Siddharth Singh on Nostr: > if changing the access port for the server makes it more secure, could the database ...
> if changing the access port for the server makes it more secure, could the database port be customized too? would it improve security or could it block some connections?
Well, changing the port does improve security, but only marginally in my opinion. It's better to do the other things you did, like disabling root and password login (in the case of ssh) or setting up a firewall.
> Since the program, the user, and the database are all named ditto, I had a hard time distinguishing them to learn more about the commands in this process.
Yeah, it does get super confusing. I like to call the db `postgres` (if it's a server only being used for one thing) or `dittodb` to help a tiny bit.
Moving on to your notes on `deno task setup`:
> Is the 4036 an independent port, like the database port, or should it be the custom port used to access the server?
The 4036 is the default port Ditto listens on. You can configure it by setting the PORT environment variable in the .env file.
> Should the IP be left as is, or exchanged for the server's IP?
It shouldn't be an IP at all -- it should be the _external_-facing address from which you want to access your instance. For example, if you were hosting it on ditto.freedomweaver.tech then you should enter `https://ditto.freedomweaver.tech`. The port number should be left out unless you are listening on some nonstandard port.
> I left it as localhost, but since it is a VPS I don't know if I need to try * or something else , nor where to modify it after leaving it as is.
This is fine.
> If I enter a real password here, it shows in plain text, so I don't know if that's what it's requesting. I am guessing it is the name of the user that we need to enter (ditto). Is it?
That was an oversight in our setup code, thanks for pointing it out! It'll be fixed in the next release of Ditto.
> I'm guessing there should only be one database listed above, and that ditto should point to it in a database config file somewhere.
It doesn't matter if there are multiple, Ditto only uses the one you enter when it asks you "Postgres database [ditto]:" during setup.
> I entered the existing ditto user password, should it have been a password for a second ditto user?
`createuser` handles _Postgres_ user creation -- different from the `UNIX` user ditto you created earlier. You can use the same or different passwords, it does not matter. Just be sure to use this same password when Ditto asks you for the postgres password in `deno task setup`.
> Unsure on this one, as the docs point out to use a previously entered password, so it could be the one for the second ditto user, or maybe it is to fill in the database password where I just left the word ditto previously. Or perhaps the second ditto user and the database password are the same. I added what I'd like the database password to be.
The `ALTER USER WITH PASSWORD` statement updates the password the db will accept when you try to connect as the ditto user. If you make this change you have to update the DATABASE_URL string in your ditto .env file.
> chose to redirect all traffic to https, not sure if all traffic to ditto arrives so
This is the correct thing to do.
Hope this clears up your doubts!
Well, changing the port does improve security, but only marginally in my opinion. It's better to do the other things you did, like disabling root and password login (in the case of ssh) or setting up a firewall.
> Since the program, the user, and the database are all named ditto, I had a hard time distinguishing them to learn more about the commands in this process.
Yeah, it does get super confusing. I like to call the db `postgres` (if it's a server only being used for one thing) or `dittodb` to help a tiny bit.
Moving on to your notes on `deno task setup`:
> Is the 4036 an independent port, like the database port, or should it be the custom port used to access the server?
The 4036 is the default port Ditto listens on. You can configure it by setting the PORT environment variable in the .env file.
> Should the IP be left as is, or exchanged for the server's IP?
It shouldn't be an IP at all -- it should be the _external_-facing address from which you want to access your instance. For example, if you were hosting it on ditto.freedomweaver.tech then you should enter `https://ditto.freedomweaver.tech`. The port number should be left out unless you are listening on some nonstandard port.
> I left it as localhost, but since it is a VPS I don't know if I need to try * or something else , nor where to modify it after leaving it as is.
This is fine.
> If I enter a real password here, it shows in plain text, so I don't know if that's what it's requesting. I am guessing it is the name of the user that we need to enter (ditto). Is it?
That was an oversight in our setup code, thanks for pointing it out! It'll be fixed in the next release of Ditto.
> I'm guessing there should only be one database listed above, and that ditto should point to it in a database config file somewhere.
It doesn't matter if there are multiple, Ditto only uses the one you enter when it asks you "Postgres database [ditto]:" during setup.
> I entered the existing ditto user password, should it have been a password for a second ditto user?
`createuser` handles _Postgres_ user creation -- different from the `UNIX` user ditto you created earlier. You can use the same or different passwords, it does not matter. Just be sure to use this same password when Ditto asks you for the postgres password in `deno task setup`.
> Unsure on this one, as the docs point out to use a previously entered password, so it could be the one for the second ditto user, or maybe it is to fill in the database password where I just left the word ditto previously. Or perhaps the second ditto user and the database password are the same. I added what I'd like the database password to be.
The `ALTER USER WITH PASSWORD` statement updates the password the db will accept when you try to connect as the ditto user. If you make this change you have to update the DATABASE_URL string in your ditto .env file.
> chose to redirect all traffic to https, not sure if all traffic to ditto arrives so
This is the correct thing to do.
Hope this clears up your doubts!