Linux-Server-Configuration-Udacity-Full-Stack-Nanodegree-Project

This is the last project toward Udacity Full Stack Web Developer Nanodegree. In this project, the University App from project 3 will be hosted by a Ubuntu Linux server on an Amazon Lightsail instance. A series of instructions will be presented below. You can visit http://13.233.204.152/ for the website deployed.

Above link is now unavailable because I have graduated from the nanodegree program.

Start a new Ubuntu Linux Server instance on Amazon Lightsail

  1. Create an AWS account
  2. Click Create instance button on the home page
  3. Select Linux/Unix platform
  4. Select OS Only and Ubuntu as blueprint
  5. Select an instance plan
  6. Name your instance
  7. Click Create button

SSH into your Server

  1. Download private key from the SSH keys section in the Account section on Amazon Lightsail. The file name should be like LightsailDefaultPrivateKey-us-east-2.pem
  2. Create a new file named lightsail_key.rsa under ~/.ssh folder on your local machine
  3. Copy and paste content from downloaded private key file to lightsail_key.rsa
  4. Set file permission as owner only : $ chmod 600 ~/.ssh/lightsail_key.rsa
  5. SSH into the instance: `$ ssh -i ~/.ssh/lightsail_key.rsa ubuntu@13.233.204.152

Update all currently installed packages

  1. Run sudo apt-get update to update packages
  2. Run sudo apt-get upgrade to install newest versions of packages
  3. Set for future updates: sudo apt-get dist-upgrade

Change the SSH port from 22 to 2200

  1. Run $ sudo nano /etc/ssh/sshd_config to open up the configuration file
  2. Change the port number from 22 to 2200 in this file
  3. Save and exit the file
  4. Restart SSH: $ sudo service ssh restart

Configure the firewall

  1. Check firewall status: $ sudo ufw status
  2. Set default firewall to deny all incomings: $ sudo ufw default deny incoming
  3. Set default firewall to allow all outgoings: $ sudo ufw default allow outgoing
  4. Allow incoming TCP packets on port 2200 to allow SSH: $ sudo ufw allow 2200/tcp
  5. Allow incoming TCP packets on port 80 to allow www: $ sudo ufw allow www
  6. Allow incoming UDP packets on port 123 to allow NTP: $ sudo ufw allow 123/udp
  7. Close port 22: $ sudo ufw deny 22
  8. Enable firewall: $ sudo ufw enable
  9. Check out current firewall status: $ sudo ufw status
  10. Update the firewall configuration on Amazon Lightsail website under Networking. Delete default SSH port 22 and add port 80, 123, 2200
  11. Open up a new terminal and you can now ssh in via the new port 2200: $ ssh -i ~/.ssh/lightsail_key.rsa ubuntu@13.233.204.152 -p 2200

Create a new user account grader and give grader sudo access

  1. Create a new user account grader:$ sudo adduser grader
  2. $ sudo nano /etc/sudoers
  3. Create a file named grader under this path: $ sudo touch /etc/sudoers.d/grader
  4. Edit this file: $ sudo nano /etc/sudoers.d/grader, add code grader ALL=(ALL:ALL) ALL. Save and exit

Set SSH login using keys

  1. Create an SSH key pair for grader using the ssh-keygen tool on your local machine. Save it in ~/.ssh path
  2. Deploy public key on development environment
    • On your local machine, read the generated public key cat ~/.ssh/FILE-NAME.pub
    • On your virtual machine
       $ mkdir .ssh
       $ touch .ssh/authorized_keys
       $ nano .ssh/authorized_keys
    
    • Copy the public key to this authorized_keys file on the virtual machine and save
  3. Run chmod 700 .ssh and chmod 644 .ssh/authorized_keys on your virtual machine to change file permission
  4. Restart SSH: $ sudo service ssh restart
  5. Now you are able to login in as grader: `$ ssh -i ~/.ssh/grader_key -p 2200 grader@13.233.204.152
  6. You will be asked for grader's password. To unable it, open configuration file again: $ sudo nano /etc/ssh/sshd_config
  7. Change PasswordAuthentication yes to no
  8. Restart SSH: $ sudo service ssh restart

Configure the local timezone to UTC

  1. Run $ sudo dpkg-reconfigure tzdata
  2. Choose None of the above to set timezone to UTC

Install and configure Apache

  1. Install Apache: $ sudo apt-get install apache2
  2. Go to http://13.233.204.152/ if Apache is working correctly, a Apache2 Ubuntu Default Page will show up

Install and configure Python mod_wsgi

  1. Install the mod_wsgi package: $ sudo apt-get install libapache2-mod-wsgi python-dev
  2. Enable mod_wsgi: $ sudo a2enmod wsgi
  3. Restart Apache: $ sudo service apache2 restart
  4. Check if Python is installed: $ python

Create new Linux user called catalog and new database

  1. Create a new Linux user: $ sudo adduser catalog
  2. Give catalog user sudo access:
    • $ sudo visudo
    • Add $ catalog ALL=(ALL:ALL) ALL under line $ root ALL=(ALL:ALL) ALL
    • Save and exit the file
  3. Log in as catalog: $ sudo su - catalog
  4. Create database catalog: createdb catalog
  5. Exit user catalog: exit

Install git and clone UniversityApp application from github

  1. Run $ sudo apt-get install git
  2. Create dictionary: $ mkdir /var/www/UniversityApp
  3. CD to this directory: $ cd /var/www/UniversityApp
  4. Clone the catalog app: $ sudo git clone RELEVENT-URL UniversityApp
  5. Change the ownership: $ sudo chown -R ubuntu:ubuntu UniversityApp/
  6. CD to /var/www/UniversityApp
  7. Change file application.py to init.py: $ mv application.py __init__.py
  8. Change line app.run(host='0.0.0.0', port=5000) to app.run() in init.py file

Edit client_secrets.json file

  1. Create a new project on Google API Console and download client_secrets.json file
  2. Copy and paste contents of downloaded client_secrets.json to the file with same name under directory /var/www/UniversityApp/client_secrets.json

Setup for deploying a Flask App on Ubuntu VPS

  1. Install pip: $ sudo apt-get install python-pip
  2. Install packages:
   $ sudo pip install httplib2
   $ sudo pip install requests
   $ sudo pip install --upgrade oauth2client
   $ sudo pip install sqlalchemy
   $ sudo pip install flask
   $ sudo apt-get install libpq-dev
   $ sudo pip install psycopg2

Setup and enble a virtual host

  1. Create file: $ sudo touch /etc/apache2/sites-available/catalog.conf
  2. Add the following to the file:
   <VirtualHost *:80>
		ServerName XX.XX.XX.XX
		ServerAdmin admin@xx.xx.xx.xx
		WSGIScriptAlias / /var/www/UniversityApp/catalog.wsgi
		<Directory /var/www/UniversityApp/>
			Order allow,deny
			Allow from all
			Options -Indexes
		</Directory>
		Alias /static /var/www/UniversityApp/catalog/static
		<Directory /var/www/UniversityApp/catalog/static/>
			Order allow,deny
			Allow from all
			Options -Indexes
		</Directory>
		ErrorLog ${APACHE_LOG_DIR}/error.log
		LogLevel warn
		CustomLog ${APACHE_LOG_DIR}/access.log combined
   </VirtualHost>
  1. Run $ sudo a2ensite catalog to enable the virtual host
  2. Restart Apache: $ sudo service apache2 reload

Configure .wsgi file

  1. Create file: $ sudo touch /var/www/UniversityApp/catalog.wsgi
  2. Add content below to this file and save:
   #!/usr/bin/python
   import sys
   import logging
   logging.basicConfig(stream=sys.stderr)
   sys.path.insert(0,"/var/www/UniversityApp/")

   from nuevoMexico import app as application
   application.secret_key = 'super_secret_key'
  1. Restart Apache: $ sudo service apache2 reload

Edit the database path

  1. Replace lines in __init__.py, database_setup.py, and lotsofitems.py with engine = create_engine('sqlite://catalog')

Disable defualt Apache page

  1. $ sudo a2dissite 000-defualt.conf
  2. Restart Apache: $ sudo service apache2 reload

Set up database schema

  1. Run $ sudo python database_setup.py
  2. Run $ sudo python lotsofitems.py
  3. Restart Apache: $ sudo service apache2 reload
  4. Now follow the link to http://13.233.204.152/ the application should be runing online
  5. If internal errors occur: check the Apache error file

Sources

  1. Amazon Lightsail Website
  2. Google API Concole
  3. Udacity
  4. Apache