This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Setup dess on GCP (Google Cloud Platform)

Step-by-Step setup of dess on GCP (Google Cloud Platform)

    dess stands for “Distributed Edge Secondary Server” and it is used to host your @signs on your own secondary server. Refer to the Setup dess guide under Options to learn more.

    In this step-by-step guide we will walk you through all steps required to setup your own private dess in GCP cloud from scratch. Please use index to skip some steps in case you have done them in another way.

    Table of contents


    • Register Atsign at
    • Have google account
    • Have registered Fully Qualified Domain Name (FQDN)

    1. Registering your @sign

    This topic is already well documents. Please follow guidance of and register via

    2. Sign-up for GCP account

    a) Account creation

    If you are new to cloud like me and need to create new GCP account, I have good news! The creation is for free. As promotion all new customer will also receive 300$ as credit. That is more than enough to run multiple dess’s for 3 months of offer validity.


    You can register with your gmail account or create new one by clicking “Get started for free” and follow instructions to register

    Get Started

    Once done with registration you will be able to login to your And voila you have your GCP account up and running.

    b) Setting up billing

    To be able to run some services you have to maintain billing account. Navigation Menu -> Billing


    By default GCP creates “My Billing Account” which you can link to your project.


    Click “Link Billing account” and select “My billing account” from drop down

    🔴 Its important to note that this account holds your 300$ free credits! 🔴

    We are all setup and ready to go deploy!

    3. Register your own fully qualified domain name (FQDN)

    This step can be performed at range of different sites with different pricing models. You can use sites like;; and many others. Since we have GCP account we can use it to register our domain through Cloud Domain.

    a) Register domain name with GCP.

    In your GCP console search for Cloud Domain.


    We first need to enable this service.


    Once the service activates you will be presented with its dashboard.

    Lets register our fully qualified domain name (FQDN) that will be used for registration of our dess.

    Click on “Register Domain” and look for suitable name.


    Reviewing pricing options of GCP .pw is their cheapest option which will work for testing. For my test case I am selecting with price $0.75 / month by clicking add to cart button and continue.


    Next we can select where will our DNS record be hosted. Simply select “Use Google Domains” and DNSSEC “Enabled” and click continue.


    We have no options with Privacy protection so simply click continue.


    Fill out contact details and click register. This will trigger registration email you will have to verify.


    Once you verify your email your domain should be ready to use


    b) Create Cloud DNS zone

    Next step is to enable Cloud DNS service. Search for DNS in search bar and select Cloud DNS


    If its your first time activating this service you will have to enable the API. Press enable and wait for the activation to finish.


    Lets crate new DNS zone by clicking “Create Zone”


    We will select zone type as Public since we will be connecting to our DNS from internet and provide your registered DNS name. In my case DNSSEC will be set to off and provide some meaningful Description. Once you filled all your details press create.


    You should receive following message:


    4. Preparing GCP instance

    Now since I am new to GCP the easiest way to start using it is with prebuild solutions. This way you will deploy small system which is more then capable of handling dess at pre-set price.

    We can use pre-build “Ubuntu 20”. In Search bar look for Ubuntu20


    🔴 Make sure to use “Ubuntu 20” and not “Hardened Ubuntu 20”. Although the Hardened version will work as well it requires additional manual steps to make work.🔴

    This will take you to this prebuild solution overview page:


    Select launch


    And press enable all required API’s


    Once all API’s are activated you are taken to configuration page:


    Prices are based on region and power of selected Virtual Machine (VM). To cost optimize you can select US region / N1 / g1-small at cost of $15/Month.

    Next up is boot disk which we can leave as is.


    This will deploy your Ubuntu 20.04 virtual machine.


    5. Preparing your instance for network access

    a) Assignment of Static IP

    Next up our list of activities is providing our instance with static IP and linking our domain to it.

    GCP assigned ephemeral IP address to our newly created VM. We need to change it to static IP.

    In search bar look for External IP addresses.


    You should see your external IP address assigned to your VM


    In column Type select ephemeral and change it to Static


    Give your static IP name and some description.


    Type should now say Static


    b) Assignment of Domain name to your static IP

    Next step is to point your domain to your virtual machine running dess.

    Search for Cloud DNS


    Open zone you have created in step 3.b Create Cloud DNS zone


    We now need to link A type record to your domain linking it to IP address of your Virtual machine.

    This is done simply press “Add record set”


    Select Resource record type “A” and IPv4 address the address of your dess virtual machine.


    If everything goes well you should see following in your domain dashboard:


    Next step is to update Google Name servers. You can follow Googles guide - step 5.

    To test if you are successful open command line and ping your domain. You should see your instance static IP address.


    At this point we have created DNS record we will use to link our dess, we created instance name which will be running our dess and we have opened port range which is exposed to the internet and we can communicate with @sign root server and our apps with.

    c) Setting up Firewall

    Search for Firewall in search bar.


    Click on Create firewall rule


    Lets create firewall rule that will enable the @sign root server communicate with our dess.


    Important things to note:

    1. Ingress translates to incoming traffic.

    2. Selecting IP range as will allow traffic from anywhere on the internet.

    3. For my use case I will enable port range 8000 – 8010 allowing me to register up to 10 @signs.


    Press create and validate that your new rule appears in list of firewall rules.


    Second we need to create firewall rule that will enable your dess server to communicate with certification authority.


    Important things to note:

    1. Ingress translates to incoming traffic.

    2. Selecting IP range as will allow traffic from anywhere on the internet.

    3. You need to enable port 80 for communication with Certification authority.


    Press create and validate that your new rule appears in list of firewall rules.


    6. Instance setup and dess deployment

    Open your GCP console at and search for VM instances


    By now you should see your instance in “Running state”


    Click on the SSH button and connect to your instance.

    You should be presented by new window with command line:


    Before we do anything else, we should update the system:

    sudo apt update && sudo apt upgrade

    This might take some time, but it will make sure we have latest repository information and the system is up to date.

    Next make sure curl is installed, we will use curl to pull the dess installation file:

    sudo apt install curl

    Finally, run the dess installer:

    curl -fsSL | sudo bash

    Once the installer is finished you should be prompted like so:

    Dess installed, please move on to the sudo dess-create command.

    7. Registration of @sign in your private dess

    At this step you should already have your @sign registered at If not go do it!

    I have registered my own free @sign (@44likelycanary) which I will link to my dess.

    In your instance console, navigate to dess folder. If you were following this guide it will be located in:

    We now need to create the service that will host our @sign by executing the dess-create command:

    $ sudo dess-create @44likelycanary 8000 <email address> likelycanary

    To make it more understandable:

    I will be registering my @sign @44likelycanary.

    I will be using my domain which I have registered through AWS.

    I am using port 8000 which I have opened in my instance firewall.

    My registration email address is <email address> (this email is used to sign the SSL certificates).

    The last likelycanary is the name that docker will use to track the service.

    If everything is successful you should see output like this:


    At this moment your @sign is registered on your dess.

    8. Activation of @sign

    Next up we need to activate it

    Login to your dashboard at

    Open “my @signs”


    Open “managed” of @sign you are registering”


    Navigate to Advance settings:


    If you have already activated your @sign you will be prompted to erase all your data first


    Once done you are able to link your @sign with your private dess. Use your domain and port number with which you have created service on your cloud instance and press Activate


    You should see that your @sign is being activated in your dashboard:


    The activation will be completed once you have used your QR code from dess and retrieved your keys.

    Once the activation process completes you are welcomed by green Activated.