This is the fifth project for "Full Stack Web Developer Nanodegree" on Udacity.
You will take a baseline installation of a Linux server and prepare it to host your web applications. You will secure your server from a number of attack vectors, install and configure a database server, and deploy one of your existing web applications onto it.In this project, a Linux virtual machine needs to be configurated to support the Item Catalog website.
- IP Address: 35.182.139.148
- Grudget catalog link http://35.182.139.148/
- Accessible port: 2200
- Application URL: http://ec2-35-182-139-148.ca-central-1.compute.amazonaws.com
- passphrase for grader: Udacity
- Start a new Ubuntu Linux server instance on Amazon Lightsail https://lightsail.aws.amazon.com/ Download LightSail Key
- Move the key file into the folder
~/.ssh
(where ~ is your environment's home directory). So if you downloaded the file to the Downloads folder, just execute the following command in your terminal.mv ~/Downloads/somelightsailkey ~/.ssh/
- Open your terminal and type in
chmod 600 ~/.ssh/somelightsailkey
- In your terminal, type in
ssh -i ~/.ssh/somelightsailkey [email protected]
Reference: https://stackoverflow.com/questions/46028907/how-do-i-connect-to-a-new-amazon-lightsail-instance-from-my-mac
sudo adduser grader
nano /etc/sudoers
touch /etc/sudoers.d/grader
nano /etc/sudoers.d/grader
, type ingrader ALL=(ALL:ALL) ALL
, save and quit
-
generate keys on local machine using
ssh-keygen
; then save the private key in~/.ssh
on local machine -
deploy public key to your lightsail server
On you virtual machine:
$ su - grader $ mkdir .ssh $ touch .ssh/authorized_keys $ nano .ssh/authorized_keys
Copy the public key generated on your local machine to this file and save
$ chown -R grader.grader /home/grader/.ssh $ chmod 700 .ssh $ chmod 644 .ssh/authorized_keys
-
reload SSH using
service ssh restart
-
now you can use ssh to login with the new user you created
$ ssh -i linuxCourse -p 2200 [email protected]
Your screen should looke this like this
$ ssh -i linuxCourse -p 2200 [email protected] [email protected]'s password: Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1079-aws x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Get cloud support with Ubuntu Advantage Cloud Guest: http://www.ubuntu.com/business/services/cloud 12 packages can be updated. 0 updates are security updates. New release '18.04.2 LTS' available. Run 'do-release-upgrade' to upgrade to it. Last login: Thu May 2 11:02:05 2019 from 73.210.12.195 grader@ip-172-26-6-16:~$
- $ sudo nano /etc/ssh/sshd_config. Find the PasswordAuthentication line and edit it to no.
- $ sudo service ssh restart.
- $ sudo nano /etc/ssh/sshd_config. Find the PermitRootLogin line and edit it to no.
- $ sudo service ssh restart.
- $ sudo apt-get update
- $ sudo apt-get upgrade
-
$ sudo apt-get install unattended-upgrades
- $ sudo dpkg-reconfigure unattended-upgrades
- Configure the time zone
sudo dpkg-reconfigure tzdata
- It is already set to UTC.
- Open the AWS panel on https://lightsail.aws.amazon.com/
- Follow the steps to add a custom rule to enable port 2200
- Reboot server Source: https://github.com/jungleBadger/-nanodegree-linux-server-troubleshoot/blob/master/Blocked_SSH_port/README.md#extra-step-to-enable-on-aws-panel
- Use
$ sudo nano /etc/ssh/sshd_config
and then change Port 22 to Port 2200 , save & quit. - Reload SSH using
$ sudo service ssh restart
- Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)
$ sudo ufw allow 2200/tcp $ sudo ufw allow 80/tcp $ sudo ufw allow 123/udp $ sudo ufw enable
- Install Apache
$ sudo apt-get install apache2
- Install mod_wsgi
$ sudo apt-get install python-setuptools libapache2-mod-wsgi
- Install additional libraries
$ sudo apt-get install libapache2-mod-wsgi python-dev
- Enable mod_wsgi
$ sudo a2enmod wsgi
- Restart Apache
$ sudo service apache2 restart
-
Install git
$ sudo apt-get install git $ cd /var/www $ sudo mkdir catalog
-
Change owner of the newly created catalog folder
$ sudo chown -R grader:grader catalog
-
Clone your item catalog project
cd /catalog git clone https://github.com/lmidy/FSND-ItemCatalog.git catalog
-
Create a catalog.wsgi file, then add this inside:
#!/usr/bin/python import sys import logging logging.basicConfig(stream=sys.stderr) sys.path.insert(0,"/var/www/catalog") from catalog import app as application application.secret_key = 'super_secret_key'
-
Rename final_project.py
$ mv final_project.py __init__.py
- Install pip, so you can install python pacakages
$ sudo apt-get install python-pip
- Install the virtual environment `$ sudo pip install virtualenv'
- Move to the catalog folder:
$ cd /var/www/catalog
- Create a new virtual environment with
$ sudo virtualenv venv
- Activate the virutal environment
$ source venv/bin/activate
- Change permissions `$ sudo chmod -R 777 venv
- Install Flask `$ pip install Flask
- Install other project dependencies
$ sudo pip install -r requirements.txt
- sudo apt-get -qqy install postgresql python-psycopg2
- Change client_secrets.json path to /var/www/catalog/catalog/client_secrets.json
- Run this:
$ sudo nano /etc/apache2/sites-available/catalog.conf
- Paste this code:
<VirtualHost *:80>
ServerName 35.182.139.148
ServerAlias ec2-35-182-139-148.ca-central-1.compute.amazonaws.com
ServerAdmin [email protected]
WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Enable the virtual host
$ sudo a2ensite catalog
-
Install PostgreSQL
$ sudo apt-get install postgresql
-
Check if no remote connections are allowed
$ sudo vim /etc/postgresql/9.3/main/pg_hba.conf
-
Login as user "postgres"
$ sudo su - postgres
-
Get into postgreSQL shell
$ psql
-
Create a new database named catalog and create a new user named catalog in postgreSQL shell
postgres=# CREATE DATABASE catalog; postgres=# CREATE USER catalog;
-
Set a password for user catalog
postgres=# ALTER ROLE catalog WITH PASSWORD 'password';
-
Give user "catalog" permission to "catalog" application database
postgres=# GRANT ALL PRIVILEGES ON DATABASE catalog TO catalog;
-
Quit postgreSQL
postgres=# \q
-
Exit from user "postgres"
exit
-
Change create engine line in your init.py, database_setup.py, lotsofgrudges.py to:
engine = create_engine('postgresql://catalog:password@localhost/catalog')
-
$ sudo python database_setup.py
-
$ sudo python lotsofgrudges.py
-
$ sudo service apache2 restart
- add the URL to the authorized URI on google admin pages
-
$ sudo service apache2 restart