This is a project for the Udacity FSND Course.
This project links to the Configuring Linux Web Servers. It takes a baseline installation of a Linux server and prepare it to host the Item Catalog website, to include installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.
- URL:
https://ec2-18-217-0-163.us-east-2.compute.amazonaws.com - IP address:
18.217.0.163 - SSH port:
2200 - Login:
ssh -i ~/.ssh/[privateKeyFileName] -p 2200 [email protected]
Start a new Ubuntu Linux server instance on Amazon Lightsail
- Download Private Key from the SSH keys section in the Account section on Amazon Lightsail
- Move the private key file into the folder
mv ~/Downloads/Lightsail.pem ~/.ssh/ chmod 400 ~/.ssh/Lightsail.pem- Login ubuntu with
ssh -i ~/.ssh/Lightsail.pem [email protected]
- Add user grader
sudo adduser grader - Edit the sudoers file
sudo visudo - Copy and paste
(grader ALL=(ALL:ALL) ALL)belowroot ALL=(ALL:ALL) ALL, save and quit - Check sudo access with
sudo cat /etc/sudoers
-
Generate keys on local machine with
ssh-keygen -
Save the private key in
~/.sshon local machine -
Key-based SSH authentication
On virtual machine:
$ sudo su grader $ cd $ mkdir .ssh $ touch .ssh/authorized_keys $ nano .ssh/authorized_keysCopy the content of public key (.pub) on your local machine and paste here
$ chmod 700 .ssh $ chmod 644 .ssh/authorized_keys -
Reload SSH
sudo service ssh restart -
Login with grader
ssh -i ~/.ssh/[privateKeyFilename] [email protected]
-
sudo nano /etc/ssh/sshd_config, changePort 22toPort 2200andPermitRootLogin without-passwordtoPermitRootLogin no -
Reload SSH with
sudo service ssh restart -
Allow connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)
sudo ufw allow 2200/tcp sudo ufw allow 80/tcp sudo ufw allow 123/udp sudo ufw enable sudo ufw status -
Add and save port 2200 with Application as Custom as TCP in the Networking section of your instance on Amazon Lightsail.
-
Now login with ubuntu or grader
ssh -i ~/.ssh/Lightsail.pem -p 2200 [email protected] ssh -i ~/.ssh/[privateKeyFilename] -p 2200 [email protected]
sudo apt-get update
sudo apt-get upgrade
To automatically install security updates
sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
- Install Apache
sudo apt-get install apache2 - Install mod_wsgi
sudo apt-get install libapache2-mod-wsgi python-dev - Restart Apache
sudo service apache2 restart
- Install PostgreSQL
sudo apt-get install postgresql - Login
sudo su - postgres - Get into postgreSQL shell
psql- Create a new database named catalog
postgres=# CREATE DATABASE catalog; - Create a new user named catalog
postgres=# CREATE USER catalog; - Set a password for user catalog
postgres=# ALTER ROLE catalog WITH PASSWORD 'password'; - Give user "catalog" permission to "catalog" application database
postgres=# GRANT ALL PRIVILEGES ON DATABASE catalog TO catalog; - Quit postgreSQL
postgres=# \q - Exit
exit
- Create a new database named catalog
-
Install Git
sudo apt-get install git -
cd /var/www -
cd FlaskApp -
Create directory
sudo mkdir FlaskApp -
Clone the Catalog App
sudo git clone https://github.com/bumperX/catalog_web_app.git -
Move all project files to
var/www/FlaskApp/FlaskAppsudo mv -v catalog_web_app/catelog/* catalog_web_app/ sudo rm -r catalog_web_app/catelog/ sudo mv ./catalog_web_app ./FlaskApp -
cd FlaskApp -
Rename application.py
sudo mv application.py __init__.py -
Edit database path in init.py, database_setup.py, populate_db.py
sudo nano __init__.py sudo nano database_setup.py sudo nano populate_db.pyIn each file, change
sqlite:https:///catalog.dbtopostgresql:https://catalog:password@localhost/catalog -
Install pip
sudo apt-get install python-pip -
Update pip
pip install --upgrade pip -
Install project dependencies
sudo -H pip install sqlalchemy flask-sqlalchemy psycopg2 requests flask oauth2client -
Install psycopg2
sudo apt-get install postgresql python-psycopg2 -
Create database
python database_setup.py -
Populate database
python populate_db.py
-
sudo nano /etc/apache2/sites-available/FlaskApp.conf -
Add the following lines to configure the virtual host.
<VirtualHost *:80> ServerName 18.217.0.163 ServerAdmin [email protected] WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi <Directory /var/www/FlaskApp/FlaskApp/> Order allow,deny Allow from all </Directory> Alias /static /var/www/FlaskApp/FlaskApp/static <Directory /var/www/FlaskApp/FlaskApp/static/> Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> -
Enable the virtual host
sudo a2ensite FlaskApp -
Restart Apache
sudo service apache2 restart
-
cd /var/www/FlaskApp -
Create the .wsgi File
sudo nano flaskapp.wsgi -
Add the following lines to flaskapp.wsgi
#!/usr/bin/python import sys import logging logging.basicConfig(stream=sys.stderr) sys.path.insert(0,"/var/www/FlaskApp/") from FlaskApp import app as application application.secret_key = 'super_secret_key' -
Restart Apache
sudo service apache2 restart
-
Go to console.cloud.google.com and edit Credentails
-
Add the Authorized JavaScript origins
https://ec2-18-217-0-163.us-east-2.compute.amazonaws.com https://18.217.0.163 -
Add the Authorized redirect URIs
https://ec2-18-217-0-163.us-east-2.compute.amazonaws.com/oauth2callback https://ec2-18-217-0-163.us-east-2.compute.amazonaws.com/gconnect https://ec2-18-217-0-163.us-east-2.compute.amazonaws.com/login https://ec2-18-217-0-163.us-east-2.compute.amazonaws.com/catalog -
Save and download the new client_secrets.json file
-
Update
client_secret.jsonin the virtual machine with the new content
- Connect to Flask.conf
sudo nano /etc/apache2/sites-available/FlaskApp.conf - Add the hostname below ServerAdmin and paste
ServerAlias ec2-18-217-0-163.us-east-2.compute.amazonaws.com - Connect to client_secrets.json and give it to the absolute path by changing
client_secrets.jsonto/var/www/catalog/catalog/client_secrets.jsonin__init__.py