Linux Server Configuration Project
For this project, we take a baseline installation of a Linux distribution on a virtual machine and prepare it to host web applications, to include installing updates, and installing/configuring web and database servers.
Useful Information:
- IP Address: 18.220.229.44
- SSH Port: 2200
- Application Link: http://ec2-18-220-229-44.us-east-2.compute.amazonaws.com
Instructions:
#1. Update all currently installed packages:
sudo apt-get update
sudo apt-get upgrade
- Install finger:
sudo apt-get install finger
#2. Set the Timezone:
- Run:
sudo timedatectl set-timezone UTC
- To verify, run:
timedatectl status
#3. Change the SSH port from 22 to 2200 and configure the Lightsail firewall to allow it
- Run
sudo nano /etc/ssh/sshd_config
- Look for the Port line and edit it to: 2200
Run
sudo service ssh restart
#4. Configure Firewall Settings
- Check the status of the firewall by running:
sudo ufw status
sudo ufw allow 2200/tcp
sudo ufw allow 80/tcp
sudo ufw allow 123/udp
sudo ufw enable
sudo ufw status
#5. Add a new user named grader and enable sudo command:
- Run
sudo adduser grader
- Run
sudo nano /etc/sudoers.d/grader
- Write the text:
grader ALL=(ALL:ALL) ALL
in the /etc/sudoers.d/grader file
#6. Configure key-based authentication for grader user
- Go back to your local machine and create an encryption key by running:
ssh-keygen -f ~/.ssh/udacity_key.rsa
- Open the public key file and copy its content
- Now return to your remote machine and connect to the server via ssh
- Switch user by running: su grader
- Create a new directory called
.ssh
in the home directory of grader by running:mkdir ~/.ssh
- Create a new file by running:
sudo nano ~/.ssh/authorized_keys
- Insert the content of the public key file
- Ensure that this folder has the correct permissions by running:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
- Also make sure that key-based authentication is enforced by running:
sudo nano /etc/ssh/sshd_config
- Look for the line: PasswordAuthentication yes
- Change it to: PasswordAuthentication no
#7. Disable ssh login for root user
- Run:
sudo nano /etc/ssh/sshd_config
- Find the PermitRootLogin line and edit it to
no
- Run:
sudo service ssh restart
#8. Install Apaache
sudo apt-get install apache2
#9. Install mod_wsgi and git
sudo apt-get libapache2-mod-wsgi python-dev
sudo apt-get install git
- Enable mod:
sudo a2enmod wsgi
- Now run:
sudo service apache2 start
#10: Install Git and clone project
- Create new directory:
sudo mkdir /var/www/catalog
- Set the owners of the files:
sudo chown -R grader:grader /var/www/catalog
- Clone project to catalog:
cd /var/www/catalog
git clone https://github.com/christopherjeon/item-catalog-project.git catalog
#11. Create a .wsgi file
sudo nano catalog.wsgi
- Add the following:
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/catalog/")
from catalog import app as application
application.secret_key = 'supersecretkey'
#12. Rename the main file
cd catalog
sudo mv catalog_project.py __init__.py
#13. Install virtual environment
- Install pip by running:
sudo apt-get install python-pip
- Being with installing virtual environment:
sudo pip install virtualenv
- Create new virtual environment:
sudo virtualenv venv
- Activate:
source venv/bin/activate
sudo chmod -R 777 venv
#14. Install Flask and other required packages
- Install Flask by running:
pip install Flask
- For other packages:
pip install httplib2 oauth2client sqlalchemy psycopg2 sqlalchemy_utils
#15. Change path of client_secrets.json__
- Edit by running:
nano __init__.py
- Change the client_secrets.json path to
/var/www/catalog/catalog/client_secrets.json
#16. Configure and enable a new virutal host
sudo nano /etc/apache2/sites-available/catalog.conf
- Paste this code:
<VirtualHost *:80>
ServerName 18.220.229.44
ServerAlias ec2-18-220-229-44.us-east-2.compute.amazonaws.com
ServerAdmin admin@18.220.229.44
WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
#17. Install and configure PostgreSQL
sudo apt-get install libpq-dev python-dev
sudo apt-get install postgresql postgresql-contrib
sudo su - postgres
psql
#18. Create and Set Up database
CREATE USER catalog WITH PASSWORD 'create your password here';
ALTER USER catalog CREATEDB;
CREATE DATABASE catalog WITH OWNER catalog;
- Connect to your database:
\c catalog
REVOKE ALL ONE SCHEMA public TO catalog;
- Log out from PostgreSQL:
\q
- Now
exit
- Change create engine line in your Python files to: engine = create_engine(‘postgresql://catalog:YOUROASSWORDHERE@localhost/catalog')
#19. Initialize your Python files:
- For me, I initialized my Python files like this:
python lotsofsports.py
python catalog_database.py
python __init__.py
#20. Restart Apache
- Run:
sudo service apache2 restart
- Visit: http://ec2-18-220-229-44.us-east-2.compute.amazonaws.com