Add the PGDG repository
Install PostgreSQL 17
Verify the version:
Set password and create database
Create the three role tiers
1. Superuser — full ownership
2. appuser — full CRUD on all tables (read, insert, update, delete)
3. appviewer — scoped access (mixed SELECT-only and read/write tables)
The exact list of which tables
appviewer can access, and at which permission level (SELECT-only vs. SELECT/INSERT/UPDATE), is maintained in the J-Spider-Store-Backend repo docs. Check there before granting or revoking access for this role — do not assume the same table list applies across environments.Remote access
For remote database work (DBeaver, pgAdmin, TablePlus, etc.), do not expose PostgreSQL directly to the internet. Use an SSH tunnel through the VPS instead — Postgres stays bound tolocalhost and only the SSH port is reachable.
1. Confirm Postgres is listening on localhost only
2. Set up the SSH tunnel
DBeaver:- New connection → PostgreSQL
- Main tab: Host
localhost, Port5432, Databaseprod_db, User/Password of the role you’re connecting as - SSH tab: enable “Use SSH Tunnel” → Host/IP: your VPS IP, Port
22, User: your VPS SSH user, Auth: private key or password - Test Connection — DBeaver tunnels the connection through SSH automatically
- New Server → Connection tab: Host
localhost, Port5432, Maintenance DBprod_db, Username/Password - SSH Tunnel tab: enable tunneling → Tunnel host: VPS IP, Tunnel port
22, Username, Identity file (or password) - Save