](https://questdb.io/docs/reference/web-console) is available at `your_droplet_public_ipv4:9000`

Once the Droplet is created, you can use DigitalOcean’s web console to start a session or you can SSH directly to the server as root:

```
ssh root@your_droplet_public_ipv4
```

The server configuration for QuestDB is located in `/home/questdb/server.conf` and the following parameters may be used to further secure an instance:

- HTTP access can be set to readonly using `http.security.readonly`
- HTTP access can be **fully disabled** using `http.enabled`
- Default postgres credentials can be set using `pg.user` and `pg.password`

The following example `server.conf` file creates new database credentials for Postgres connections and sets HTTP access to read-only:

```
http.security.readonly=true
pg.password=my_password
pg.user=my_user
```

For more information on settings, see the [server configuration documentation](https://questdb.io/docs/reference/configuration).

## Using UFW and firewalls

It’s recommended to disable ports for protocols which are not needed. Aside from [QuestDB server configuration](https://questdb.io/docs/reference/configuration#keys-and-default-values), `ufw` can be used to easily disable access for specific ports, for example to disable the Web Console and REST API access via `ufw`, the following command can be run in the Droplet as root:

```
ufw deny 9000
```

It’s also recommended to use [DigitalOcean firewall rules](https://cloud.digitalocean.com/networking/firewalls) which enable public access for these protocols by whitelisted IP only.