Presto 0.298 on Ubuntu 24.04 on Azure User Guide
Overview
Presto (PrestoDB) is a high performance, open source distributed SQL query engine for running fast, interactive analytic queries against data of any size. It was created at Meta (Facebook) and is now hosted by the Linux Foundation's Presto Foundation. Presto queries data where it lives through pluggable connectors, so a single ANSI SQL statement can join across data lakes, relational databases and object storage. It ships a browsable Web console for monitoring queries and the cluster. This is PrestoDB, which is a different project from the Trino fork.
The cloudimg image installs Presto 0.298.1 from the official distribution and runs it as the dedicated presto system service under OpenJDK 17. Presto ships with no authentication by default, which would leave its console and query API open to anyone on the network, so this image never exposes it directly: the coordinator is restricted to loopback (an nftables guard drops any non loopback traffic to its port, and the network security group does not open it) and nginx on port 443 is the only reachable surface, terminating TLS with a per VM self signed certificate and enforcing HTTP Basic authentication. A unique console credential is generated on the first boot of every VM, so no VM ever ships with a known or blank credential. The built in tpch, jmx and memory catalogs are preloaded so you can run real SQL immediately with no external data source, and the node data directory lives on a dedicated Azure data disk. Backed by 24/7 cloudimg support.
What is included:
- Presto (PrestoDB) 0.298.1 installed from the official distribution and run as the
prestosystem service under OpenJDK 17 - Single node coordinator and worker, ready to query out of the box, with the
tpch,jmxandmemorycatalogs preloaded - The node data directory relocated onto a dedicated Azure data disk at
/var/lib/presto - The coordinator restricted to loopback (an nftables guard plus the network security group), fronted by nginx on port 443 with TLS and HTTP Basic authentication
- A per VM self signed TLS certificate and a unique
adminconsole credential, both generated on first boot and recorded in a root only file - Port 80 redirecting to HTTPS, with an unauthenticated
/healthzendpoint for load balancer probes - The bundled
prestocommand line client, preconfigured to talk to the local coordinator presto.service,nginx.serviceandpresto-loopback-guard.serviceas systemd units, enabled and active- 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_D2s_v4 (2 vCPU / 8 GiB RAM) is the recommended starting size; the shipped JVM heap is a conservative 4 GiB, so size up the VM and raise the heap and query memory limits for larger data and higher concurrency. NSG inbound: allow 22/tcp from your management network and 443/tcp for the Web console and query API (and 80/tcp if you want the HTTP to HTTPS redirect). The coordinator port is never exposed; nginx on 443 is the only entry point.
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Presto by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTPS (443). Review the dedicated data disk on the Disks tab, then Review + create then Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name presto \
--image <marketplace-image-urn> \
--size Standard_D2s_v4 \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
After the VM is created, open port 443 so you can reach the console and query API:
az vm open-port --resource-group <your-rg> --name presto --port 443 --priority 900
Step 3 - Connect to your VM
ssh azureuser@<vm-public-ip>
The first boot generates the per VM console credential and TLS certificate and prints a summary to the message of the day, so your first SSH session shows the console URL and where the credentials file lives.
Step 4 - Confirm the services are running
Presto runs as a systemd service behind nginx. Confirm the services are active, that the coordinator answers on the loopback port, and that the node data directory is on the dedicated data disk:
systemctl is-active presto.service nginx.service presto-loopback-guard.service
ss -tln | grep -E ':8080|:443|:80 '
findmnt /var/lib/presto

Step 5 - Retrieve your console credential and confirm the gate
The per VM admin credential is written to a root only file at /root/presto-credentials.txt (mode 0600). Because Presto has no authentication of its own, nginx enforces it: an anonymous request to the console or the query API returns HTTP 401, and only the per VM credential is accepted. The --cacert flag trusts the per VM self signed certificate:
sudo cat /root/presto-credentials.txt
CA=/etc/nginx/tls/presto.crt
curl -s -o /dev/null -w '%{http_code}\n' --cacert $CA https://127.0.0.1/v1/info # 401, anonymous rejected
curl -s -o /dev/null -w '%{http_code}\n' --cacert $CA -X POST -d 'SELECT 1' https://127.0.0.1/v1/statement # 401, query API gated

Step 6 - Run SQL with the bundled CLI
The bundled presto command line client is preconfigured to talk to the local coordinator. List the catalogs and run a query against the built in TPC-H sample data:
presto --execute 'SHOW CATALOGS'
presto --execute 'SELECT count(*) FROM tpch.tiny.nation'
presto --execute 'SELECT count(*) FROM tpch.tiny.orders'

Step 7 - Run an analytic query
Presto executes real distributed SQL. Join across the TPC-H sample tables to compute revenue by region and by nation:
presto --output-format ALIGNED --execute "SELECT r.name AS region, count(*) AS orders, round(sum(o.totalprice)/1000,1) AS revenue_k FROM tpch.tiny.orders o JOIN tpch.tiny.customer c ON o.custkey=c.custkey JOIN tpch.tiny.nation n ON c.nationkey=n.nationkey JOIN tpch.tiny.region r ON n.regionkey=r.regionkey GROUP BY r.name ORDER BY revenue_k DESC"

Step 8 - Open the Web console
Browse to https://<vm-public-ip>/ui/ and sign in with admin and the password from Step 5 when your browser prompts (the certificate is the per VM self signed one, so accept it or install it as trusted). The console opens on the Cluster Overview, showing live cluster statistics such as active workers, running queries and throughput, with the query list below.

Step 9 - Monitor queries in the query list
The query list shows every query the cluster has run, with its state, submission time, elapsed time, split counts and the SQL text. Use the state filters and search box to find queries by user, source or text:

Step 10 - Inspect a query's details
Click a query id to open its detail page. The Overview tab shows the session, the execution timeline, resource utilisation and a per stage summary; the tabs across the top switch to the live plan, stage performance, splits and the raw JSON:

Step 11 - View the query execution plan
The Live Plan tab renders the query's distributed execution plan as a directed graph of stages and operators, with the rows flowing between stages. This is how you understand and tune how Presto executes a query:

Step 12 - Add your own data sources
Presto queries your data through connectors. Add a catalog by dropping a properties file into /opt/presto/etc/catalog/ and restarting the service. For example, to query a PostgreSQL database:
sudo tee /opt/presto/etc/catalog/postgresql.properties >/dev/null <<'EOF'
connector.name=postgresql
connection-url=jdbc:postgresql://your-db-host:5432/yourdb
connection-user=youruser
connection-password=yourpassword
EOF
sudo systemctl restart presto
Presto ships connectors for Hive, PostgreSQL, MySQL, SQL Server, Kafka, Elasticsearch, Azure Blob and ADLS, Delta Lake, Iceberg and many more. Once the catalog loads it appears in SHOW CATALOGS and you can query and join it alongside any other source.
Step 13 - Confirm data lives on the dedicated disk
The node data directory sits on the dedicated Azure data disk, so query state, spill and logs are decoupled from the OS disk and the volume can be resized independently:
findmnt /var/lib/presto
grep '^node.data-dir=' /opt/presto/etc/node.properties
Maintenance
Replace the certificate. The image ships a per VM self signed certificate on nginx port 443. For production, point a DNS name at the VM and install your own trusted certificate in nginx, for example with Certbot, so the console and query API are served without a certificate warning.
Scale out. The image runs a single node that is both coordinator and worker. To scale, deploy additional worker VMs and point them at this coordinator's discovery URI, then raise the JVM heap in /opt/presto/etc/jvm.config and the query.max-memory limits in /opt/presto/etc/config.properties to match the larger VM.
Keep the credential safe. The per VM console credential is in /root/presto-credentials.txt (root only). Rotate it by regenerating the nginx htpasswd entry with htpasswd -B /etc/nginx/.htpasswd admin and reloading nginx.
Updates. The image ships with unattended security upgrades enabled for the operating system. Presto itself can be upgraded by following the project's release notes.
Trademark and licensing
Presto (PrestoDB) is licensed under the Apache License 2.0. Presto is a trademark of the Presto Foundation and The Linux Foundation. This image and cloudimg are not affiliated with or endorsed by the Presto Foundation or The Linux Foundation; PrestoDB is a distinct project from the Trino fork.
Support
Every cloudimg image is backed by 24/7 support. If you have any questions about deploying or operating Presto on Azure, contact the cloudimg team.