Run your own private cloud with dess in AWS
In this step-by-step guide I will walk you through all steps required to setup your own private dess using AWS.
dess is the self-hosted option for secondary servers of an @ sign, and a great tool for developers to debug their applications! If you're not sure what an @ sign is check it out here! You can run several secondary servers on a single instance of dess, as each secondary scales to use 6MB of ram or less.
dess is an acronym which stands for:
d. Distributed e. Edge s. Secondary s. Server
- Registered @ sign(s) to setup (get free/paid from here )
- An AWS account (sign up/in here )
- A Fully Qualified Domain Name (FQDN)
1. Registering your @ sign
2. Sign-up for AWS account
If you are new to AWS, signing up for an account is free! The cost of running dess is about $10/month. You can create your account here and as of June 6th, 2021 there is a “free tier” available which was used during the original making of this guide which can be found on atsign.dev.
Follow the instructions on screen.
Once you are done with registration, you will be able to login to your aws console.
Make sure that you select the correct region in the top right corner.
Select the region that is geographically closest to your location for best performance.
You are now setup on AWS and ready to prepare dess.
3. Register your own fully qualified domain name (FQDN)
This step can be performed at a variety of sites, all with different pricing models. You can use sites like Go Daddy, Namecheap, and many others. However, since we have AWS account, we can use it to register our domain through the Route 53 service.
In your AWS console navigate to services in top left corner and select
a) Register domain name with AWS.
In your AWS console search for
You can start looking for your domain directly from here:
Based on the domain name you search, AWS will give you similar options, and their pricing. As I am looking for the best deal, the .link domain seems like a good option at a cost of 5$ / year.
In my case 4atsign.link is free and I will register it by clicking “Add to cart” and continue.
Fill out DNS registration form:
Continue review details and order. At this point if all is fine you should see your domain request pending:
This can take some time so why don’t we move on to next step!
4. Preparing AWS instance
Now since I am new to AWS, the easiest way to get started is by using the LightSail service from service catalog. This will enable you to deploy small system which is more then capable of handling dess at pre-set price.
Welcome to LightSail:
First step is to create new instance. Fortunately, we have big orange button that can do just that!
There are several options we are presented at this moment. Since I am living in Europe I select “Frankfurt, Zone A (eu-central-1a)” as my instance location. Instance region will dictate how well will your instance response based on your geographical location. People located in India should selects APAC region where as people in US should select North America region. You can leave availability zone set as default.
Next up will be selection of operating system we want to deploy. We know that dess works well with Ubuntu 20.04 LTS so let's select just that.
You are presented with a couple more options, but unless you know what you are doing leave these as is.
Now let’s select an instance plan. dess is relatively light weight so for testing purposes I will select the first instance plan for $3.5/Month. This will provide us with 512 MB of RAM, 1vCPU, 20GB of storage and 1TB of data transfer. This is more than enough to run our dess.
Lastly we have to name our instance. This is the name you will be presented with in your dashboard.
Last but not least is to press “Create instance”:
After a couple of seconds you should be re-routed to your dashboard and see your instance up and running:
5. Preparing your instance for network access
a) Assignment of Static IP
Next up, is to provide our instance with a static IP and linking our domain to it.
When you click on your instance name, it will take you to the management console, which should look like this:
This is where you control hardware, connectivity and if needed can delete your instance.
Lets configure a static IP address for your new instance. Navigate to Networking and click on Create static IP:
Our region and instance is selected, so the only thing left is to name our static IP. I selected the name atsign-static, but it can be any name you like.
Let's hit create:
And voila, we now have a static IP address on the internet and it will not change. Now we can link our domain name with it.
When you click on your instance name and navigate to Networking, the static IP is now assigned.
b) Assignment of Domain name to your static IP
We can now move on to linking our static IP address to our domain. This is done via the AWS console which can be accessed in the top right of Lightsail.
Verify your email used for registering domain:
By now you should receive a verification email that will confirm registration of your domain. Click this link before moving on.
Linking domain with your static address:
Let's navigate to “Route 53” from Services menu.
From your dashboard click on “Domain” which will take you to the “Registered Domains” tab.
Here you can click on your registered domain which will take you to overview page with domain status and contacts.
Click on “Manage DNS”:
And click on your domain name.
This will show you your DNS records for your domain. We now need to link A type record to your domain linking it to IP address of your instance.
This is done simply by typing your static IP address from previous step into field “Value” and clicking Create record:
If everything goes well you should see following in your domain dashboard:
To test if you are successful open command line and ping your domain. You should see your instance static IP address. It will not respond which is normal due to IPv4 firewall. It is actually good thing!
At this point we have created a DNS record we will use to link our dess. We created an instance name which will be running our dess and we have opened a port range which is exposed to the internet and we can communicate with the @ sign root server and our apps.
c) Setting up Firewall
Next up, we need to make sure we have ports open for our dess to communicate with the root server and our apps. In Section networking go to section “IPv4 Firewall” and click “+ Add rule”. Our rule will be “Custom” on TCP protocol with Port range in a number higher than 1024. In my case, I have selected port range 8000-8010. This will enable me to run up to 10 @ signs in parallel.
Click create and verify that your new rule is in list:
6. Instance setup and dess deployment
Open your LightSail console
By now you should see your instance in “Running state”
Open it and on the tab Connect click on “Connect using SSH”
You should be presented by a new window with command line:
Before we do anything else, we should update the system:
sudo apt update && sudo apt upgrade
This might take some time, but it will make sure we have latest repository information and the system is up-to-date.
Next make sure curl is installed, we will use curl to pull the dess installation file:
sudo apt install curl
Finally, run the dess installer:
curl -fsSL https://getdess.atsign.com | sudo bash
Once the installer is finished you should be prompted like so:
Dess installed, please move on to the sudo dess-create command.
7. Registration of @ sign in your private dess
At this step, you should already have your @ sign registered at atsign.com. If not go do it!
I have registered my own free @ sign (@ 44likelycanary) which I will link to my dess.
In your instance console, navigate to dess folder.
We now need to create the service that will host our @ sign by executing the dess-create command:
$ sudo dess-create @44likelycanary 4atsign.link 8000 <email address> likelycanary
To make it more understandable:
I will be registering my @ sign @44likelycanary.
I will be using my domain 4atsign.link which I have registered through AWS.
I am using port 8000 which I have opened in my instance firewall.
My registration email address is \ (this email is used to sign the SSL certificates).
The last likelycanary is the name that docker will use to track the service.
If everything is successful you should see output like this:
At this moment your @ sign is registered on your dess.
8. Activation of @ sign
Next up we need to activate it
Login to your dashboard here
Open “my @ signs”
Open “managed” of @ sign you are registering”
Navigate to Advance settings:
If you have already activated your @ sign you will be prompted to erase all your data first
Once done you are able to link your @ sign with your private dess. Use your domain and port number with which you have created service on your cloud instance and press Activate.
You should see that your @ sign is being activated in your dashboard:
This can take several minutes so go get cup of coffee, some tea maybe, stretch your body and pray you haven’t made any mistakes!
Once the activation process completes you are welcomed by green Activated.
You can now open @ buzz or @ wavi and register your @ sign via QR code and generate your keys!
CONGRATULATIONS YOU'RE FINISHED!