Amazon Web Services setup

For ease of setup we will assume that Ubuntu 24.04 LTS is being used on Amazon Web Services, always through Docker and Docker Compose and always using the same utility script for installation. We are using prebuilt Docker images in this example, not describing how to build the platform yourself.

AWS -> Dashboard -> Launch Instance

Choose Ubuntu 24.04 LTS and call the instance whatever you like. We are using strato-ubuntu in this case.

Instance type m6a.xlarge or bigger:

For login keys, choose Create key pair:

And save a copy of the .pem file somewhere safe.

Network Settings, just toggle Auto-assign public IP to Disable. Defaults for everything else.

We used strato-security-group for the name and description in this case.

The default security group rules only open TCP port 22 for IPv4, to allow SSH access.

We also need to open TCP port 443 for both IPv4 and IPv6, to allow HTTPS access to the marketplace web application, and TCP and UDP access to port 30303 (IPv4 only) which is used by the Ethereum protocol.

Finally, we need to open TCP port 80 (IPv4 only) for automated SSL registration using Let’s Encrypt.

Together, all of that looks like this in AWS:

MISSING PORT 80! I added it later.

If you later browse the Security Group (Hamburger / Network and Security / Security Groups, it should look like this:

The default for storage for this AWS machine specification only has 8Gb of storage, but we need 80Gb. Here’s what that looks like:

Then click on Launch Instance, in the right hand side panel:

We then need to assign a Static IP address for this VM, using Elastic IP.

Click on the hamburger menu on the top left hand side and select Elastic IPs, under the Network & Security heading.

Choose Allocate Elastic IP address:

Default settings here and click on Allocate.

Click on the hyperlink in the second column for the newly created Elastic IP:

And then Associate Elastic IP address.

All defaults on the next screen, other than toggling Instance to point at your newly created instance. and then Associate and we have a static IP address for the new VM.

Success looks like this:

Logging back into Namecheap, we set an A Record which points the domain at this static IP address:

You need to constrain the permissions on the .pem keys for OpenSSL to be happy:

This makes the keys read-only just for the current user, with no permissions at group or global level.

Then we can log into the new VM, as so, replacing the particular IP address shown here with your own:

And you end up connected to the shell on the VM:

Next step: Install and run.