udacity-linux-server-configuration

Project Description

Take a baseline installation of a Linux distribution on a virtual machine and prepare it to host your web applications, to include installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.

Walkthrough

  1. Create new user named grader and give it the permission to sudo
  • SSH into the server through ssh -i ~/.ssh/udacity_key.rsa root@35.167.27.204
  • Run $ sudo adduser grader to create a new user named grader
  • Create a new file in the sudoers directory with sudo nano /etc/sudoers.d/grader
  • Add the following text grader ALL=(ALL:ALL) ALL
  • Run sudo nano /etc/hosts
  • Prevent the error sudo: unable to resolve host by adding this line 127.0.1.1 ip-10-20-52-12
  1. Update all currently installed packages
  • Download package lists with sudo apt-get update
  • Fetch new versions of packages with sudo apt-get upgrade
  1. Change SSH port from 22 to 2200
  • Run sudo nano /etc/ssh/sshd_config
  • Change the port from 22 to 2200
  • Confirm by running ssh -i ~/.ssh/udacity_key.rsa -p 2200 root@35.167.27.204
  1. Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)
  • sudo ufw allow 2200/tcp
  • sudo ufw allow 80/tcp
  • sudo ufw allow 123/udp
  • sudo ufw enable
  1. Configure the local timezone to UTC
  • Run sudo dpkg-reconfigure tzdata and then choose UTC
  1. Configure key-based authentication for grader user
  • Run this command cp /root/.ssh/authorized_keys /home/grader/.ssh/authorized_keys
  1. Disable ssh login for root user
  • Run sudo nano /etc/ssh/sshd_config
  • Change PermitRootLogin without-password line to PermitRootLogin no
  • Restart ssh with sudo service ssh restart
  • Now you are only able to login using ssh -i ~/.ssh/udacity_key.rsa -p 2200 grader@35.167.27.20
  1. Install Apache
  • sudo apt-get install apache2
  1. Install mod_wsgi
  • Run sudo apt-get install libapache2-mod-wsgi python-dev
  • Enable mod_wsgi with sudo a2enmod wsgi
  • Start the web server with sudo service apache2 start
  1. Clone the Catalog app from Github
  • Install git using: sudo apt-get install git
  • cd /var/www
  • sudo mkdir catalog
  • Change owner of the newly created catalog folder sudo chown -R grader:grader catalog
  • cd /catalog
  • Clone your project from github git clone https://github.com/rrjoson/udacity-item-catalog.git catalog
  • Create a catalog.wsgi file, then add this inside:
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/catalog/")

from catalog import app as application
application.secret_key = 'supersecretkey'
  • Rename application.py to init.py mv application.py __init__.py
  1. Install virtual environment
  • Install the virtual environment sudo pip install virtualenv
  • Create a new virtual environment with sudo virtualenv venv
  • Activate the virutal environment source venv/bin/activate
  • Change permissions sudo chmod -R 777 venv
  1. Install Flask and other dependencies
  • Install pip with sudo apt-get install python-pip
  • Install Flask pip install Flask
  • Install other project dependencies sudo pip install httplib2 oauth2client sqlalchemy psycopg2 sqlalchemy_utils
  1. Update path of client_secrets.json file
  • nano __init__.py
  • Change client_secrets.json path to /var/www/catalog/catalog/client_secrets.json
  1. Configure and enable a new virtual host
  • Run this: sudo nano /etc/apache2/sites-available/catalog.conf
  • Paste this code:
<VirtualHost *:80>
    ServerName 35.167.27.204
    ServerAlias ec2-35-167-27-204.us-west-2.compute.amazonaws.com
    ServerAdmin admin@35.167.27.204
    WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
    WSGIProcessGroup catalog
    WSGIScriptAlias / /var/www/catalog/catalog.wsgi
    <Directory /var/www/catalog/catalog/>
        Order allow,deny
        Allow from all
    </Directory>
    Alias /static /var/www/catalog/catalog/static
    <Directory /var/www/catalog/catalog/static/>
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
  • Enable the virtual host sudo a2ensite catalog
  1. Install and configure PostgreSQL
  • sudo apt-get install libpq-dev python-dev
  • sudo apt-get install postgresql postgresql-contrib
  • sudo su - postgres
  • psql
  • CREATE USER catalog WITH PASSWORD 'password';
  • ALTER USER catalog CREATEDB;
  • CREATE DATABASE catalog WITH OWNER catalog;
  • \c catalog
  • REVOKE ALL ON SCHEMA public FROM public;
  • GRANT ALL ON SCHEMA public TO catalog;
  • \q
  • exit
  • Change create engine line in your __init__.py and database_setup.py to: engine = create_engine('postgresql://catalog:password@localhost/catalog')
  • python /var/www/catalog/catalog/database_setup.py
  • Make sure no remote connections to the database are allowed. Check if the contents of this file sudo nano /etc/postgresql/9.3/main/pg_hba.conf looks like this:
local   all             postgres                                peer
local   all             all                                     peer
host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5
  1. Restart Apache
  • sudo service apache2 restart
  1. Visit site at http://35.167.27.204

Special Thanks to iliketomatoes for a very helpful README