This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Step-by-step dess guides

Learn how to setup dess on a specific platform

1 - Setup dess on AWS (Amazon Web Services) Platform

Step-by-Step setup of dess on AWS (Amazon Web Services)

Step-by-Step setup of dess in AWS

In this step-by-step guide I will walk you through all steps required to setup your own private dess using AWS. Please use the index to skip some steps in case you have already completed them.

Table of contents

Pre-requisites

  • Registered @sign(s) to setup
  • An AWS account
  • A Fully Qualified Domain Name (FQDN)

1. Registering your @sign

This topic is already well documented. Please follow the guidance of Our FAQs and register via the registrar site.

2. Sign-up for AWS account

If you are new to AWS, signing up for an account is free! The cost of running dess is about 10$/month. You can create your account at https://aws.amazon.com/ and as of June 6th, 2021 there is a “free tier” available which was used during the making of this guide.

aws-free-trial

Follow the instructions on screen.

aws-sign-up

Once you are done with registration, you will be able to login to your aws console.

Make sure that you select the correct region in the top right corner.

aws-region

Select the region that is geographically closest to your location for best performance.

You are now setup on AWS and ready to prepare dess.

3. Register your own fully qualified domain name (FQDN)

This step can be performed at a variety of sites, all with different pricing models. You can use sites like Go Daddy, Namecheap, and many others. However, since we have AWS account, we can use it to register our domain through the Route 53 service.

In your AWS console navigate to services in top left corner and select Route 53.

a) Register domain name with AWS.

In your AWS console search for Route 53.

aws-route53

You can start looking for your domain directly from here:

image-20210726083635919

Based on the domain name you search, AWS will give you similar options, and their pricing. As I am looking for the best deal, the .link domain seems like a good option at a cost of 5$ / year.

In my case 4atsign.link is free and I will register it by clicking “Add to cart” and continue.

img

Fill out DNS registration form:

img

Continue review details and order. At this point if all is fine you should see your domain request pending:

img

This can take some time so why don’t we move on to next step!

4. Preparing AWS instance

Now since I am new to AWS, the easiest way to get started is by using the LightSail service from service catalog. This will enable you to deploy small system which is more then capable of handling dess at pre-set price.

img

Welcome to LightSail:

img

First step is to create new instance. Fortunately, we have big orange button that can do just that!

There are several options we are presented at this moment. Since I am living in Europe I select “Frankfurt, Zone A (eu-central-1a)” as my instance location. Instance region will dictate how well will your instance response based on your geographical location. People located in India should selects APAC region where as people in US should select North America region. You can leave availability zone set as default.

img

Next up will be selection of operating system we want to deploy. We know that dess works well with Ubuntu 20.04 LTS so lets select just that.

img

You are presented with couple more options, but unless you know what you are doing leave these as is.

img

Now let’s select instance plan. dess is relatively light weight so for testing purposes I will select first instance plan for 3.5$/Month. This will provide us with 512 MB of RAM, 1vCPU, 20GB of storage and 1TB of data transfer. This is more then enough to run our dess.

img

Lastly we have to name our instance. This is the name you will be presented with in your dashboard.

img

Last but not least is to press “Create instance”

img

After a couple of seconds you should be re-routed to your dashboard and see your instance up and running:

img

5. Preparing your instance for network access

a) Assignment of Static IP

Next up, is to provide our instance with a static IP and linking our domain to it.

When you click on your instance name, it will take you to the management console, which should look like this:

img

This is where you control hardware, connectivity and if needed can delete your instance.

Lets configure a static IP address for your new instance. Navigate to Networking and click on Create static IP:

img

Our region and instance is selected, so the only thing left is to name our static IP. I selected the name atsign-static, but it can be any name you like.

img

Lets hit create:

img

And voila, we now have a static IP address on the internet and it will not change. Now we can link our domain name with it.

img

When you click on your instance name and navigate to Networking, the static IP is now assigned.

img

b) Assignment of Domain name to your static IP

We can now move on to linking our static IP address to our domain. This is done via the AWS console which can be accessed in the top right of Lightsail.

img

Verify your email used for registering domain:

By now you should receive verification email that will confirm registration of your domain. Click this link before moving on.

Linking domain with your static address:

Lets navigate to “Route 53” from Services menu.

img

From your dashboard click on “Domain” which will take you to the “Registered Domains” tab.

img

Here you can click on your registered domain which will take you to overview page with domain status and contacts.

img

Click on “Manage DNS”

img

And click on your domain name.

This will show you your DNS records for your domain. We now need to link A type record to your domain linking it to IP address of your instance.

This is done simply by typing your static IP address from previous step into field “Value” and clicking Create record:

img

If everything goes well you should see following in your domain dashboard:

img

To test if you are successful open command line and ping your domain. You should see your instance static IP address. It will not respond which is normal due to IPv4 firewall. It is actually good thing!

img

At this point we have created DNS record we will use to link our dess, we created instance name which will be running our dess and we have opened port range which is exposed to the internet and we can communicate with @sign root server and our apps with.

c) Setting up Firewall

Next up we need to make sure we have ports open for our dess to communicate with root server and our apps. In Section networking go to section “IPv4 Firewall” and click “+ Add rule” Our rule will be “Custom” on TCP protocol with Port range in number higher then 1024. In my case I have selected port range 8000-8010. This will enable me to run up to 10 @signs in parallel.

img

Click create and verify that your new rule is in list:

img

6. Instance setup and dess deployment

Open your LightSail console

By now you should see your instance in “Running state”

img

Open it and on tab Connect click on “Connect using SSH”

img

You should be presented by a new window with command line:

img

Before we do anything else, we should update the system:

sudo apt update && sudo apt upgrade

This might take some time, but it will make sure we have latest repository information and the system is up to date.

Next make sure curl is installed, we will use curl to pull the dess installation file:

sudo apt install curl

Finally, run the dess installer:

curl -fsSL https://getdess.atsign.com | sudo bash

Once the installer is finished you should be prompted like so:

Dess installed, please move on to the sudo dess-create command.

7. Registration of @sign in your private dess

At this step you should already have your @sign registered at http://atsign.com. If not go do it!

I have registered my own free @sign (@44likelycanary) which I will link to my dess.

In your instance console, navigate to dess folder. If you were following this guide it will be located in:

We now need to create the service that will host our @sign by executing the dess-create command:

$ sudo dess-create @44likelycanary 4atsign.link 8000 <email address> likelycanary

To make it more understandable:

I will be registering my @sign @44likelycanary.

I will be using my domain 4atsign.link which I have registered through AWS.

I am using port 8000 which I have opened in my instance firewall.

My registration email address is <email address> (this email is used to sign the SSL certificates).

The last likelycanary is the name that docker will use to track the service.

If everything is successful you should see output like this:

img

At this moment your @sign is registered on your dess.

8. Activation of @sign

Next up we need to activate it

Login to your dashboard at https://my.atsign.com/dashboard

Open “my @signs”

img

Open “managed” of @sign you are registering”

img

Navigate to Advance settings:

img

If you have already activated your @sign you will be prompted to erase all your data first

img

Once done you are able to link your @sign with your private dess. Use your domain and port number with which you have created service on your cloude instance and press Activate.

img

You should see that your @sign is being activated in your dashboard:

img

This can take several minutes so go get cup of coffee, some tea maybe, stretch your body and pray you haven’t made any mistakes!

Once the activation process completes you are welcomed by green Activated.

img

You can now open @buzz or @wavi and register your @sign via QR code and generate your keys!

CONGRATULATIONS

2 - Setup dess on GCP (Google Cloud Platform)

Step-by-Step setup of dess on GCP (Google Cloud Platform)

dess stands for “Distributed Edge Secondary Server” and it is used to host your @signs on your own secondary server. Refer to the Setup dess guide under Options to learn more.

In this step-by-step guide we will walk you through all steps required to setup your own private dess in GCP cloud from scratch. Please use index to skip some steps in case you have done them in another way.

Table of contents

Pre-requisites

  • Register Atsign at http://atsign.com
  • Have google account
  • Have registered Fully Qualified Domain Name (FQDN)

1. Registering your @sign

This topic is already well documents. Please follow guidance of https://atsign.com/faqs/ and register via https://atsign.com/get-an-sign/.

2. Sign-up for GCP account

a) Account creation

If you are new to cloud like me and need to create new GCP account, I have good news! The creation is for free. As promotion all new customer will also receive 300$ as credit. That is more than enough to run multiple dess’s for 3 months of offer validity.

gcp-discount

You can register with your gmail account or create new one by clicking “Get started for free” and follow instructions to register

Get Started

Once done with registration you will be able to login to your https://console.cloud.google.com/ And voila you have your GCP account up and running.

b) Setting up billing

To be able to run some services you have to maintain billing account. Navigation Menu -> Billing

gcp-navigation-billing

By default GCP creates “My Billing Account” which you can link to your project.

gcp-billing_project

Click “Link Billing account” and select “My billing account” from drop down

🔴 Its important to note that this account holds your 300$ free credits! 🔴

We are all setup and ready to go deploy!

3. Register your own fully qualified domain name (FQDN)

This step can be performed at range of different sites with different pricing models. You can use sites like http://www.godaddy.com; https://www.namecheap.com/; and many others. Since we have GCP account we can use it to register our domain through Cloud Domain.

a) Register domain name with GCP.

In your GCP console search for Cloud Domain.

gcp-search-domain

We first need to enable this service.

gcp-domain-api

Once the service activates you will be presented with its dashboard.

Lets register our fully qualified domain name (FQDN) that will be used for registration of our dess.

Click on “Register Domain” and look for suitable name.

gcp-domain-register

Reviewing pricing options of GCP .pw is their cheapest option which will work for testing. For my test case I am selecting atsign.pw with price $0.75 / month by clicking add to cart button and continue.

gcp-domain-lookup

Next we can select where will our DNS record be hosted. Simply select “Use Google Domains” and DNSSEC “Enabled” and click continue.

gcp-domain-config

We have no options with Privacy protection so simply click continue.

gcp-domain-privacy

Fill out contact details and click register. This will trigger registration email you will have to verify.

gcp-domain-contacts

Once you verify your email your domain should be ready to use

gcp-domain-status

b) Create Cloud DNS zone

Next step is to enable Cloud DNS service. Search for DNS in search bar and select Cloud DNS

gcp-search-dns

If its your first time activating this service you will have to enable the API. Press enable and wait for the activation to finish.

gcp-dns-api

Lets crate new DNS zone by clicking “Create Zone”

gcp-dns-create

We will select zone type as Public since we will be connecting to our DNS from internet and provide your registered DNS name. In my case atsign.pw. DNSSEC will be set to off and provide some meaningful Description. Once you filled all your details press create.

gcp-dns-create-details

You should receive following message:

gcp-dns-confirm

4. Preparing GCP instance

Now since I am new to GCP the easiest way to start using it is with prebuild solutions. This way you will deploy small system which is more then capable of handling dess at pre-set price.

We can use pre-build “Ubuntu 20”. In Search bar look for Ubuntu20

gcp-search-ubuntu20

🔴 Make sure to use “Ubuntu 20” and not “Hardened Ubuntu 20”. Although the Hardened version will work as well it requires additional manual steps to make work.🔴

This will take you to this prebuild solution overview page:

gcp-ubuntu20

Select launch

gcp-ubuntu20-api-enable

And press enable all required API’s

gcp-ubuntu20-api-enabled

Once all API’s are activated you are taken to configuration page:

gcp-ubuntu20-type

Prices are based on region and power of selected Virtual Machine (VM). To cost optimize you can select US region / N1 / g1-small at cost of $15/Month.

Next up is boot disk which we can leave as is.

gcp-ubuntu20-disk

This will deploy your Ubuntu 20.04 virtual machine.

gcp-ubuntu20-confirmation

5. Preparing your instance for network access

a) Assignment of Static IP

Next up our list of activities is providing our instance with static IP and linking our domain to it.

GCP assigned ephemeral IP address to our newly created VM. We need to change it to static IP.

In search bar look for External IP addresses.

gcp-search-networking

You should see your external IP address assigned to your VM

gcp-networking-overview

In column Type select ephemeral and change it to Static

gcp-networking-type

Give your static IP name and some description.

gcp-networking-static

Type should now say Static

gcp-networking-type-change

b) Assignment of Domain name to your static IP

Next step is to point your domain to your virtual machine running dess.

Search for Cloud DNS

gcp-search-dns

Open zone you have created in step 3.b Create Cloud DNS zone

gcp-dns-status

We now need to link A type record to your domain linking it to IP address of your Virtual machine.

This is done simply press “Add record set”

gcp-dns-add-record

Select Resource record type “A” and IPv4 address the address of your dess virtual machine.

gcp-dns-a

If everything goes well you should see following in your domain dashboard:

gcp-dns-status-final

Next step is to update Google Name servers. You can follow Googles guide - step 5.

https://cloud.google.com/dns/docs/tutorials/create-domain-tutorial#register-domain

To test if you are successful open command line and ping your domain. You should see your instance static IP address.

gcp-dns-test

At this point we have created DNS record we will use to link our dess, we created instance name which will be running our dess and we have opened port range which is exposed to the internet and we can communicate with @sign root server and our apps with.

c) Setting up Firewall

Search for Firewall in search bar.

gcp-search-firewall

Click on Create firewall rule

gcp-firewall-create

Lets create firewall rule that will enable the @sign root server communicate with our dess.

gcp-networking-firewall-settings

Important things to note:

  1. Ingress translates to incoming traffic.

  2. Selecting IP range as 0.0.0.0/0 will allow traffic from anywhere on the internet.

  3. For my use case I will enable port range 8000 – 8010 allowing me to register up to 10 @signs.

gcp-firewall-ranges

Press create and validate that your new rule appears in list of firewall rules.

gcp-firewall-status

Second we need to create firewall rule that will enable your dess server to communicate with certification authority.

gcp-networking-firewall-80

Important things to note:

  1. Ingress translates to incoming traffic.

  2. Selecting IP range as 0.0.0.0/0 will allow traffic from anywhere on the internet.

  3. You need to enable port 80 for communication with Certification authority.

gcp-networking-firewall-range-80

Press create and validate that your new rule appears in list of firewall rules.

gcp-firewall-status

6. Instance setup and dess deployment

Open your GCP console at https://console.cloud.google.com/compute/instances and search for VM instances

gcp-search-vm

By now you should see your instance in “Running state”

gcp-vm-status

Click on the SSH button and connect to your instance.

You should be presented by new window with command line:

gcp-vm-connected

Before we do anything else, we should update the system:

sudo apt update && sudo apt upgrade

This might take some time, but it will make sure we have latest repository information and the system is up to date.

Next make sure curl is installed, we will use curl to pull the dess installation file:

sudo apt install curl

Finally, run the dess installer:

curl -fsSL https://getdess.atsign.com | sudo bash

Once the installer is finished you should be prompted like so:

Dess installed, please move on to the sudo dess-create command.

7. Registration of @sign in your private dess

At this step you should already have your @sign registered at http://atsign.com. If not go do it!

I have registered my own free @sign (@44likelycanary) which I will link to my dess.

In your instance console, navigate to dess folder. If you were following this guide it will be located in:

We now need to create the service that will host our @sign by executing the dess-create command:

$ sudo dess-create @44likelycanary 4atsign.link 8000 <email address> likelycanary

To make it more understandable:

I will be registering my @sign @44likelycanary.

I will be using my domain 4atsign.link which I have registered through AWS.

I am using port 8000 which I have opened in my instance firewall.

My registration email address is <email address> (this email is used to sign the SSL certificates).

The last likelycanary is the name that docker will use to track the service.

If everything is successful you should see output like this:

img

At this moment your @sign is registered on your dess.

8. Activation of @sign

Next up we need to activate it

Login to your dashboard at https://my.atsign.com/dashboard

Open “my @signs”

gcp-atsign-dashboard

Open “managed” of @sign you are registering”

gcp-atsign-nonactive

Navigate to Advance settings:

gcp-atsign-active

If you have already activated your @sign you will be prompted to erase all your data first

gcp-atsign-erase

Once done you are able to link your @sign with your private dess. Use your domain and port number with which you have created service on your cloud instance and press Activate

image-20210617111907819

You should see that your @sign is being activated in your dashboard:

gcp-atsign-activating

The activation will be completed once you have used your QR code from dess and retrieved your keys.

Once the activation process completes you are welcomed by green Activated.

gcp-atsign-activated

CONGRATULATIONS