Project 5 (Deploying to linux server)
Configuring a Linux server to host a web app securely using flask application on to Digitalocean. Installation of a Linux distribution on a virtual machine and prepare it to host web application(Item Catalog). It includes installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.
IP address: 139.59.130.134
Accessible SSH port: 2200
Application URL: http://139.59.130.134
- Run
sudo adduser grader
to create a new user named grader - Create a new file in the sudoers directory with
sudo nano /etc/sudoers.d/grader
- Add the following line
grader ALL=(ALL:ALL) ALL
- Download package lists with
sudo apt-get update
- New versions of packages with
sudo apt-get upgrade
- Run
sudo nano /etc/ssh/sshd_config
- Change the port from
22 to 2200
sudo service ssh restart
Step 4 : Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)
sudo ufw allow 2200/tcp
sudo ufw deny 22
- To delete port from status
sudo ufw delete <DENY/ALLOW> <PORT NUMBER>
sudo ufw allow 80/tcp
sudo ufw allow 123/udp
sudo ufw allow ssh
sudo ufw allow www
sudo ufw allow ftp
sudo ufw enable
- Run
sudo dpkg-reconfigure tzdata
and then choose none of above then UTC
- Generate key-pair with
ssh-keygen
- Save keygen file into (/home/user/.ssh/id_rsa).and fill the password . 2 keys will be generated, public key (id_rsa.pub) and identification key(id_rsa).
- Login into grader account using
sudo login grader
- Make a directory in grader account :
mkdir .ssh
- Make a authorized_keys file using
touch .ssh/authorized_keys
- From your local machine,copy the contents of public key(id_rsa.pub) paste that contents on authorized_keys of grader account using
nano authorized_keys
and save it . - Give the permissions :
chmod 700 .ssh
andchmod 644 .ssh/authorized_keys.
nano /etc/ssh/sshd_config
, change PasswordAuthentication tono
sudo service ssh restart
- Run
sudo nano /etc/ssh/sshd_config
- Change
PermitRootLogin without-password
toPermitRootLogin no
- Restart ssh with
sudo service ssh restart
sudo apt-get install apache2
- Run
sudo apt-get install libapache2-mod-wsgi python-dev
- Enable mod_wsgi with
sudo a2enmod wsgi
- Start the web server with
sudo service apache2 start
- Install git using
sudo apt-get install git
cd /var/www
sudo mkdir catalog
- Change owner of the newly created catalog folder
sudo chown -R grader:grader catalog
cd catalog
- Clone your project from github
git clone <LINK FOR PROJECT 4 REPOSETORY> catalog
- Create a catalog.wsgi file
nano catalog.wsgi
, then add this inside:
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/catalog/")
from catalog import app as application
application.secret_key = 'super_secret_key'
WTF_CSRF_ENABLED = True
.
- Rename application.py to init.py
mv application.py __init__.py
- Install pip with
sudo apt-get install python-pip
- Install the virtual environment
sudo pip install virtualenv
- Create a new virtual environment with
sudo virtualenv venv
- Activate the virutal environment
source venv/bin/activate
- Change permissions
sudo chmod -R 777 venv
- Install Flask
pip install Flask
- Install other project dependencies
sudo pip2 install httplib2 oauth2client sqlalchemy flask-sqlalchemy psycopg2-binary bleach requests sqlalchemy_utils
nano __init__.py
- Change client_secrets.json path to
/var/www/catalog/catalog/client_secrets.json
- run
sudo nano /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
ServerName 139.59.130.134
ServerAlias http://139.59.130.134
ServerAdmin admin@139.59.130.134
WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
.
sudo apt-get install libpq-dev python-dev
sudo apt-get install postgresql postgresql-contrib
sudo su - postgres
psql
- Write these lines line-by-line :
CREATE USER catalog WITH PASSWORD 'password';
ALTER USER catalog CREATEDB;
CREATE DATABASE catalog WITH OWNER catalog;
\c catalog
REVOKE ALL ON SCHEMA public FROM public;
GRANT ALL ON SCHEMA public TO catalog;
\q
exit
- Change create engine line in your
__init__.py
,database_setup.py
andfakedata.py
to:engine = create_engine('postgresql://catalog:password@localhost/catalog')
- Run
sudo python database_setup.py
sudo service apache2 restart
Step 17 : Visit site at Catalog App
Oauth not work because the domain
- Udacity FSND
- Deploying a Python
- stackoverflow
- ask Ubuntu
- Amazon EC2 Linux Instances
- mod_wsgi (Apache)
- mod_wsgi
- project 4 Item Catalog
sudo tail -100 /var/log/apache2/error.log
----> To check if there any error with apatchepython <File_name>.py runserver -d
----> debug mode