Code Monkey home page Code Monkey logo

p5linux's Introduction

Project 5 - Linux Server Configuration

Udacity - Full Stack - Project 5 - Linux Server Configuration

By Jerry Wardlow for the Udacity Full Stack Web Developer Nanodegree

About

This project involves the configuration and securing of a baseline Ubuntu 14.04.3 LTS Amazon Web Services EC2 instance. This instance is used to host the Flask application Project 3 - Item Catalog using the Apache HTTP Server and mod_wsgi. Various security measures are implemented including the use of UncomplicatedFirewall to limit unwanted access, as well as forced key-based SSH login and inability to SSH as the root user.

In This Repository

The project is a modification of Project 3 - Item Catalog. The addition of the wsgi-scripts directory includes two files, app.wsgi for running our Flask application, and mod-wsgi.conf to ease configuration of mod_wsgi. Further information about the Flask app can be found at it's project page.

Using This Project

Prerequisites

  • Amazon EC2 Instance with Ubuntu 14.04.3 LTS
  • The files contained in this repository

Configuring This Project

The initial configuration of an EC2 instance is outside the scope of this project, though the tutorial at Getting Started with Amazon EC2 Linux Instances can quickly get our instance running. Upon successful creation and installation of Ubuntu, we can begin to configure our machine.

In addition, the configuration of OAuth2 and Imgur API is covered in the project page for Project 3 - Item Catalog.

From a terminal, we can SSH into our instance using our generated keys.

ssh -i ~/.ssh/{YOUR_KEY_NAME}.rsa root@{EC2 IP ADDRESS}

User Control and SSH Configuration

Next, per project guidelines, we can add a new user grader and grant them sudo access.

adduser grader

Following the prompts, we now have a new user. Adding sudo capabilities can be done with visudo and adding grader ALL=(ALL:ALL) ALL under the heading # User privilege specification.

Now that we have our new user, we can copy our SSH public key to allow us to SSH as this user.

mkdir /home/grader/.ssh cat ~/.ssh/authorized_keys >> /home/grader/.ssh/authorized_keys

Now we can change our SSH port to 2200 for obfuscation, rewriting the configuration from Port 22 in /etc/ssh/sshd_config. After this, we restart the SSH service with service ssh restart and can log out of root and back in as grader to complete the configuration. For additional security, we can also disable SSH access as the root user by changing the sshd_config to PermitRootLogin no.

UncomplicatedFirewall

Enabling and configuring UncomplicatedFirewall is accomplished via ufw default deny incoming to close all incoming ports, then ufw allow 2200/tcp ufw allow 80/tcp and ufw allow 123/tcp per project guidelines. Finally, ufw enable to get UncomplicatedFirewall up and running.

Software Package Installation

The next step before installation of our software packages is to update and upgrade the already installed packages with apt-get update and apt-get upgrade. Now we can apt-get install apache2, libapache2-mod-wsgi, postgresql, psycopg2, python-pip, and git.

Now that Git is installed, we can cd /var/www/ and git clone https://github.com/jerrywardlow/p5linux.git to clone the repository into the correct directory. Using PIP, we can install the necessary Python packages via pip install -r /var/www/p5linux/requirements.txt.

Configuring Apache and mod_wsgi

Configuring mod_wsgi is made easy by copying our pre-configured mod-wsgi.conf file in place of the default configuration.

cp /var/www/p5linux/wsgi-scripts/mod-wsgi.conf /etc/apache2/sites-enabled/000-default.conf

Now that our configuration is updated, we can apache2ctl restart to reload the HTTP server.

Bear with me, we're almost there!

Database Configuration

Configuring PostgreSQL is made simple with a few quick commands as the postgres user, using su postgres to switch over. Running the command psql -c \"CREATE USER flaskapp with password 'flaskypassy';\" will generate the new user with limited privileges, and the appropriate credentials for our pre-configured Flask app. Next we need to createdb itemcatalog to generate the database for the Flask app, and can run python /var/www/p5linux/populator.py to load our database with sample data.

Viewing the Completed Project

Now that we have successfully configured our web server, we can navigate to the EC2 IP address in a web browser to see our Flask app being hosted.

p5linux's People

Contributors

jerrywardlow avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.