#LINUX SERVER VM CONFIGURATION#
Public IP Address: 35.161.147.129 SSH Port: 2200 Public URL: http://35.161.147.129
###1. Launch your Virtual Machine with your Udacity account.
- Create AWS Remote Server via Udacity account interface
- Download Private Key
- Move the private key file into the folder
~/.ssh
(where ~ is your environment's home directory).
mv ~/Downloads/udacity_key.rsa ~/.ssh/
- Open your terminal and type in
chmod 600 ~/.ssh/udacity_key.rsa
###2. SSH into your server
ssh -i ~/.ssh/udacity_key.rsa [email protected]
###3. Create a new user named grader
sudo adduser grader
###4. Give the grader the permission to sudo
sudo cat /etc/sudoers
sudo ls /etc/sudoers.d
sudo nano /etc/sudoers.d/grader
- Add
grader ALL=(ALL) ALL
to the grader file to give the user sudo permission - Set a secure password for grader:
sudo passwd grader
- Configure the key-based authentication for grader
- Generate an encryption key on your local machine:
ssh-keygen -f ~/Desktop/udacity_key.rsa
- Login as grader:
su grader
- Create .ssh directory:
mkdir ~/.ssh
- Create authorized_keys file for grader on the remote server:
nano /home/grader/.ssh/authorized_keys
- Copy content of the public key file on your local machine
pbcopy < ~/Desktop/udacity_key.rsa.pub
- Paste the copied content into the authorized_keys file on the remote server
- Update permissions:
sudo chmod 700 /home/grader/.ssh
sudo chmod 644 /home/grader/.ssh/authorized_keys
- Change the owner from root to grader:
sudo chown -R grader:grader /home/grader/.ssh
- Log in via ssh using:
ssh -i ~/Desktop/udacity_key.rsa [email protected]
- To enforce key based authentication, type
sudo nano /etc/ssh/sshd_config
and make sure thePasswordAuthentication
line is set to no - Disable remote login of root user:
sudo nano /etc/ssh/sshd_config
and change thelinePermitRootLogin without-password
toPermitRootLogin no
- Restart the ssh server:
sudo service ssh restart
- Install fail2ban to increase login security:
sudo apt-get install fail2ban
###5. Update all currently installed packages
sudo apt-get update
sudo apt-get upgrade
###6. Change the SSH port from 22 to 2200
sudo nano /etc/ssh/sshd_config
- Change Port to 2200
- Login with:
ssh -i ~/Desktop/udacity_key.rsa [email protected] -p 2200
###7. Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)
- Check if the firewall is active or inactive
sudo ufw status
- Close all incoming ports
sudo ufw default deny incoming
- Allow all outgoing ports
sudo ufw default allow outgoing
- Allow ssh port
sudo ufw allow ssh
- Allow http port
sudo ufw allow www
- Allow ntp port
sudo ufw allow ntp
- Enable the firewall
sudo ufw enable
###8. Configure the local timezone to UTC
- Type:
sudo dpkg-reconfigure tzdata
- Go to "Etc" or "None of the above"
- Choose UTC and enter
###9. Install and configure Apache to serve a Python mod_wsgi application
- Install Apache:
sudo apt-get install apache2
- Install mod_wsgi:
sudo apt-get install libapache2-mod-wsgi
nano /etc/apache2/sites-enabled/000-default.conf
- Add the following line at the end of the <VirtualHost *:80> block, right before the closing line:
WSGIScriptAlias / /var/www/html/myapp.wsgi
- Restart Apache:
sudo apache2ctl restart
- Create the /var/www/html/myapp.wsgi:
sudo nano /var/www/html/myapp.wsgi
. - Within this file, write the following application to print "Hello World!":
def application(environ, start_response):
status = '200 OK'
output = 'Hello World!'
response_headers = [('Content-type', 'text/plain'), ('Content-Length', str(len(output)))]
start_response(status, response_headers)
return [output]
###10. Install and configure PostgreSQL:
sudo apt-get install postgresql
- Login to automatically created postgres user:
sudo su - postgres
- From here, we can connect to the system:
psql
- Create catalog user:
CREATE ROLE catalog WITH login;
- Create catalog database and make catalog user the owner
CREATE DATABASE catalog WITH OWNER catalog;
- Double check that no remote connections are allowed by looking in the host based authentication file:
sudo nano /etc/postgresql/9.3/main/pg_hba.conf
- As you can see, the first two security lines specify "local" as the scope that they apply to. This means they are using Unix/Linux domain sockets.
- The second two declarations are remote, but if we look at the hosts that they apply to (127.0.0.1/32 and ::1/128), we see that these are interfaces that specify the local machine.
- Exit out of PostgreSQL and the postgres user by typing:
exit
###11. Install git, clone and setup your Catalog App project
sudo apt-get install git
cd /var/www/
- Create new directory named FlaskApp:
mdir FlaskApp
- Move to the new directory:
cd FlaskApp
- Git clone our existing Catalog app into this directory:
git clone https://github.com/ruslanml/Udacity-Catalog-Project.git
- Move inside the Catalog app directory:
cd Udacity-Catalog-Project
- Rename the
project.py
file to__init__.py
mv project.py __init__.py
- Install pip and virtualenv
sudo apt-get install python-pip
sudo pip install virtualenv
sudo virtualenv venv
- Install Flask and other dependencies in the new created virtual environment
source venv/bin/activate
sudo pip install Flask
sudo pip install psycopg2
sudo pip install sqlalchemy
sudo pip install oauth2client
- Run the following command to test if the installation is successful and the app is running:
sudo python __init__.py
- If app is successfully running then deactive the virtual environment by running:
deactivate
- Configure and enable new virtual host
sudo nano /etc/apache2/sites-available/FlaskApp.conf
- Add the following lines of code to the file to configure the virtual host. Be sure to change the ServerName to your domain or cloud server's IP address:
<VirtualHost *:80>
ServerName mywebsite.com
ServerAdmin [email protected]
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/Udacity-Catalog-Project/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/Udacity-Catalog-Project/static
<Directory /var/www/FlaskApp/Udacity-Catalog-Project/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Enable the virtual host:
sudo a2ensite FlaskApp
- Create the .wsgi File
cd /var/www/FlaskApp
sudo nano flaskapp.wsgi
- Add the following lines of code to the flaskapp.wsgi file:
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/FlaskApp/")
from Udacity-Catalog-Project import app as application
application.secret_key = 'Add your secret key'
- Restart Apache
sudo apache2ctl restart
###Sources:
###Other Useful Commands:
- Login to Server:
ssh -i ~/.ssh/udacity_key.rsa [email protected]
- View Error Log:
cat /var/log/apache2/error.log
###Errors and Warnings:
- Error: sudo: unable to resolve host ip-10-20-47-235. To fix:
sudo nano /etc/hosts
127.0.1.1 ip-10-20-47-235
- Error: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
- This is just a friendly warning and not really a problem (as in that something does not work).
- If you insert a
ServerName localhost
in either httpd.conf or apache2.conf in /etc/apache2 and restart apache the notice will disappear.