> if changing the access port for the server makes it more secure, could the database port be customized too? would it improve security or could it block some connections?
Well, changing the port does improve security, but only marginally in my opinion. It's better to do the other things you did, like disabling root and password login (in the case of ssh) or setting up a firewall.
> Since the program, the user, and the database are all named ditto, I had a hard time distinguishing them to learn more about the commands in this process.
Yeah, it does get super confusing. I like to call the db `postgres` (if it's a server only being used for one thing) or `dittodb` to help a tiny bit.
Moving on to your notes on `deno task setup`:
> Is the 4036 an independent port, like the database port, or should it be the custom port used to access the server?
The 4036 is the default port Ditto listens on. You can configure it by setting the PORT environment variable in the .env file.
> Should the IP be left as is, or exchanged for the server's IP?
It shouldn't be an IP at all -- it should be the _external_-facing address from which you want to access your instance. For example, if you were hosting it on ditto.freedomweaver.tech then you should enter `https://ditto.freedomweaver.tech`. The port number should be left out unless you are listening on some nonstandard port.
> I left it as localhost, but since it is a VPS I don't know if I need to try * or something else , nor where to modify it after leaving it as is.
This is fine.
> If I enter a real password here, it shows in plain text, so I don't know if that's what it's requesting. I am guessing it is the name of the user that we need to enter (ditto). Is it?
That was an oversight in our setup code, thanks for pointing it out! It'll be fixed in the next release of Ditto.
> I'm guessing there should only be one database listed above, and that ditto should point to it in a database config file somewhere.
It doesn't matter if there are multiple, Ditto only uses the one you enter when it asks you "Postgres database [ditto]:" during setup.
> I entered the existing ditto user password, should it have been a password for a second ditto user?
`createuser` handles _Postgres_ user creation -- different from the `UNIX` user ditto you created earlier. You can use the same or different passwords, it does not matter. Just be sure to use this same password when Ditto asks you for the postgres password in `deno task setup`.
> Unsure on this one, as the docs point out to use a previously entered password, so it could be the one for the second ditto user, or maybe it is to fill in the database password where I just left the word ditto previously. Or perhaps the second ditto user and the database password are the same. I added what I'd like the database password to be.
The `ALTER USER WITH PASSWORD` statement updates the password the db will accept when you try to connect as the ditto user. If you make this change you have to update the DATABASE_URL string in your ditto .env file.
> chose to redirect all traffic to https, not sure if all traffic to ditto arrives so
This is the correct thing to do.
Hope this clears up your doubts!
Hey nostr:npub1a7n2h5y3gt90y00mwrknhx74fyzzjqw25ehkscje58x9tfyhqd5snyvfnu I've been on vacation this past week, back at work now. I'll be responding to your questions in a couple of follow-up notes. Sorry for the delay!
Just confirming, but is Ditto itself running? That's what a 502 Bad Gateway typically indicates, that the service being proxied to isn't active, and your triage list didn't actually mention that. Please don't mistake me, just eliminating the obvious.
Next up, if you have some sort of firewall set up it may be blocking nginx's ability to communicate with Ditto.
Also, if you've configured ditto to listen on a different port other than 4036, please check that your nginx config is updated to reflect that.
There have been some issues with nginx configs in the past but as of latest ditto, nothing. Could you also confirm if you're on latest `main`?
What are the minimum/recommended requirements for a VPS running a nostr:npub10qdp2fc9ta6vraczxrcs8prqnv69fru2k6s2dj48gqjcylulmtjsg9arpj ?
Well, it depends how many users will be using it, and things like that. I have a testing instance over at https://metaman.space which i use as my primary client, it has 2vcpu/2gb of ram/60gb of disk and that is more than enough. Our bigger instances are 2 or 4 vcpu with 4 or 8gb of ram, gleasonator.dev is 4 vcpu 8gb of ram, and this has maaaany many users.
metaman.space runs its own Postgres, the rest all share a single postgres with 320gb of disk, 8 cores, and 16gb of RAM.
I wouldn't worry too much about CPU and RAM honestly, ditto itself is pretty lightweight. Try starting with a single vCPU and 1gb of ram + 1.5gb of swap and seeing how that goes. You can always trivially scale up your VPS if it feels slow.
In my opinion, the bigger scalability problem is actually disk space -- the gleasonator database is like 30gb at the moment. metaman, a much smaller instance, is using about 10gb. So I'd keep an eye on your usage.
Feel free to @ me if you have any more questions!
There are only two kinds of Nostr clients, the ones people complain about, and the ones they don't use :P
Thanks for the bug report! We'll keep fixing them as they come <3
can you please post your config? or email it to me at me@shantaram.xyz
ah, fair enough i suppose
So I've been using time-tracker-cli (https://pypi.org/project/time-tracker-cli/) to track my hours for freelance work. It's great but it has a lot of rough edges, the UX is a bit ugly, it just feels unfinished and incomplete. I have some kludged together shell aliases to handle billing and stuff and the result is not super great but it's ...manageable.
Well I finally had enough and channelled my inner Bender (except I didn't follow up with "ah, screw the whole thing...").
Presenting etu, the cool new time tracker on the block.
https://github.com/xyzshantaram/etu
It's much the same, aiui. A rogue relay could just ... not honor your edits or deletions, but people would pretty quickly stop publishing to it if word got out. Much like a rogue Mastodon instance that won't honor deletion requests being defederated.
technically they can be, you just can't be sure other people will respect it :P
hello nostr!
