The user grader can log in to the Ubuntu server at 13.58.221.240 on port 2200 via SSH.
The web application can be accessed at http://ec2-13-58-221-240.us-east-2.compute.amazonaws.com/ in any browser of choice.
The following configuration changes were made to the server
- Root Login was disabled in /etc/ssh/sshd_config
- created grader user with the following command
sudo adduser grader
- Added grader user to the sudo group with the following command
sudo usermod -aG sudo grader
- Created a private-public key pair on the local machine using ssh-keygen. Copy pasted the contents of the graderKey.pub file in a new file located at /home/grader/.ssh/authorized_keys.
- ssh port number was changed from 22 to 2200 in /etc/ssh/sshd_config
- Firewall was enabled with following rules:
sudo ufw allow ssh
sudo ufw allow 2200/tcp
sudo ufw allow 80/tcp
sudo ufw allow ntp
sudo ufw deny 22/tcp
sudo ufw enable
- ssh remote login was enforced by setting PasswordAuthentication to no in /etc/ssh/sshd_config
- update and upgrade all available packages list using
sudo apt-get update
sudo apt-get upgrade
- Change read write permissions to /var/www/catalog/catalog.db to allow write queries.
- finger
- apache2
- python3
- git
- libapache2-mod-wsgi-py3
- python3-flask
- python3-pip
- python3-sqlalchemy
- python3-oauth2client
- python3-httplib2
- python3-urllib3
- sqlite3 python3.5-venv
After installing the apache2 package and libapache2-mod-wsgi-py3. The mod-wsgi was enabled using
sudo a2enmod wsgi
The web application was cloned using git at /var/www into 'catalog'. A catalog.wsgi was created at /var/www/catalog with the following content
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/catalog/")
from final_project import app as application
application.secret_key = 'your_secret_key'
The apache web server was then configured by creating a .conf file at /etc/apache2/sites-available/catalog.conf with the following content:
<VirtualHost *>
ServerName ec2-13-58-221-240.us-east-2.compute.amazonaws.com
WSGIDaemonProcess catalog user=ubuntu group=ubuntu threads=5
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog>
WSGIProcessGroup catalog
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
The Udacity course on Configuring Linux Web Servers was used as the main reference in configuring the firewall settings, adding a new user and setting up ssh login with a private-public key pair. Other references used are as follows:
- Setting up AWS EC2 instance
- blog posts on Deploying a Flask Application on ubuntu -- Blog 1 -- Blog 2
- Flask Documentation on mod_wsgi