This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Setup dess on GCP (Google Cloud Platform)

Step-by-Step setup of dess on GCP (Google Cloud Platform)

    dess stands for “Distributed Edge Secondary Server” and it is used to host your @signs on your own secondary server. Refer to the Setup dess guide under Options to learn more.

    In this step-by-step guide we will walk you through all steps required to setup your own private dess in GCP cloud from scratch. Please use index to skip some steps in case you have done them in another way.

    Table of contents

    Pre-requisites

    • Register Atsign at http://atsign.com
    • Have google account
    • Have registered Fully Qualified Domain Name (FQDN)

    1. Registering your @sign

    This topic is already well documents. Please follow guidance of https://atsign.com/faqs/ and register via https://atsign.com/get-an-sign/.

    2. Sign-up for GCP account

    a) Account creation

    If you are new to cloud like me and need to create new GCP account, I have good news! The creation is for free. As promotion all new customer will also receive 300$ as credit. That is more than enough to run multiple dess’s for 3 months of offer validity.

    gcp-discount

    You can register with your gmail account or create new one by clicking “Get started for free” and follow instructions to register

    Get Started

    Once done with registration you will be able to login to your https://console.cloud.google.com/ And voila you have your GCP account up and running.

    b) Setting up billing

    To be able to run some services you have to maintain billing account. Navigation Menu -> Billing

    gcp-navigation-billing

    By default GCP creates “My Billing Account” which you can link to your project.

    gcp-billing_project

    Click “Link Billing account” and select “My billing account” from drop down

    🔴 Its important to note that this account holds your 300$ free credits! 🔴

    We are all setup and ready to go deploy!

    3. Register your own fully qualified domain name (FQDN)

    This step can be performed at range of different sites with different pricing models. You can use sites like http://www.godaddy.com; https://www.namecheap.com/; and many others. Since we have GCP account we can use it to register our domain through Cloud Domain.

    a) Register domain name with GCP.

    In your GCP console search for Cloud Domain.

    gcp-search-domain

    We first need to enable this service.

    gcp-domain-api

    Once the service activates you will be presented with its dashboard.

    Lets register our fully qualified domain name (FQDN) that will be used for registration of our dess.

    Click on “Register Domain” and look for suitable name.

    gcp-domain-register

    Reviewing pricing options of GCP .pw is their cheapest option which will work for testing. For my test case I am selecting atsign.pw with price $0.75 / month by clicking add to cart button and continue.

    gcp-domain-lookup

    Next we can select where will our DNS record be hosted. Simply select “Use Google Domains” and DNSSEC “Enabled” and click continue.

    gcp-domain-config

    We have no options with Privacy protection so simply click continue.

    gcp-domain-privacy

    Fill out contact details and click register. This will trigger registration email you will have to verify.

    gcp-domain-contacts

    Once you verify your email your domain should be ready to use

    gcp-domain-status

    b) Create Cloud DNS zone

    Next step is to enable Cloud DNS service. Search for DNS in search bar and select Cloud DNS

    gcp-search-dns

    If its your first time activating this service you will have to enable the API. Press enable and wait for the activation to finish.

    gcp-dns-api

    Lets crate new DNS zone by clicking “Create Zone”

    gcp-dns-create

    We will select zone type as Public since we will be connecting to our DNS from internet and provide your registered DNS name. In my case atsign.pw. DNSSEC will be set to off and provide some meaningful Description. Once you filled all your details press create.

    gcp-dns-create-details

    You should receive following message:

    gcp-dns-confirm

    4. Preparing GCP instance

    Now since I am new to GCP the easiest way to start using it is with prebuild solutions. This way you will deploy small system which is more then capable of handling dess at pre-set price.

    We can use pre-build “Ubuntu 20”. In Search bar look for Ubuntu20

    gcp-search-ubuntu20

    🔴 Make sure to use “Ubuntu 20” and not “Hardened Ubuntu 20”. Although the Hardened version will work as well it requires additional manual steps to make work.🔴

    This will take you to this prebuild solution overview page:

    gcp-ubuntu20

    Select launch

    gcp-ubuntu20-api-enable

    And press enable all required API’s

    gcp-ubuntu20-api-enabled

    Once all API’s are activated you are taken to configuration page:

    gcp-ubuntu20-type

    Prices are based on region and power of selected Virtual Machine (VM). To cost optimize you can select US region / N1 / g1-small at cost of $15/Month.

    Next up is boot disk which we can leave as is.

    gcp-ubuntu20-disk

    This will deploy your Ubuntu 20.04 virtual machine.

    gcp-ubuntu20-confirmation

    5. Preparing your instance for network access

    a) Assignment of Static IP

    Next up our list of activities is providing our instance with static IP and linking our domain to it.

    GCP assigned ephemeral IP address to our newly created VM. We need to change it to static IP.

    In search bar look for External IP addresses.

    gcp-search-networking

    You should see your external IP address assigned to your VM

    gcp-networking-overview

    In column Type select ephemeral and change it to Static

    gcp-networking-type

    Give your static IP name and some description.

    gcp-networking-static

    Type should now say Static

    gcp-networking-type-change

    b) Assignment of Domain name to your static IP

    Next step is to point your domain to your virtual machine running dess.

    Search for Cloud DNS

    gcp-search-dns

    Open zone you have created in step 3.b Create Cloud DNS zone

    gcp-dns-status

    We now need to link A type record to your domain linking it to IP address of your Virtual machine.

    This is done simply press “Add record set”

    gcp-dns-add-record

    Select Resource record type “A” and IPv4 address the address of your dess virtual machine.

    gcp-dns-a

    If everything goes well you should see following in your domain dashboard:

    gcp-dns-status-final

    Next step is to update Google Name servers. You can follow Googles guide - step 5.

    https://cloud.google.com/dns/docs/tutorials/create-domain-tutorial#register-domain

    To test if you are successful open command line and ping your domain. You should see your instance static IP address.

    gcp-dns-test

    At this point we have created DNS record we will use to link our dess, we created instance name which will be running our dess and we have opened port range which is exposed to the internet and we can communicate with @sign root server and our apps with.

    c) Setting up Firewall

    Search for Firewall in search bar.

    gcp-search-firewall

    Click on Create firewall rule

    gcp-firewall-create

    Lets create firewall rule that will enable the @sign root server communicate with our dess.

    gcp-networking-firewall-settings

    Important things to note:

    1. Ingress translates to incoming traffic.

    2. Selecting IP range as 0.0.0.0/0 will allow traffic from anywhere on the internet.

    3. For my use case I will enable port range 8000 – 8010 allowing me to register up to 10 @signs.

    gcp-firewall-ranges

    Press create and validate that your new rule appears in list of firewall rules.

    gcp-firewall-status

    Second we need to create firewall rule that will enable your dess server to communicate with certification authority.

    gcp-networking-firewall-80

    Important things to note:

    1. Ingress translates to incoming traffic.

    2. Selecting IP range as 0.0.0.0/0 will allow traffic from anywhere on the internet.

    3. You need to enable port 80 for communication with Certification authority.

    gcp-networking-firewall-range-80

    Press create and validate that your new rule appears in list of firewall rules.

    gcp-firewall-status

    6. Instance setup and dess deployment

    Open your GCP console at https://console.cloud.google.com/compute/instances and search for VM instances

    gcp-search-vm

    By now you should see your instance in “Running state”

    gcp-vm-status

    Click on the SSH button and connect to your instance.

    You should be presented by new window with command line:

    gcp-vm-connected

    Before we do anything else, we should update the system:

    sudo apt update && sudo apt upgrade
    

    This might take some time, but it will make sure we have latest repository information and the system is up to date.

    Next make sure curl is installed, we will use curl to pull the dess installation file:

    sudo apt install curl
    

    Finally, run the dess installer:

    curl -fsSL https://getdess.atsign.com | sudo bash
    

    Once the installer is finished you should be prompted like so:

    Dess installed, please move on to the sudo dess-create command.
    

    7. Registration of @sign in your private dess

    At this step you should already have your @sign registered at http://atsign.com. If not go do it!

    I have registered my own free @sign (@44likelycanary) which I will link to my dess.

    In your instance console, navigate to dess folder. If you were following this guide it will be located in:

    We now need to create the service that will host our @sign by executing the dess-create command:

    $ sudo dess-create @44likelycanary 4atsign.link 8000 <email address> likelycanary
    

    To make it more understandable:

    I will be registering my @sign @44likelycanary.

    I will be using my domain 4atsign.link which I have registered through AWS.

    I am using port 8000 which I have opened in my instance firewall.

    My registration email address is <email address> (this email is used to sign the SSL certificates).

    The last likelycanary is the name that docker will use to track the service.

    If everything is successful you should see output like this:

    img

    At this moment your @sign is registered on your dess.

    8. Activation of @sign

    Next up we need to activate it

    Login to your dashboard at https://my.atsign.com/dashboard

    Open “my @signs”

    gcp-atsign-dashboard

    Open “managed” of @sign you are registering”

    gcp-atsign-nonactive

    Navigate to Advance settings:

    gcp-atsign-active

    If you have already activated your @sign you will be prompted to erase all your data first

    gcp-atsign-erase

    Once done you are able to link your @sign with your private dess. Use your domain and port number with which you have created service on your cloud instance and press Activate

    image-20210617111907819

    You should see that your @sign is being activated in your dashboard:

    gcp-atsign-activating

    The activation will be completed once you have used your QR code from dess and retrieved your keys.

    Once the activation process completes you are welcomed by green Activated.

    gcp-atsign-activated

    CONGRATULATIONS