saifsweelam/linux-server-configuration

FSND | Project : Linux Server Configuration

Project : Linux Server Configuration

Description

An Amazon EC3 instance running Ubuntu is used as a web server to serve SSH connections via port 2200 and run a website on port 80.

Instance details

• IP Adress : 3.123.4.195
• URL : http://ec2-3-123-4-195.eu-central-1.compute.amazonaws.com/ or http://3.123.4.195.xip.io/
• SSH Port : 2200

Logging into SSH instructions

1. Move grader & grader.pub files to ~/.ssh directory. (Recommended)
2. Open a terminal program and run the following command:

   $ ssh -i ~/.ssh/grader -p 2200 grader@3.123.4.195

3. Enter the passphrase 'udacity'.
4. Now you're logged in as grader.

Software installed

The instance has Apache2, Python3, mod_wsgi library for Apache to support Python3, PostgreSQL, Git, ntp and Python libraries like: (pip, virtualenv, flask, SQLAlchemy, OAuth2Client, passlib)

Configurations Made

1. Upgrade installed software

   $ sudo apt-get update
   $ sudo apt-get upgrade

2. Install software mentioned in the above section

   $ sudo apt-get install apache2 ntp git-all ...

3. Create catalog directory inside /var/www/

   $ sudo mkdir /var/www/catalog
   $ cd /var/www/catalog

4. Clone catalog repository from Github into the newly created directory.

   $ sudo git clone https://github.com/saifsweelam/catalog.git catalog

5. Change the name of views.py file into __init__.py.

   $ sudo mv catalog/views.py catalog/__init__.py

6. Make modifications to __init__.py file:

   $ sudo nano catalog/__init__.py

   Where:

   from db_setup import Base, User, Species, Photo

   Became:

   from catalog.db_setup import Base, User, Species, Photo

   And Declarations for client_secrets.json file were modified to /var/www/catalog/catalog/client_secrets.json
7. Modify Engines URI in __init__.py & db_setup.py to use PostgreSQL instead of SQLite

   SQLALCHEMY_DATABASE_URI = "postgresql://animal-photos:udacity@localhost/animalphotos"
   engine = create_engine(SQLALCHEMY_DATABASE_URI)

8. Modify password_hash and descriprion fields to support long text in PostgreSQL in db_setup.py file.

   from sqlalchemy import Column, ForeignKey, Integer, String, TEXT
   description = Column(TEXT)

9. Create a WSGI script to run our program.

   $ pwd
   /var/www/catalog
   $ sudo nano catalog.wsgi

   Content of file:

   #!/usr/bin/python3
   import sys
   import logging
   logging.basicConfig(stream=sys.stderr)
   sys.path.insert(0, "/var/www/catalog/")
   
   from catalog import app as application
   application.secret_key = 'supersecretkey'

10. Make sure PostgreSQL is installed.

    $ sudo apt-get install postgresql postgresql-contrib

11. Connect to postgres user.

    $ sudo -i -u postgres

12. Create a new role named animal-photos

    $ createuser --interactive

13. Create a database named animalphotos

    $ createdb animalphotos

14. Set password 'udacity' for the role animal-photos

    $ psql
    \password animal-photos

15. Initialize tables inside database by running db_setup.py

    $ cd /var/www/catalog/catalog
    $ python3 db_setup.py

16. Create a configuration file for Flask App

    $ sudo nano /etc/apache2/sites-available/catalog-app.conf

    Contents of file:

    <VirtualHost *:80>
        ServerName 3.123.4.195
        ServerAdmin saifsweelam@gmail.com
        WSGIScriptAlias / /var/www/catalog/catalog.wsgi
        <Directory /var/www/catalog/catalog/>
            Order allow,deny
            Allow from all
        </Directory>
        Alias /static /var/www/catalog/catalog/static
        <Directory /var/www/catalog/catalog/static/>
            Order allow,deny
            Allow from all
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>

17. Enable the site:

    $ sudo a2ensite catalog
    $ sudo service apache restart

18. Visit website at 3.123.4.195 and make sure it works.
19. Set timezone to UTC

    $ sudo dpkg-reconfigure tzdata

20. Sync time using ntp which is already installed.

    $ sudo nano /etc/ntp.conf

21. Create a new user named grader and set password: 'udacity'

    $ sudo adduser grader

22. Give grader sudo premission.

    $ sudo nano /etc/sudoers.d/grader

    And enter

    grader ALL=(ALL) ALL

23. Get a Private Key for grader:
    • from local machine run ssh-keygen
    • Use passphrase 'udacity'
    • Save file as grader.
    • run cat grader.pub
    • sign in to the instance as grader
    • create .ssh directory.
    • run chmod 700 .ssh
    • create file .ssh/authorized_keys
    • Enter the content of grader.pub inside it
    • run chmod 644 .ssh/authorized_keys
24. Disable root login & disable password login.

    $ sudo nano /etc/ssh/sshd_config

    Edit PermitRootLogin prohibt-password to PermitRootLogin no And edit PasswordAuthentication yes to PasswordAuthentication no
25. Change SSH port from the same file: You should first allow port 2200 from aws firewall

    Port 22 -->> Port 2200

26. Save file and restart SSH

    $ sudo service ssh restart

27. Set Up UFW firewall

    $ sudo ufw reset
    $ sudo ufw allow http
    $ sudo ufw allow out 53 (To avoid Blocking DNS)
    $ sudo ufw logging on
    $ sudo ufw default deny incoming
    $ sudo ufw default deny outgoing
    $ sudo ufw limit 2200/tcp
    $ sudo ufw enable

Resources

• [RESOLVED] UFW Blocking Apt-Get Update
• Linux Server Configuration
• How to run pyhton flask on apache web server
• How can I kill all my postgresql connections?
• Using PostgreSQL through SQLAlchemy