Setup dess on GCP
Steps in this module
Preparing your instance for network access
a) Assignment of Static IP
Next up our list of activities is providing our instance with static IP and linking our domain to it.
GCP assigned ephemeral IP address to our newly created VM. We need to change it to static IP.
In search bar look for External IP addresses
.

You should see your external IP address assigned to your VM

In column Type select ephemeral and change it to Static

Give your static IP name and some description.

Type should now say Static

b) Assignment of Domain name to your static IP
Next step is to point your domain to your virtual machine running dess.
Search for Cloud DNS

Open zone you have created in step 3.b Create Cloud DNS zone

We now need to link A type record to your domain linking it to IP address of your Virtual machine.
This is done simply press “Add record set”

Select Resource record type “A” and IPv4 address the address of your dess virtual machine.

If everything goes well you should see following in your domain dashboard:

Next step is to update Google Name servers. You can follow Googles guide - step 5.
https://cloud.google.com/dns/docs/tutorials/create-domain-tutorial#register-domain
To test if you are successful open command line and ping your domain. You should see your instance static IP address.

At this point we have created DNS record we will use to link our dess, we created instance name which will be running our dess and we have opened port range which is exposed to the internet and we can communicate with atSign root server and our apps with.
c) Setting up Firewall
Search for Firewall in search bar.

Click on Create firewall rule

Lets create firewall rule that will enable the atSign root server communicate with our dess.

Important things to note:
Ingress translates to incoming traffic.
Selecting IP range as 0.0.0.0/0
will allow traffic from anywhere on the internet.
For my use case I will enable port range 8000 – 8010
allowing me to register up to 10 atSigns.

Press create
and validate that your new rule appears in list of firewall rules.

Second we need to create firewall rule that will enable your dess server to communicate with certification authority.

Important things to note:
Ingress translates to incoming traffic.
Selecting IP range as 0.0.0.0/0
will allow traffic from anywhere on the internet.
You need to enable port 80
for communication with Certification authority.

Press create
and validate that your new rule appears in list of firewall rules.
