Configuring a Linux server to host a web app securely using flask application on to AWS Light Sail. Installation of a Linux distribution on a virtual machine and prepare it to host web application(Item Catalog). It includes installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.
-
IP address:
13.250.18.177 -
Accessible SSH port:
2200 -
Application URL: http://ec2-13-250-18-177.ap-southeast-1.compute.amazonaws.com
-Login with: ssh -i ~/.ssh/udacity_key.rsa -p 2200 [email protected]
- SSH into the server through
ssh -i ~/.ssh/udacity_key.rsa [email protected] - Run
$ sudo adduser graderto create a new user named grader - Create a new file in the sudoers directory with
sudo nano /etc/sudoers.d/grader - Add the following text
grader ALL=(ALL:ALL) ALL - Run
sudo nano /etc/hosts
- Download package lists with
sudo apt-get update - Fetch new versions of packages with
sudo apt-get upgrade
- Run
sudo nano /etc/ssh/sshd_config - Change the port from 22 to 2200
- Confirm by running
ssh -i ~/.ssh/udacity_key.rsa -p 2200 [email protected]
Step 4 : Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)
sudo ufw allow 2200/tcpsudo ufw allow 80/tcpsudo ufw allow 123/udpsudo ufw enable
- Run
sudo dpkg-reconfigure tzdataand then choose UTC
- generate key-pair with ssh-keygen
- Save keygen file into (/home/user/.ssh/keypair).and fill the password . 2 keys will be generated, public key (keypair.pub) and identification key(keypair).
- Login into grader account using
sudo login grader. type the password that you have fill during user creation (sudo adduser graderstep 3) .[email protected] password : - if the password is correct , you will login as grader account:
[email protected]:~$ - make a directory in grader account :
mkdir .ssh - make a authorized_keys file using
touch .ssh/authorized_keys - from your local machine,copy the contents of public key(keypair.pub).
- paste that contents on authorized_keys of grader account using
nano authorized_keysand save it . - give the permissions :
chmod 700 .sshandchmod 644 .ssh/authorized_keys. - do
nano /etc/ssh/sshd_config, changePasswordAuthenticationto no . sudo service ssh restart.ssh [email protected] -p 2200 -i ~/.ssh/keypairin new terminal .A pop-up window will open for authentication. just fill the password that you have fill during ssh-keygen creation.
Resources - initial server setup, udacity course videos
- Run
sudo nano /etc/ssh/sshd_config - Change
PermitRootLogin without-passwordline toPermitRootLogin no - Restart ssh with
sudo service ssh restart - Now you are only able to login using
ssh -i ~/.ssh/udacity_key.rsa -p 2200 [email protected]
sudo apt-get install apache2
- Run
sudo apt-get install libapache2-mod-wsgi python-dev - Enable mod_wsgi with
sudo a2enmod wsgi - Start the web server with
sudo service apache2 start
- Install git using:
sudo apt-get install git cd /var/wwwsudo mkdir catalog- Change owner of the newly created catalog folder
sudo chown -R grader:grader catalog cd /catalog- Clone your project from github
git clone https://github.com/rrjoson/udacity-item-catalog.git catalog - Create a catalog.wsgi file, then add this inside:
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/catalog/")
from catalog import app as application
application.secret_key = 'supersecretkey'
- Rename application.py to init.py
mv catalog.py __init__.py
- Install the virtual environment
sudo pip install virtualenv - Create a new virtual environment with
sudo virtualenv venv - Activate the virutal environment
source venv/bin/activate - Change permissions
sudo chmod -R 777 venv
- Install pip with
sudo apt-get install python-pip - Install Flask
pip install Flask - Install other project dependencies
sudo pip install httplib2 oauth2client sqlalchemy psycopg2 sqlalchemy_utils
nano __init__.py- Change client_secrets.json path to
/var/www/catalog/catalog/client_secrets.json
- Run this:
sudo nano /etc/apache2/sites-available/catalog.conf - Paste this code:
<VirtualHost *:80>
ServerName 13.250.18.177
ServerAlias http://ec2-13-250-18-177.ap-southeast-1.compute.amazonaws.com
ServerAdmin [email protected]
WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Enable the virtual host
sudo a2ensite catalog
sudo apt-get install libpq-dev python-devsudo apt-get install postgresql postgresql-contribsudo su - postgrespsqlCREATE USER catalog WITH PASSWORD 'password';ALTER USER catalog CREATEDB;CREATE DATABASE catalog WITH OWNER catalog;\c catalogREVOKE ALL ON SCHEMA public FROM public;GRANT ALL ON SCHEMA public TO catalog;\qexit- Change create engine line in your
__init__.py,database_setup.pyandlotsofitems.pyto:engine = create_engine('postgresql://catalog:password@localhost/catalog') - Run
sudo python database_setup.py
sudo service apache2 restart