Google Server Setup Guide

By default, MindLogger response data are end-to-end encrypted and stored on the non-profit Child Mind Institute’s AWS account. We provide instructions below for owners of MindLogger applets who need to have all response data from their applets stored on their own GCP account’s server. If this situation applies to you, please contact matter[email protected] before continuing with the instructions below.

Information MindLogger developers will need to set up your GCP server connection
Set up GCP bucket
Set up PostgreSQL with Cloud SQL (recommended way)
- Create Cloud SQL Database
Set up PostgreSQL manually

Information MindLogger developers will need to set up your server connection

Routing encrypted data collected from the MindLogger app to your GCP server requires initial setup assistance from MindLogger developers. If you follow the instructions in this guide, you will be able to provide them with the following required information to connect your server:

GCP variables to access your PostgreSQL database:
- MindLogger account owner email address
- PostgreSQL database name (if changed from “mindlogger” in step 35)
- Database username (if changed from “mindlogger” in step 36)
- Database password (step 36)
- Database port (if different than the default 5432)
- Public IP address for your MindLogger instance (step 22)
GCP variables to access your MindLogger Google storage bucket (for media files):
- Storage bucket name (if changed from “my-mindlogger-bucket” in step 11)
- Service account (step 23)
- Access key (step 15)
- Secret access key (step 15)

Set up GCP bucket

Create GCP project

Everything related to your MindLogger server should be housed within a single project. The following instructions will guide you to set up a new GCP project.

Sign in to Google Cloud Platform:
Enter “project” in the search box at top and select “Create a Project”:

Name the project and tap the blue “CREATE” button:
Tap “SELECT PROJECT” or select the new project from the dropdown menu at top:

Create GCP user role

You do not want to share information about a user with root access to your GCP account to MindLogger developers or anyone else! The following instructions will guide you to assign a role with restricted access to a new storage bucket for (optional) media files collected by your MindLogger applets.

Tap the “ADD PEOPLE TO THIS PROJECT” link in the new project’s dashboard:
Add a principal (user, in this case the owner of the account):
In the “Select a role” search box, enter “storage”:
Select “Storage Object Admin”, then tap the blue “SAVE” button:

Create GCP storage bucket

This section will guide you to create a new GCP bucket for (optional) media files collected by your MindLogger applets.

Enter “storage” in the search box at top and select “Cloud Storage”:
On the Cloud Storage page, tap the blue “CREATE BUCKET” button:

Enter “my-mindlogger-bucket” into the Bucket name field and make it unique: append your company name or the project name. Tap the blue “CREATE” button:
You will then be taken to the new bucket’s page:

Create GCP storage access keys

This section will guide you to generate access keys that you will need to share with MindLogger developers [see top].

On the Cloud Storage page, select the “INTEROPERABILITY” tab in “Settings”:
Scroll down to “Access keys for your user account” under “User Account HMAC”:

Tap the “CREATE A KEY” button to generate an Access key and Secret access key:
*** SHARE THIS INFORMATION ONLY WITH MINDLOGGER ADMINISTRATORS ***
[see top]

Set up PostgreSQL with Cloud SQL

Create Cloud SQL Database

Start typing sql in the search box at top and select SQL:
Click create instance:
Choose DB type PostgreSQL:
Specify DB instance (mindlogger-server) and the DB password. Use safe and complex one.

Note: Share the instance id and password with MindLogger administrators
Specify PostgreSQL 15 and Enterprise edition:
Specify Production preset, us-east-1 region and Multiple zones:
Click Show Configuration Options
Choose the slowest machine configuration:
Specify the storage size 20gb SSD:
Expand Connections, mark public IP assigned and click Add network:
Add network for each of the following IPs: 3.227.120.88, 50.16.133.36, 18.210.53.226, 54.145.72.213
Click Create instance. Once it’s done, you will be redirected to the instance page.

Copy the database IP and share it with MindLogger administrators:

Set up PostgreSQL manually

Create GCP instance

Your MindLogger database needs to be set up somewhere to store the response data collected by your MindLogger applets. This section will guide you to create a new GCP Ubuntu Linux instance.

Enter “vm” in the search box at top and select “Add VM Instance”:
Tap the blue “ENABLE” button on the Compute Engine API page:
Tap the blue “CREATE INSTANCE” button on the Compute Engine page:

Name the instance:
Set the “Machine type” to “e2-micro”:
Find “Boot disk” section and click Change:
Specify Ubuntu 22.04 x86/64 and the disk size 20 GB:
Create the instance by tapping the blue “CREATE” button:

Select the newly-created instance under “INSTANCES”:

Note: Share the External IP address with MindLogger administrators [see top]

Note: Share Service account information with MindLogger administrators [see top]

Allow PostgreSQL external port

In order to get access to PostgreSQL instance from the internet you will need to open external port.

In the search input type Firewall and click on the found item.
Click Create Firewall Rule.
Enter “allow-postgres” to the rule name.
Enter “allow-postgres” to the rule tags and hit enter.
Enter “100.26.87.223/32,107.20.238.236/32” to the rule ip range.
Enter “5432” to the TCP ports input.
Click save button.
Go to instances, and click to the instance name.
Click edit instance.
Enter “allow-postgres” to the network tags, hit enter and click Save.

Set up PostgreSQL with apt

This section will guide you to create an empty MindLogger postgres database.

Install PostgreSQL

Run the following command in terminal:
```
sudo apt-get update -y
```
Install the PostgreSQL server:
```
sudo apt-get install postgresql-14 -y
```
Check its status
```
sudo systemctl status postgresql
```
Enable service autostart
```
sudo systemctl enable postgresql
```

Create user and database

Create database “mindlogger” with the following commands:
```
su postgres
createdb mindlogger
```
Note: Share the database name with MindLogger administrators [see top]
Get into PostgreSQL console by running psql mindlogger in terminal

Create a mindlogger user with the following commands:

CREATE USER mindlogger WITH ENCRYPTED PASSWORD 'new_password';
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO mindlogger;
GRANT ALL PRIVILEGES ON DATABASE mindlogger TO mindlogger;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO mindlogger;
GRANT ALL ON DATABASE mindlogger TO mindlogger;
GRANT USAGE, CREATE ON SCHEMA public TO mindlogger;

Note: replace new_password with a new safe and complex password.

Note: Share the database username and password with MindLogger administrators [see top]

Exit from PostgreSQL console by typing exit
Exit from postgres user by typing exit

Configure PostgreSQL security

Let’s configure the Postgres Listening IP. Edit the postgres settings file
```
sudo nano /etc/postgresql/14/main/postgresql.conf
```
Find the #listen_addresses = 'localhost' line and replace it with this line:
```
listen_addresses = '*'
```
Save and exit the editor. You need to press Ctrl+O, hit enter and then press Ctrl+X
Let’s configure the Postgres Allowed IPs. Edit the postgres settings file
```
sudo nano /etc/postgresql/14/main/pg_hba.conf
```

Paste the following content at the end of this file:

host    all             all             100.26.87.223/32          md5
host    all             all             107.20.238.236/32         md5

Save and exit the editor. You need to press Ctrl+O, hit enter and then press Ctrl+X
Restart the service
```
sudo service postgresql restart
```