Scifideity/Linux-Server-Configuration

Linux Server Configuration - Blacksmith Item Catalog

Server Info:

Server IP : 3.219.35.196

GitHub Repository : https://github.com/Scifideity/BlacksmithCatalog.git

Software Utilized:

Ubuntu 16.04
Python
Flask
SQLAlchemy
Git
Nginx
Gunicorn
Supervisor

Server Configuration Steps

Prep on your LOCAL machine

Create keys for grader

ssh-keygen Call it grader_key

Browse to Amazon Lightsail

Create Instance

Instance Type: OS Only

OS : Ubuntu 16.04

Create Instance (May take a few min)

Configure your Server

Connect via SSH w/ default key (found in Accounts section) for your region

Update and Upgrade the Server

sudo apt-get update

sudo apt-get upgrade
Configure Server for Unattended Upgrades

sudo apt-get install unattended-upgrades

sudo dpkg-reconfigure unattended-upgrades (interactive, answer Yes)

Create user grader (pw = graderpw) and install key from Local Machine

 ubuntu@ip-x.x.x.x:~$ sudo adduser grader
 ubuntu@ip-x.x.x.x:~$ su grader
 grader@ip:/home/ubuntu$ cd /home/grader
 grader@ip-x.x.x.x:~$ mkdir .ssh
 grader@ip-x.x.x.x:~$ touch .ssh/authorized_keys
 grader@ip-x.x.x.x:~$ vi .ssh/authorized_keys 
 grader@ip-x.x.x.x:~$ chmod 700 .ssh
 grader@ip-x.x.x.x:~$ chmod 644 .ssh/authorized_keys 
 grader@ip-x.x.x.x:~$ ls -la
  total 28
  drwxr-xr-x 3 grader grader 4096 Jun 25 20:45 .
  drwxr-xr-x 4 root   root   4096 Jun 25 20:42 ..
  -rw-r--r-- 1 grader grader  220 Jun 25 20:42 .bash_logout
  -rw-r--r-- 1 grader grader 3771 Jun 25 20:42 .bashrc
  -rw-r--r-- 1 grader grader  655 Jun 25 20:42 .profile
  drwx------ 2 grader grader 4096 Jun 25 20:45 .ssh
  -rw------- 1 grader grader  644 Jun 25 20:45 .viminfo
 grader@ip-x.x.x.x:~$

Using vim or nano edit .ssh/authroized_keys (I prefer vi/vim)
- vi .ssh/authorized_keys
- Paste contents of grader_key.pub from your LOCAL Machine
- Save and Exit.
  
  vim : :wq
  
  nano : CTRL-X, Y, <ENTER>

Grant ‘grader’ sudo access

 ~$ sudo ls /etc/sudoers.d  <-- Find exiting username to copy
 90-cloud-init-users  README
 ~$ sudo cp /etc/sudoers.d/90-cloud-init-users /etc/sudoers.d/grader <-- Copy to grader
 ~$ sudo ls /etc/sudoers.d
 90-cloud-init-users  grader  README
 ~$ sudo vi /etc/sudoers.d/grader
 	change user name to grader
 	save and quit
     :wq!

Test grader ssh access using key

ssh -i grader_key grader@<server-ip>

Test grader sudo permissions

 Last login: Tue Jun 25 20:51:48 2019 from x.x.x.x
 grader@ip-x.x.x.x:~$ ls /etc/sudoers.d
 ls: cannot open directory '/etc/sudoers.d': Permission denied
 grader@ip-x.x.x.x:~$ sudo ls /etc/sudoers.d
 90-cloud-init-users  grader  README
 grader@ip-x.x.x.x:~$

Change ssh to listen on port 2200 and prohibit root login

 grader@ip-x.x.x.x:~$ vi /etc/ssh/sshd_config
 	Add ‘Port 2200’ below ‘Port 22’
 	Confirm PasswordAuthentication is no(default)
 	Confirm PermitRootLogin is no or prohibit-password(new default)
 	:wq
 grader@ip-x.x.x.x:~$

Restart sshd

grader@ip-x.x.x.x:~$ sudo services sshd restart
Close SSH session and reconnect on port 2200
- If successful
  - Edit /etc/ssh/sshd_config
  - Remove or Comment out ‘Port 22’
  - Save and restart sshd again
- If unsuccessful
  - Go back a few steps and retrace looking for what went wrong

Configure UFW (Uncomplicated FireWall)

 sudo ufw status <— check current status
 sudo ufw default deny incoming
 sudo ufw default allow outgoing
 sudo ufw allow ssh
 sudo ufw allow 2200/tcp
 sudo ufw allow www
 sudo ufw allow ntp
 sudo ufw enable <— activates FW - BE CERTAIN BEFORE YOU ENABLE

Configure your Application

Get Application onto the server (git shown but you can FTP, SCP, or SFTP if you wish)
- Install git
  
  sudo apt-get install git
- Configure git
  - Configure Git : Source
  - Set git global 'user.name' and 'user.email'
    
    git config --global user.name "Your_Name"
    
    git config --global user.email "email_address@domain.com"
  - Create project directory (I just made it a subdirectory of $HOME)
    
    cd $HOME
    
    mkdir blacksmithcatalog
- Clone the project to the blacksmithcatalog directory using the github repository url
  
  git clone https://github.com/Scifideity/BlacksmithCatalog.git blacksmithcatalog
Create the Virtual Environment
- Install Python3 and Virtual Environment
  
  sudo apt install python3-pip
  
  sudo apt install python3-venv
- Create the Virtual Environment
  
  python3 -m venv blacksmithcatalog/venv
Activate the Virtual Environment (venv)

cd blacksmithcatalog

source venv /bin/activate

NOTE: ENSURE YOU ARE IN THE (venv) FROM THIS POINT ON

Prompt will be prefaced with (venv)

Install Flask Application dependancies

pip install -r requirements.txt
Install Nginx (webserver to serve static files)

cd $HOME

sudo apt install nginx
Install Gunicorn (WSGI to handle python code)

pip install gunicorn

Configure Nginx

Remove the default configuration file

sudo rm /etc/nginx/sites-enabled/default
Create a new configuration file for your application

sudo vi /etc/nginx/sites-enabled/blacksmithcatalog

Add the following:

 server {
        listen 80;
 	   server_name 3.219.35.196;

 	   location /static {
        alias /home/ubuntu/blacksmithcatalog/static;
 	   }

 	   location / {
     		proxy_pass http://localhost:8000;
     		include /etc/nginx/proxy_params;
     		proxy_redirect off;
 	   }
 }

Save and Exit

:wq

Restart Nginx server

sudo systemctl restart nginx
OPTIONAL TEST : Run gunicorn from command line and test site

gunicorn -w 3 application:app

Browse to http://3.219.35.196.xip.io

CTRL-C to exit
Install Supervisor (Monitors and restarts app)

sudo apt install supervisor

Configure Supervisor

sudo vi /etc/supervisor/conf.d/blacksmithing.conf