# Mediator Installation Guide
## Installing and Configuring ACA-Py Mediator
This document will guide you through the steps to deploy and configure the Proven Mediator in Google Cloud using Indicio Proven ACA-Py Mediator from the GC Marketplace. The first part of this document is intended to be a “quick start” to get you up and running quickly, then you can look at the indicated appendices for more details if needed.
**Get the most of your Indicio Proven ACA-Py Mediator**
Indicio is here to help you on every step of your journey and is offering Google Cloud customers exclusive access and discounts to Indicio's expert support and training. Get your critical technical questions answered from our experienced support team. Help your development, sales, and marketing teams get up to speed with the fundamentals of the technology and communication of Trusted Digital Ecosystems by taking advantage of our instructor-led workshops and certifications from the Indicio Academy. Learn more about these exclusive discounts and benefits for Google Cloud customers and contact us today!
***
## Prerequisites
1. You will need a DNS name for your new mediator. This is mentioned before you begin as informational because you will probably want to create a static IP address during the installation process and because you will need the ability to add the DNS name to your registrar.
## Create the VM instance (Defaults will work for all items not included in these instructions)
1. Navigate to the Google Cloud Console,
2. Select or create the project that you want the Mediator instance to reside in.
3. In the Navigation Menu (top left), go to **Compute Engine > VM Instances**
4. Click **CREATE INSTANCE** on the top bar
5. From the left menu select **Marketplace**.
6. In the **Search Marketplace** field type **Proven** and hit enter.
1. Select **Indicio Proven ACA-Py Mediator**.
2. Click **GET STARTED** then **AGREE** (as needed)
3. Click **DEPLOY** (or LAUNCH) to configure your mediator VM.
7. Change the **Deployment name** if desired.
8. Select and Record your Zone choice for later use.
9. Under **Machine type** choose a machine with at least 2 vCPU’s and 2G memory. For example:
1. Set **Series** to E2
2. Set **Machine type** to e2-small
10. Under **Boot Disk** it is recommended to select a disk at least 10GB in size. (default)
11. Under **Networking -> External IP** set a static IP address (recommended), this can also be done later if desired.
12. Click **DEPLOY**.
13. After deployment is complete, do the following from the right panel:
1. Note the link for instructions for creating a static IP address if needed (on the right under “Suggested next steps”)
2. Click on the instance name to bring up details about the Mediator instance you just deployed
3. Click “edit”
4. Scroll down to **Networking** and under **Network interfaces -> Firewalls** check the boxes that will allow HTTP and HTTPS traffic.
5. Click **SAVE**
6. Click **VM instances**
7. Record the **External IP address** of your Mediator instance for later use. \\
## Configure DNS (see appendix A)
1. Add a DNS entry for your new mediator.
## Configure the VM
1. SSH into the VM
1. From **Compute Engine > VM instances >** \[instance name] click **SSH** towards the top of the screen
2. Change directories to the mediator service directory `cd /opt/indicio/aries-mediator-service`
3. Configure the environment by doing the following: `sudo cp .env.sample .env`
4. Edit the .env file to fit your environment:
MEDIATOR\_CONTROLLER\_ADMIN\_API\_KEY=\\
You can generate strong tokens for production with OpenSSL: `openssl rand 32 -hex`\
MEDIATOR\_AGENT\_ADMIN\_API\_KEY=\\
You can generate strong tokens for production with OpenSSL: `openssl rand 32 -hex`\
MEDIATOR\_ALIAS=\
Can be any string. (e.g. MyProdMediator1)\
LOG\_LEVEL=\
Can be ERROR, WARNING, or INFO, depending on your preference. Note: INFO level produces the largest log file.\
SITE\_ADDRESS=\
This is the complete mediator DNS Name you configured in a previous step.\
MEDIATOR\_URL=\
This is the same as SITE\_ADDRESS, except add https\:// to the front of it.\
EMAIL\_ADDRESS=\
The email you want log information sent to.\
MEDIATOR\_AGENT\_LABEL=\
This is what you want the mediator name to show up as on other agents.
5. Here is an example of a configured .env file using a local database: `MEDIATOR_CONTROLLER_ADMIN_API_KEY=openssl-secure-key-a MEDIATOR_AGENT_ADMIN_API_KEY=openssl-secure-key-b MEDIATOR_ALIAS=Indicio Mediator LOG_LEVEL=WARNING SITE_ADDRESS=indiciomediator.dev.indiciotech.io MEDIATOR_URL=https://indiciomediator.dev.indiciotech.io EMAIL_ADDRESS=example@indicio.tech MEDIATOR_AGENT_LABEL=IndicioMediator`
6. For instructions or help configuring the mediator to use a remote database, please contact , but to get started, please see the complete list of other possible config options in Appendix B.
7. To start the Mediator, run these commands
```
cd /opt/indicio/aries-mediator-service
sudo docker-compose up
```
8. For **future** starts/stops of your mediator you can use the mediator service. (The first time, you needed to run it manually from the command line so that you could see and copy the invitation as described in the next step.)\
`sudo systemctl start mediator`\
`sudo systemctl stop mediator`\
`sudo systemctl restart mediator`
## Using your new mediator:
1. You should see an **Invitation URL** in the mess of activity that occurs during startup. Just scroll up a ways and you will see it. Copy and save this invitation for later use.
1. If you open the mediator link generated, you should see the following message:
"You have received a connection invitation. To accept the invitation, paste it into your agent application."
2. Update the configuration files of your agents to use the new mediator invitation. For example, to update a Proven issuer to use your new mediator:
1. In the /opt/indicio/proven-release-docker/common-services.yml file change all instances of **MEDIATOR\_INVITE** to be the new mediator invitation. Then run the following commands on the Proven Issuer server.\
`docker-compose down -v`\
`docker-compose build`\
`docker-compose up`
## Appendix A - DNS Setup Example
To setup DNS for your new Mediator on Google’s Cloud DNS, (by creating a new subdomain of your existing domain) do the following:
1. Go to GCP’s **Cloud DNS** section in **Network services** (Navigation Menu > Networking > Network Services > Cloud DNS)
2. Click **Create Zone** if a new Zone is desired. Otherwise, if a zone is already created, click on the zone name then skip to step 3.
1. Give the zone a name. This name is just how it will appear in the list and need not necessarily match the new subdomain.
2. For \*\*DNS name, \*\*enter a new subdomain. (In the example configuration below, using the domain dev.indiciotech.io means we want to create a new **dev** subdomain of the existing indiciotech.io domain)
3. Click **Create**
4. To “activate” this new subdomain in GC, you need to register the subdomain in your existing domain (i.e. at your registrar).
1. Click the name of the new zone you just created.
2. Click on **REGISTRAR SETUP** (upper right of the screen) to find the items needing added to the new NS record, then add the domain’s DNS Name Server entries to your registrar.
3. Click **Add Standard**
1. Create a DNS Name for proven and record it for later use (e.g. mediator.dev.indiciotech.io)
2. Defaults are ok
3. Set the “IPv4 Address” to the “External IP address” of the VM you created earlier.
4. Click “Create”
## APPENDIX B - More .env Configuration Options
CA\_CERT=\
This is the path to the SSL certificate for the remote database. You MUST specify a file, otherwise the mediator will not work at all if using a remote database. If you do not wish to use a certificate (they will not work with the setup detailed in this documentation), you will need to specify an empty file. Example: `./server-ca.pem`\
POSTGRESQL\_HOST=\
The hostname or ip address of the remote database. IP address will not work if you are using SSL, as SSL requires a FQDN. Postgresql options should not be set if using a local database.\
POSTGRESQL\_USER=\
The username of an account on the remote database. This can be the same user as the Admin User. Postgresql options should not be set if using a local database.\
POSTGRESQL\_PASSWORD=\
The password to the account on the remote database instance. MUST BE IN SINGLE QUOTES (eg: ‘samplepassword’) Postgresql options should not be set if using a local database.\
POSTGRESQL\_ADMIN\_USER=\
This is the username for the Administrator account on the remote database. It is “postgres” by default. Postgresql options should not be set if using a local database.\
POSTGRESQL\_ADMIN\_PASSWORD=\
This is the password for the Administrator account on the remote database. Postgresql options should not be set if using a local database.\
MEDIATOR\_WALLET\_NAME=\
Use a descriptive name\
MEDIATOR\_WALLET\_KEY=\
Use a secure string, we recommend a randomly generated 32 character string
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.indicio.tech/infrastructure/google-cloud-installs/mediator-installation-guide.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.