A Linux virtual machine is configurated to support the movies bookmark web application. The server is secured from a number of attack vectors and set up the user management. I also configured the web server to serve the application as a WSGI app.
- public IP: 13.59.54.0
- Server Alias Name: ec2-13-59-54-0.us-east-2.compute.amazonaws.com
- ssh port: 2200
http://ec2-13-59-54-0.us-east-2.compute.amazonaws.com/
- Log in to Lightsail from here https://amazonlightsail.com/. If you don't already have an Amazon Web Services account, you'll be prompted to create one.
- Create a Ubuntu instance (OS only).
- Choose a plan (choosing the lowest plan with get you free-tier access for a month).
- Give your instance a hostname.
- You now have an instance running (It may take a few minutes for your instance to start up).
- Once your instance has started up, you can log into it with SSH from your browser.
- Download Private Key from the SSH keys section in the Account section on Amazon Lightsail.
- Move the private key file into the folder
~/.ssh
(where ~ is your environment's home directory). So if you downloaded the file to the Downloads folder, just execute the following command in your terminal.mv ~/Downloads/Lightsail-key.pem ~/.ssh/
- Open your terminal and type in
chmod 400 ~/.ssh/Lightsail-key.pem
- In your terminal, type in
ssh -i {.pem file} ubunut@{ip_address}
- Update available packages:
sudo apt-get update
- Upgrade installed packages:
sudo apt-get upgrade
- Use
sudo vi /etc/ssh/sshd_config
and change thePORT 22
toPORT 2200
, save and quit. - Restart SSH service:
sudo service ssh restart
- Allow SSH on port 2200:
sudo ufw allow 2200/tcp
- Allow HTTP on port 80:
sudo ufw allow 80/tcp
- Allow NTP on port 123:
sudo ufw allow 123/udp
- Enable firewall:
sudo ufw enable
- Check the status:
sudo ufw status
Note: When changing the SSH port, make sure that the firewall is open for port 2200 first, so that you don't lock yourself out of the server. When you change the SSH port, the Lightsail instance will no longer be accessible through the web app 'Connect using SSH' button. The button assumes the default port is being used.
- Create a new user named grader:
sudo adduser grader
- Create a password (Password: udacity59). Then, we will be asked for addition information which we can just press enter (optional).
- Use the usermod command to add the user to the sudo group:
sudo usermod -aG sudo grader
- As ubuntu, use
sudo su - grader
to switch the user to grader. - Generate keys on local machine using
ssh-keygen
; then save the private key in/home/bcko/.ssh/id_rsa
on local machine sudo mkdir /home/grader/.ssh
sudo chown grader:grader /home/grader/.ssh
sudo chmod 700 /home/grader/.ssh
sudo cp /home/ubuntu/.ssh/authorized_key
sudo chmod 644 /home/grader/.ssh/authorized_keys
- Reload SSH using
service ssh restart
- Now you must use key pair to login. In local machine, in the directory with the .pem file you can login to the lightsail server:
ssh -i {.pem file} grader@{ip_address} -p 2200
- Change
PermitRootLogin yes
toPermitRootLogin no
withsudo vi /etc/ssh/sshd_config
- Restart ssh service
sudo service ssh restart
- Configure the time zone
sudo dpkg-reconfigure tzdata
- It is already set to UTC.
- To get apache2:
sudo apt-get install apache2
- To get mod_wsgi:
sudo apt-get install libapache2-mod-wsgi
- Restart Apache
sudo service apache2 restart
- To get git:
sudo apt-get install git
- Go into apache2 directory and create a FlaskApp directory
cd /var/www
sudo mkdir FlaskApp
cd FlaskApp
git clone https://github.com/junyan59/item-catalog.git
sudo mv ./item-catalog ./FlaskApp
cd FlaskApp
- Rename
application.py
to__init__.py
usingsudo mv application.py __init__.py
, if__init__.py
not present - Edit
database_setup.py
andexample_items.py
to changeengine = create_engine('sqlite:///item-catalog.db')
toengine = create_engine('postgresql://catalog:password@localhost/catalog')
, if not already done. - Get Flask and set up virtual env
sudo apt-get install python-pip
You should also run the command to update pipsudo pip install virtualenv
- In the FlaskApp/FlaskApp directory: create the environment in the directory
sudo virtualenv venv
- Activate the virtual environment:
source venv/bin/activate
- Install Flask:
sudo pip install Flask
- The app should work with:
sudo python __init__.py
- Deactivate the env with:
deactivate
- Create FlaskApp.conf to edit:
sudo vi /etc/apache2/sites-available/FlaskApp.conf
- Add the following lines of code to the file to configure the virtual host.
<VirtualHost *:80>
ServerName example_items.py
ServerAdmin stephanieyan59@gmail.com
WSGIScriptAlias /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Enable virtual host:
sudo a2ensite FlaskApp
- Create the .wsgi File under /var/www/FlaskApp:
cd /var/www/FlaskApp
sudo vi flaskapp.wsgi
- Add the following lines of code to the flaskapp.wsgi file:
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/FlaskApp/")
from FlaskApp import app as application
application.secret_key = 'super_secret_key'
- Restart Apache:
sudo service apache2 restart
- Go inside
source venv/bin/activate
- Use pip to install all modules:
pip install httplib2
- For httplib2 modulepip install requests
- For requests modulepip install --upgrade oauth2client
- To use oauth authenticationpip install sqlalchemy
- To use the python sqlalchemysudo apt-get install python-psycopg2
- To use python Postgresql psycopg
- Install PostgreSQL:
sudo apt-get install postgresql
- Create a user for psql:
sudo adduser catalog {Password}
- Change user to postgres:
sudo su - postgres
- Connect to psql:
psql
- Create a new database named catalog and create a new user named catalog in postgreSQL shell:
postgres=# CREATE DATABASE catalog;
postgres=# CREATE USER catalog;
- Set a password for user catalog:
postgres=# ALTER ROLE catalog WITH PASSWORD 'password';
- Give user "catalog" permission to "catalog" application database:
postgres=# GRANT ALL PRIVILEGES ON DATABASE catalog TO catalog;
- Quit postgreSQL
postgres=# \q
- Exit from user "postgres"
exit
- Google oauth:
- Go to your application credentials tab and add your public ip and hostname to Authorized JS origins https://console.developers.google.com/project
- Facebook oauth:
- Go to your application and the settings tab https://developers.facebook.com/apps/
- Add your public ip to the site URL
- Restart Apache
sudo service apache2 restart
- Use the URL below to visit web application http://ec2-13-59-54-0.us-east-2.compute.amazonaws.com/