search
githubEdit

Prerequisites for Install

SSLYou are preparing a server (a VPS) so it can run a Flashback Private Node.

This Private Node will:

  • Expose S3 / GCS / Azure Blob–style endpoints on your domain

  • Use HTTPS (SSL certificates) so traffic is secure

  • Use a Private Node key so Flashback knows it’s your node

  • Be installed via a simple shell script (rollout_node.sh)

Think of this whole guide as: “Get a small server, point your domain to it, give it certificates and keys, then run the installer script.”

Here are the steps:

1

hashtag
Run Your VPS

hashtag
What is a VPS?

A VPS (Virtual Private Server) is just a rented Linux machine in the cloud (from OVH, Hetzner, AWS, GCP, Scaleway, DigitalOcean, etc.). You connect to it with SSH and install software.

hashtag
What you need

  • Minimum hardware

    • CPU: 2 vCPU (2 virtual cores)

    • RAM: 2–4 GB RAM

    • Disk: anything reasonable (e.g. 20–40 GB) is usually enough for the node itself

  • Operating System

    • Use Ubuntu 22.04 or Ubuntu 24.04 (LTS versions; most providers offer them)

  • Scalability

    • If you expect a lot of traffic later, pick a plan that you can upgrade (more CPU/RAM) without rebuilding everything.

hashtag
Action checklist

  1. Pick a VPS provider.

  2. Create a new server with:

    • Ubuntu 22.04 or 24.04

    • 2 vCPU, 2–4 GB RAM

  3. Make sure you can SSH into it (you’ll need this later).

2

hashtag
DNS Configuration

hashtag
What is Domain Name System (DNS) in this context?

DNS records are how you say:

“When someone goes to s3-eu.mydomain.com in a browser or via an SDK, send them to my VPS IP address.”

You will create several subdomains for different storage protocols:

  • One set for S3-compatible APIs

  • One for Google Cloud Storage (GCS)-style APIs

  • One for Azure Blob–style APIs

You’ll do this in your domain registrar or DNS provider (e.g., Cloudflare, Route 53, OVH, Gandi).

hashtag
Records you need

Replace <region> and mydomain.com with your real values, e.g. eu and storage.acme.com.

For S3-compatible endpoints (2 DNS records)

  • s3-<region>.mydomain.com → main S3 endpoint (e.g. what SDKs talk to)

  • *.s3-<region>.mydomain.com → wildcard, so each bucket can be a subdomain (like mybucket.s3-eu.mydomain.com)

For Google Cloud Storage (1 DNS record)

  • gcs-<region>.mydomain.com → endpoint for GCS-style access

For Azure Blob Storage (2 DNS records)

  • blob-<region>.mydomain.com → main Blob endpoint

  • *.blob-<region>.mydomain.com → wildcard, so each storage account/container can be a subdomain

hashtag
What type of DNS record?

Most of the time, you will create A records pointing to your VPS’s IP address, for example:

  • s3-eu.mydomain.com → 203.0.113.10 (your VPS IP)

  • *.s3-eu.mydomain.com → 203.0.113.10

  • etc.

hashtag
Action checklist

  1. Log in to your DNS provider.

  2. Create A records for:

    • s3-<region>.mydomain.com

    • *.s3-<region>.mydomain.com

    • gcs-<region>.mydomain.com

    • blob-<region>.mydomain.com

    • *.blob-<region>.mydomain.com

  3. Point all of them to your VPS IP address.

3

hashtag
SSL Certificates

hashtag
What is an Secure Sockets Layer (SSL) certificate here?

SSL/TLS certificates let your endpoints work over https:// instead of http:// and avoid browser/SDK security warnings. They prove that s3-eu.mydomain.com really belongs to your domain.

You can get certificates from:

  • Let’s Encrypt (free, automated)

  • Your DNS provider or hosting provider

  • Commercial CAs like DigiCert, GlobalSign, etc.

hashtag
Which hostnames must be covered?

For each protocol, your certificate(s) must cover specific domain names:

  • S3

    • s3-<region>.mydomain.com

    • *.s3-<region>.mydomain.com (wildcard)

  • GCS

    • gcs-<region>.mydomain.com

  • Blob

    • blob-<region>.mydomain.com

    • *.blob-<region>.mydomain.com (wildcard)

You can:

  • Use one certificate per domain, or

  • Use wildcard certificates if your CA supports them.

hashtag
Supported file formats

The Private Node supports two common formats:

  1. Separate files

    • .crt → certificate

    • .key → private key

  2. Bundled file

    • .pfx or .p12 → certificate + private key together (often used on Windows/enterprise PKI)

hashtag
Where to put the files?

All certificate files should be copied to the VPS home directory (usually /home/ubuntu or /root depending on your user).

hashtag
Action checklist

  1. Get SSL certificates for:

    • s3-<region>.mydomain.com and *.s3-<region>.mydomain.com

    • gcs-<region>.mydomain.com

    • blob-<region>.mydomain.com and *.blob-<region>.mydomain.com

  2. On your computer, download those certificates from your CA or provider.

  3. Use scp or your provider’s file manager to copy them to your VPS home directory.

4

hashtag
Private Node Key

hashtag
What is the Private Node key?

This is a secret key file (private_key.pem) that tells Flashback:

“This node belongs to this specific account/project.”

Without it, the platform can’t authenticate or manage your node.

hashtag
What you need to do

  1. In the Flashback platform UI:

    • Go to wherever Private Nodes are managed.

    • Click to create/generate a Private Node key.

  2. Download the private_key.pem file.

  3. Copy private_key.pem to the VPS home directory, next to your certificates.

hashtag
Action checklist

  1. Generate the node key in Flashback.

  2. Download private_key.pem.

  3. Copy private_key.pem to ~/ on your VPS.

5

hashtag
Installation Script

hashtag
What is the script?

rollout_node.sh is a shell script that:

  • Installs all required packages

  • Configures the node

  • Reads your certificates + private_key.pem

  • Sets up the services

You will simply run this script instead of typing all commands manually.

hashtag
What you need to do

  1. Download the script on the VPS From your VPS (over SSH), run something like:

    cd ~
curl -O https://github.com/<your-org-or-repo>/rollout_node.sh

    (Use the real GitHub URL from your docs or repo.)

  2. Make it executable

    chmod +x rollout_node.sh

  3. Follow the detailed steps in install-via-script.md

    • That file will tell you exactly how to run the script, with which options.

hashtag
Action checklist

  1. SSH into the VPS.

  2. Download rollout_node.sh into the home directory.

  3. Run chmod +x rollout_node.sh.

  4. Keep install-via-script.md open while you run the script.

6

hashtag
Sanity Check

When you’re done with all prerequisites, your home directory (~) should look like one of the following.

hashtag
Option A – Using separate .crt + .key files

~/s3-<region>.mydomain.com.crt
~/s3-<region>.mydomain.com.key

~/gcs-<region>.mydomain.com.crt
~/gcs-<region>.mydomain.com.key

~/blob-<region>.mydomain.com.crt
~/blob-<region>.mydomain.com.key

~/private_key.pem
~/rollout_node.sh

hashtag
Option B – Using .pfx certificates

~/s3-<region>.mydomain.com.pfx
~/gcs-<region>.mydomain.com.pfx
~/blob-<region>.mydomain.com.pfx

~/private_key.pem
~/rollout_node.sh

If your directory looks like this and:

  • DNS points to your VPS

  • Certificates are valid

  • private_key.pem is present

…you’re ready to run the install script.

PreviousDeploy Your Private NodeNextInstall via Script

Last updated

Was this helpful?