Third project in Udacity Fullstack Nanodegree. baseline installation of a Linux server and prepare it to host your web applications, secure the server from a number of attack vectors, and configuring firewall, dealing with encrypted key as login secure method, install and configure a database server, and deploy one of existing web applications onto it.
- Host: http://ec2-18-184-59-194.eu-central-1.compute.amazonaws.com (Note:the server has been stopped)
- Public IP address: 18.184.59.194
- Accessible SSH port: 2200
-
create your server instance in Amazon Lightsail. Sign up or log in if you already have an account.
-
Create an instance.
-
Choose "OS Only" (rather than "Apps + OS"). then, choose Ubuntu as the operating system. Pick your instance image (Ubuntu)
-
Choose your instance plan. Choose $5/month with first month free.
-
Give your instance a hostname.
-
Wait for it to start up. It may take a few minutes for your instance to start up.
-
Once your instance has started up, you can log into it with SSH from your browser.
-
Download the private SSH key by navigating to the Account Page in the connect tab.
-
As required only allow connections for SSH (port 2200), HTTP (port 80), and NTP (port 123) from the networking tab.
-
go to connect tab and press on Connect Using SSH. you'll be logged as the ubuntu user.
-
first you need to add new user and name it grader by Run
$ sudo adduser grader -
Create a new file in the sudoers directory with
sudo nano /etc/sudoers.d/grader -
Add this
grader ALL=(ALL:ALL) NOPASSWD:ALL -
Run
sudo nano /etc/hosts -
To solve this error
sudo: unable to resolve hostadd this line127.0.1.1 ip-10-20-52-12 -
Update all currently installed packages
sudo apt-get updatesudo apt-get upgrade
- Change SSH port from 22 to 2200
- Run
sudo nano /etc/ssh/sshd_config - Change the port from 22 to 2200
- then run
sudo service ssh restart - Confirm it
- Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)
sudo ufw allow 2200/tcpsudo ufw allow 80/tcpsudo ufw allow 123/udpsudo ufw enable
-
Change local timezone to UTC. Run
sudo dpkg-reconfigure tzdataand then none of the above and will show UTC now choose it. -
Configure key-based authentication for grader user.
- on your local machine run
ssh-keygen -f ~/.ssh/key_rsaand configure a password for it. then, runcat ~/.ssh/key_rsa.puband copy the generated key. - Run this command
sudo mkdir /home/grader/.sshthen run thissudo nano /home/grader/.ssh/authorized_keysand paste your public key and save.
- Disable ssh login for root user.
- Run
sudo nano /etc/ssh/sshd_config - Change
PermitRootLogin without-passwordline toPermitRootLogin no - Restart ssh with
sudo service ssh restart - Now you are only able to login using
ssh -i ~/.ssh/udacity_key.rsa -p 2200 grader@35.234.117.82
- Install Apache
sudo apt-get install apache2 - Install mod_wsgi
sudo apt-get install libapache2-mod-wsgi python-devthen, Enable mod_wsgi withsudo a2enmod wsgithen, Start the web server withsudo service apache2 start - Clone from Github
- Install git using:
sudo apt-get install git cd /var/wwwsudo mkdir catalog- Change owner of the newly created catalog folder
sudo chown -R grader:grader catalog cd /catalog- Clone your project from github
git clone https://github.com/FahadAlsubaie/Item-catalog.git catalog - Create a catalog.wsgi file, with this content. first run
sudo nano catalog.wsgi
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/catalog/")
from catalog import app as application
application.secret_key = 'supersecretkey'Note: your project path should be var/www/catalog/catalog
- Rename
application.pytoinit.pyby this commandmv application.py __init__.py
- Install virtual environment
- First install pip with this command
sudo apt-get install python-pip - Install the virtual environment
sudo pip install virtualenv - Create a new virtual environment with
sudo virtualenv venv - Activate it with
source venv/bin/activate - Change permissions
sudo chmod -R 777 venv
- Install Flask and other dependencies
- Install Flask
pip install Flask - Install all others project dependencies
sudo pip install httplib2 oauth2client sqlalchemy psycopg2 sqlalchemy_utils
- Update path of client_secrets.json file
nano __init__.py- Change client_secrets.json path to
/var/www/catalog/catalog/client_secrets.json
- Configure a new virtual host
- Create a new file with this :
sudo nano /etc/apache2/sites-available/catalog.conf - Put this code:
<VirtualHost *:80>
ServerName 18.184.59.194
ServerAlias http://ec2-18-184-59-194.eu-central-1.compute.amazonaws.com
ServerAdmin admin@18.184.59.194
WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Enable the virtual host
sudo a2ensite catalog
- Install and setup PostgreSQL
sudo apt-get install libpq-dev python-devsudo apt-get install postgresql postgresql-contribsudo su - postgrespsqlCREATE USER catalog WITH PASSWORD 'password';ALTER USER catalog CREATEDB;CREATE DATABASE catalog WITH OWNER catalog;\c catalogREVOKE ALL ON SCHEMA public FROM public;GRANT ALL ON SCHEMA public TO catalog;\qexit- now you need to change the create engine line in your
__init__.py,database_setup.pyandlotsofitem.pyto:engine = create_engine('postgresql://catalog:password@localhost/catalog') python /var/www/catalog/catalog/database_setup.py
- Restart Apache
sudo service apache2 restart - Visit site at
http://[your public ip]/