faryalzuberi/Linux-Server-Configuration

Linux-Server-Configuration

IP address

The user grader can log in to the Ubuntu server at 13.58.221.240 on port 2200 via SSH.

Web Application

The web application can be accessed at http://ec2-13-58-221-240.us-east-2.compute.amazonaws.com/ in any browser of choice.

Configuration Changes

The following configuration changes were made to the server

1. Root Login was disabled in /etc/ssh/sshd_config
2. created grader user with the following command

sudo adduser grader

3. Added grader user to the sudo group with the following command

sudo usermod -aG sudo grader

4. Created a private-public key pair on the local machine using ssh-keygen. Copy pasted the contents of the graderKey.pub file in a new file located at /home/grader/.ssh/authorized_keys.
5. ssh port number was changed from 22 to 2200 in /etc/ssh/sshd_config
6. Firewall was enabled with following rules:

sudo ufw allow ssh

sudo ufw allow 2200/tcp

sudo ufw allow 80/tcp

sudo ufw allow ntp

sudo ufw deny 22/tcp

sudo ufw enable

7. ssh remote login was enforced by setting PasswordAuthentication to no in /etc/ssh/sshd_config
8. update and upgrade all available packages list using

sudo apt-get update

sudo apt-get upgrade

9. Change read write permissions to /var/www/catalog/catalog.db to allow write queries.

Packages Installed

• finger
• apache2
• python3
• git
• libapache2-mod-wsgi-py3
• python3-flask
• python3-pip
• python3-sqlalchemy
• python3-oauth2client
• python3-httplib2
• python3-urllib3
• sqlite3 python3.5-venv

Deploying the Web Application and Configuring the Apache Server

After installing the apache2 package and libapache2-mod-wsgi-py3. The mod-wsgi was enabled using

sudo a2enmod wsgi

The web application was cloned using git at /var/www into 'catalog'. A catalog.wsgi was created at /var/www/catalog with the following content

#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/catalog/")

from final_project import app as application
application.secret_key = 'your_secret_key'

The apache web server was then configured by creating a .conf file at /etc/apache2/sites-available/catalog.conf with the following content:

<VirtualHost *>
    ServerName ec2-13-58-221-240.us-east-2.compute.amazonaws.com
    WSGIDaemonProcess catalog user=ubuntu group=ubuntu threads=5
    WSGIScriptAlias / /var/www/catalog/catalog.wsgi
    <Directory /var/www/catalog>
        WSGIProcessGroup catalog
        WSGIApplicationGroup %{GLOBAL}
        Order deny,allow
        Allow from all
    </Directory>
</VirtualHost>

Resources used

The Udacity course on Configuring Linux Web Servers was used as the main reference in configuring the firewall settings, adding a new user and setting up ssh login with a private-public key pair. Other references used are as follows:

• Setting up AWS EC2 instance
• blog posts on Deploying a Flask Application on ubuntu -- Blog 1 -- Blog 2
• Flask Documentation on mod_wsgi