Linux Server Configuration project of Udacity FullStack Nanodegree
- The IP address of the project is :
35.227.44.250
- Accessible Port is
2200
- The Project can be accessed by visiting the URL : http://35.227.44.250.xip.io/
You will take a baseline installation of a Linux server and prepare it to host your web applications. You will secure your server from a number of attack vectors, install and configure a database server, and deploy one of your existing web applications onto it.
A deep understanding of exactly what your web applications are doing, how they are hosted, and the interactions between multiple systems are what define you as a Full Stack Web Developer. In this project, you’ll be responsible for turning a brand-new, bare bones, Linux server into the secure and efficient web application host your applications need.
You will learn how to access, secure, and perform the initial configuration of a bare-bones Linux server. You will then learn how to install and configure a web and database server and actually host a web application.
- Start a new Ubuntu Linux server instance on Google Cloud Platform.
- Create an instance in
Computer Engine
of Google Cloud. - Choose an instance image: Ubuntu
- SSH into your server.
- After the server has been created, click on
SSH
button - Copy the SSH key and place it in
~/.ssh
directory , name itid_rsa
- Go to
Metadata
on google cloud platform, selectSSH keys
,Edit
and add theid_rsa.pub
, name itaysait101
. - Type
ssh -i ~/.ssh/id_rsa aysait101@35.227.44.250
to SSH from your terminal, enter passphrase to connect.
- Update all currently installed packages.
sudo apt-get update
sudo apt-get upgrade
- Change the SSH port from 22 to 2200.
- Go to
VM instance
interface,View network details
, navigate toFirewall rules
and add custom porttcp:2200
to allow connection to the port. - While logged in from terminal,
sudo nano /etc/ssh/sshd_config
and changePort 22
toPort 2200
and changePasswordAuthentication no
to enfirce SSH key login. - Restart with
sudo service ssh restart
- Login using
ssh -i ~/.ssh/id_rsa -p 2200 grader@35.227.44.250
and enter passphrase to connect.
- Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123).
sudo apt-get install ufw
to install ufwsudo ufw allow 2200/tcp
sudo ufw allow 80/tcp
sudo ufw allow 123/udp
sudo ufw enable
- check status using
sudo ufw status
In order for your project to be reviewed, the grader needs to be able to log in to your server.
- Create a new user account named
grader
.
- Logged in as root,
sudo adduser grader
- Enter the details to create user.
- Give
grader
the permission tosudo
.
sudo nano /etc/sudoers
touch /etc/sudoers.d/grader
sudo nano /etc/sudoers.d/grader
, enter the following:grader ALL=(ALL:ALL) ALL
and save.
- Create an SSH key pair for
grader
using thessh-keygen
tool.
- On your machine, generate SSH key pair using
ssh-keygen
in~/.ssh
. (I name it linuxTwo) su - grader
logs you in as grader using password.mkdir .ssh
touch .ssh/authorized_keys
sudo nano .ssh/authorized_keys
and paste the contents oflinuxTwo.pub
.chmod 700 .ssh
,chmod 644 .ssh/authorized_keys
service ssh restart
to restart SSH andCTRL D
to logout- Use
ssh -i ~/.ssh/linuxTwo grader@35.227.44.250 -p 2200
to login using passphrase.
- Configure the local timezone to UTC.
sudo dpkg-reconfigure tzdata
and choose your region.
- Install and configure Apache to serve a Python mod_wsgi application.
sudo apt-get install apache2
sudo apt-get install libapache2-mod-wsgi python-devsudo apt-get install libapache2-mod-wsgi pytdev
sudo apt-get build-dep python-psycopg2
.
- Install and configure
PostgreSQL:
sudo apt-get install postgresql postgresql-contrib
- Create a new database user named
catalog
that has limited permissions to your catalog application database. sudo su - postgres
CREATE USER catalog WITH PASSWORD 'PASSWORD';
ALTER USER catalog CREATEDB;
CREATE DATABASE catalog WITH OWNER catalog;
GRANT ALL ON SCHEMA public TO catalog;
\q
- Install
git
.
sudo apt-get install git
- Clone and setup your
Item Catalog
project from the Github repository you created earlier in this Nanodegree program.
cd /var/www
sudo mkdir catalog
cd /catalog
touch catalog.wsgi
to create .wsgi filesudo nano catalog.wsgi
and add the folowing:
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/catalog/")
from catalog import app as application
application.secret_key = 'super_secret_key'
- clone project from
git clone https://github.com/ayseth/item-catalog.git
- Renname folder
mv item-catalog catalog
cd /catalog
- Rename
application.py
usingmv application.py __init__.py
sudo nano __init__.py
, go to the end of the file and change
#app.debug = True
#app.run(host='0.0.0.0', port=5000)
app.run()
- and change
engine = create_engine('sqlite:///catalog.db?check_same_thread=False')
toengine = create_engine('postgresql://catalog:PASSWORD@localhost/catalog')
sudo nano database_setup.py
and changeengine = create_engine('sqlite:///catalog.db?check_same_thread=False')
toengine = create_engine('postgresql://catalog:PASSWORD@localhost/catalog')
sudo python database_setup.py
sudo apt-get install virtualenv
sudo virtualenv venv
source venv/bin/activate
to activate virtual environmentsudo chmod -R 777 venv
sudo apt-get install python-pip
- Install the following,
pip install sqlalchemy
pip install httplib2
pip install requests
pip install flask
pip install oauth2client
pip install Flask-SQLAlchemy
pip install psycopg2
pip install psycopg2-binary
deactive
to deactivate virtual envsudo nano /etc/apache2/sites-available/catalog.conf
and add the following
<VirtualHost *:80>
ServerName 35.227.44.250.xip.io
ServerAdmin aysait101@35.227.44.250
WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/ven$
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
sudo a2ensite catalog
service apache2 reload
sudo service apache2 restart
- To check for errors use
sudo tail /var/log/apache2/error.log
- For google login to work, add go to google cloud credentials and add
http://35.227.44.250.xip.io
toAuthorized JavaScript origins
- Add
http://35.227.44.250.xip.io/gconnect
,http://35.227.44.250.xip.io/gdisconnect
,http://35.227.44.250.xip.io/login
toAuthorized redirect URIs
- Download the
client_secerts.json
- On your terminal replace the contnets of the old
client_secrets.json
file with the newclient_secrets.json
usingsudo nano /var/www/catalog/catalog/client_secrets.json
and save. - Change the path of
client_secrets.json
in__init__.py
- https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps
- https://www.digitalocean.com/community/questions/flask-and-wsgi-importerror-cannot-import-name-app
- https://medium.com/@Riverside/how-to-install-apache-php-postgresql-lapp-on-ubuntu-16-04-adb00042c45d
- https://medium.com/coding-blocks/creating-user-database-and-adding-access-on-postgresql-8bfcd2f4a91e
- https://www.ostechnix.com/configure-apache-virtual-hosts-ubuntu-part-1/
- https://stackoverflow.com/questions/53586358/apache-mod-wsgi-google-oauth2-0-error-400-invalid-request
- http://exploreflask.com/en/latest/configuration.html