Setup a Free Notary Server in 15 Minutes with AWS

Note: These instructions are for version 2 of the Perspectives Server software, and are now out of date. We will be releasing an updated guide with the next release, version 3.2. For now please see the Perspectives Serve README for up-to-date instructions, or feel free to contact us on the mailing list.

The Good News: it’s now even easier to run a Perspectives Server and you don’t need to install or use the ‘psv-admin’ package. Simply running the server will automatically create a key pair and set up the database if required!

 

Amazon Web Services (AWS) let’s you easily create a server in the “cloud”.  In fact, they even let you run a “micro” instance for free, thanks to something call the “free usage tier

This post will show you how you can get your own notary running in just 15 minutes using AWS.

First, read about the free usage tier and sign up for an AWS account: http://aws.amazon.com/free/

Then, access the AWS management console to create an instance: http://aws.amazon.com/console/

Click on the “EC2” tab near the top left of the screen, then click the “Launch Instance” button in the main window pane.

Choose an Ubuntu server AMI by clicking on the “Community AMIs” tab and finding a matching image.  Here are a couple things to keep in mind:

  • Make sure the image is free tier eligible (denoted by a yellow star).
  • I use an image with a “Root Store” of “ebs”, as this means that even if this particular instance dies, I can spin up a new instance and reattach the same disk.
  • 64-bit image is suggested.
  • I’ve done most of my testing on Ubuntu Maverick (10.10), but other recent Ubuntu platforms should work as well.  You can see the exact version for an image by reading the “Manifest” field.

In the “U.S East” region, an AMI that matches these criteria is: ami-cef405a7

Select your AMI, and keep the default “Micro” instance.

You will need amazon to create a SSH keypair, which will automatically be “injected” into the instance, allowing you to access the instance remote without a password.  Give this key a name (e.g., notary) and download it to you filesystem.

After downloading the key, make sure it is only accessible to your user:

chmod 600 notary.pem

Once you have launched the instance, you will need to modify its “security group”, which by default drops all inbound traffic.  You should open up port 22 for SSH and port 8080 for the notary webserver.   Click on “Security Groups” on the left panel, click on the “default” security group in the table, and view the box at the bottom of the pane.  Select “Inbound” and add two rules:

  • Custom TCP Rule, port range = 8080, source = 0.0.0.0/0 , click “Add Rule”
  • Custom TCP Rule, port range = 22, source = 0.0.0.0/0 , click “Add Rule”
  • Click “Apply Rule Changes”

Now you can access your machine remotely.  Click on “Instances” in the left panel and select your instance’s row in the main pane and view the details box at the bottom.  Note the “Public DNS” field, as this is how you will access the machine remotely.  For example, run:

ssh -i notary.pem ubuntu@<insert-public-dns>

Now we are on the Ubuntu server and the real fun can be begin.  We need to install the right dependencies and download the notary code and admin utilities.

sudo apt-get install git-core python-sqlite python-m2crypto python-cherrypy3
git clone git://github.com/danwent/Perspectives-Server.git
git clone git://github.com/danwent/psv-admin.git

Now, initialize the setup and start the webserver:

psv-admin/setup.sh
psv-admin/start_webserver.sh

Now your notary is up and running!  It will respond to notary requests on port 8080 . To see the public key the notary uses to sign all requests, run:

cat Perspectives-Server/notary.pub

This is the public key that can be provided to a Perspectives client to authentic the notary response.  The server code comes with a simple client for you to test.  To query a website to monitor (called a “service-id” with Perspectives), specify it using the form ::2. For example for http://www.google.com, run:

cd Perspectives-Server
python utilities/simple_client.py www.google.com:443,2 localhost 8080 notary.pub

The first time this you query the notary server, it will not know about a service and will return a 404 error, as the notary -server will launch an “on-demand” probe for that service.  Wait a couple seconds and run the same command again and it should succeed.

A new version of the Perspectives Firefox Client will soon be released that will let you use your own notary servers as well.

By default, this notary server will run a scan of all known service-ids twice a day, as configured using crontab. You can manually run a scan of all services at any point by running:

psv-admin/start_scan.sh

For more information look at Perspectives-Server/README and feel free to ask questions in the comments below.

Advertisements

,

  1. #1 by Fwiffo on November 19, 2011 - 12:17 pm

    “Choose an Ubuntu server AMI” – picking an AMI built by somebody else is a huge security risk! There are plenty of AMIs that contains backdoors, please warn the users about this or consider providing a custom Notary AMI

  2. #2 by Slavistix Translation Services on February 14, 2012 - 12:03 pm

    Thank you for the proper step-by-step guide, it really helped us out.

  3. #3 by anon on August 4, 2012 - 3:07 am

    fwiffo, the standard AMI’s available when selecting a new instance are straight from Canonical..

    what are the bandwidth and resource requirements? how about home networks? seems like this needs to run on lots of endpoints to be effective

    • #4 by daveschaefer on August 29, 2012 - 1:44 am

      @anon Perspectives usually works better with more notaries – this makes it easier for you to establish a quorum even if notaries are busy or unavailable. However, you’re free to run your Perspectives client with as many (or few) notaries you want. If you set up your own notary and only trust it you could certainly run Perspectives with only one notary. It’s up to you!

  4. #5 by Richard on May 8, 2013 - 8:07 pm

    These instructions are out of date. There is no utilities folder under Perspectives-Server in the cloned git repo . . so running psv-admin/setup.sh errors:

    python: can’t open file ‘utilities/create_tables.py’: [Errno 2] No such file or directory
    bash: utilities/create_key_pair.sh: No such file or directory

    • #6 by daveschaefer on May 18, 2013 - 6:30 pm

      Hi Richard,

      Yes, these instructions are for version 2 of the Perspectives Server code. I am writing a guide for the updated version, which I will release with 3.2.

      To try and get you running – the ‘utilities’ folder was renamed – there is now a ‘util’ folder for independent modules and a ‘notary_util’ folder for modules that rely on or interact with the database. But the better news is: with Perspectives Server v3.0 you shouldn’t need to run anything from the ‘psv-admin’ package. Simply running the server from the command line should automatically create a key pair if needed and will automatically set up the database.

      Please see the Perspectives Server README for up to date instructions, and feel free to comment here or contact me on the mailing list for further help.

      I hope that helps!

  5. #7 by Tony on June 30, 2013 - 2:57 am

    Created an aws running perspectives 3.2 for personal testing. Some things I ran into: don’t lose the .pem file. No easy way to change security groups – though it’s possible w/ some google searches.

    The readme did help. Didn’t use any of the psv-admin folder. Like mentioned above – the instructions above are for the wrong version.

    typo in readme (folder is util w/o an s, note if you’re in aws – you’ll need/want to change the /root path).
    0 1,13 * * * cd /root/Perspectives-Server && python notary_utils/list_services.py | python notary_utils/threaded_scanner.py
    @reboot cd /root/Perspectives-Server && python notary_http.py

    Thanks for your efforts.

    • #8 by daveschaefer on August 2, 2013 - 3:52 am

      Hey Tony, thanks for the note! Sorry for the delay – your comment got lost in a pile of spam. You should now be approved to make comments immediately.

      I’m glad setting up the notary worked for you! And thanks for pointing out the typo – I will fix it.

  6. #9 by chaverk on August 24, 2013 - 10:46 am

    Please, i’m a newbie i’m finding it hard running a notary server for my school project. Can anyone assist??. I tried running it as illustrated above but ran into errors at psv-admin/setup.sh. Please, can anyone illustrate the steps clearly for me. Thanks.

    • #10 by daveschaefer on August 30, 2013 - 4:38 am

      Hi, these instructions are out of date. Please see the README in github for up-to-date instructions – https://github.com/danwent/Perspectives-Server/blob/master/README .

      The old setup script used to create the database and a public/private key so you could run the notary. Both of these steps have been moved into the notary code itself, however, and should happen automatically when you run ‘python notary_http.py’. So the only steps you might need to take are creating the ‘logs’ directory and setting up the crontab.

      I’m working on an update to the Perspectives server code right now. I will update the psv-admin scripts as well when it is published.

      Please try the steps in the updated README first. If you still have trouble the fastest way to get a reply is to contact us on the mailing list: https://groups.google.com/group/perspectives-dev . Please let us know if things work for you or what exact problems you’re encountering.

      Cheers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: