As part of the Full Stack Web Developer Nanodegree with Udacity
The goal of this project is to configure and deploy the catalog flask app created in the previous project with a ubuntu server instance. Here Amazon Lightsail is used.
The website URL was 52.13.215.215.xip.io, the IP address is 52.13.215.215 and it is on port 2200. The website is no longer hosted with Amazon Lightsail.
The grader user key was included in the Udacity FullStack Nanodegree project submission comment.
- Get a server instance
- Follow the instruction provided to SSH in the server instance.
- Create a new user called grader & give sudo permission to the new user
- Secure and configure the server to UTC on port 2200 and e thfirewall to port 2200, 80 and 123
- Install Apache and mod_wsgi
- Install and configure PostgreSQL, including a user named catalog with limited permissions to the catalog database
- Create FlaskApp/
- Add the virtual host
- Configure .wsgi file *Test configuration with simple flask application before cloning app (optional)
- Install git and clone catalog project repository
- Modify catalog project python files for deployment
- Deploy the database
- Add categories to the database in the terminal with PostgresSQL
- Update the URL to include domain .xip.io
- Update configuration on Google developer console
- Make sure the .git directory is not publicly accessible
- Restart Apache to apply all changes.
- Get a Amazon Web Services account and create a Amazon Lightsail Linux server instance
- Open it terminal via the browser and update packages for ubuntu
- Set the IP of the instance to fix on Amazon Lightsail portal
- Download the Lightsail default private key to your local Downloads folder
- Moved it to your local .ssh folder
- Change the permission to ssh folder and the private key:
chmod 700 .ssh
chmod 600 .ssh/private_key_name
- You can now connect with ssh via the terminal.
- Create new user called grader
sudo adduser grader
- To give sudo to grader. Create the grader file with:
sudo nano /etc/sudoers.d/grader
- Add the following to /etc/sudoers.d/grader:
grader ALL=(ALL) NOPASSWD:ALL
- Create a new SSH key pair for the grader ssh-keygen user with and add public key to grader user session under .ssh/authorized_keys. Plus, update permission to
chmod 700 .ssh
chmod 644 .ssh/authorized_keys
- You can now connect to the grader user on the instance with
ssh -i ~/.ssh/private_key_name -p 2200 [email protected]
- Change the SSH port from 22 to 2200 in . Plus, update the firewall on AWS Lightsail website to for port 2200
/etc/ssh/sshd_config
sudo service ssh restart
- Disable root login from remote. In /etc/ssh/sshd_config, update it to:
PermitRootLogin no
- Disable the password base log in for the remote. In /etc/ssh/sshd_config, update it to:
PasswordAuthentication No
sudo service ssh restart
- Configure the firewall(UFW) to only allows connection for SSH (port 2200), HTTP (port 80), and NTP (port 123).
sudo ufw status
sudo ufw allow 2200/tcp
sudo ufw allow 80/tcp
sudo ufw allow 123/udp
sudo ufw enable
- Configure to local timezone UTC
sudo dpkg-reconfigure tzdata
- Install Apache
sudo apt-get install apache2
- Install python mod_wsgi
sudo apt-get install python-setuptools libapache2-mod-wsgi
- Restart Apache
sudo service apache2 restart
- Install/configure PostgreSQL
sudo apt-get install postgresql
- Block remote connections
sudo nano /etc/postgresql/9.5/main/pg_hba.conf
- Login as postgres
sudo su - postgres
- Start PostgresSQL shell
psql
- Create a new database called catalog
postgres=# CREATE DATABASE catalog;
- Create a new user in the database called catalog
postgres=# CREATE USER catalog;
- Add a password to the user catalog
postgres=# ALTER ROLE catalog WITH PASSWORD 'password';
- Give permissions to the catalog database to user catalog
postgres=# GRANT ALL PRIVILEGES ON DATABASE catalog TO catalog;
- Quit postgresSQL and exit user postgres
exit
- Install pip:
sudo apt-get install python-pip
- Install psycopg2:
- Install the other requirements with pip:
sudo pip install requests, sqlalchemy, httplib2
- Navigate to the www directory
cd /var/www
- Create the app directory
sudo mkdir FlaskApp
- Navigate into the app directory
cd FlaskApp
- Install the virtualenv and create one named ven
sudo pip install virtualenv
sudo virtualenv venv
- Activate the virtual environment and install Flask in the environment
source venv/bin/activate
sudo pip install Flask
You can test your app with sudo python __init__.py. Test the main one or just a simple one if you want verify your configuration before you clone your main project
To deactivate the environment, give the following command:
deactivate
- Create the FlaskApp.conf file:
sudo nano /etc/apache2/sites-available/FlaskApp.conf
- add the following inside the configuration document
<VirtualHost *:80>
ServerName 52.13.215.215
ServerAdmin [email protected]
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Start the virtual host:
sudo a2ensite FlaskApp
- Create the .wsgi file in /var/www/FlaskApp
cd /var/www/FlaskApp
sudo nano flaskapp.wsgi
- Inside flaskapp.wsgi add:
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/FlaskApp/")
from FlaskApp import app as application
application.secret_key = 'super_secret_key'
- Install git
sudo apt-get install git
- Navigate to the FlaskApp main folder
cd /var/www/Flask/Flask
- Clone the Item Catalog project from GitHub
git clone GitHub_URL
- Rename the repository:
sudo mv ./catalog-linux ./FlaskApp
- Navigate to the rename repository:
cd FlaskApp
- Rename application.py to __init__.py:
sudo mv application.py __init__.py
- Edit __init__.py (formally application.py), database_setup.py and change the create_engine address
postgresql://catalog:password@localhost/catalog
- Add path
path = os.path.dirname(__file__)
- Update the path to the client secret
CLIENT_ID = json.loads(open(path+'/client_secrets.json', 'r').read())['web']['client_id']
oauth_flow = flow_from_clientsecrets(path+'/client_secrets.json', scope='')
- Run the database_setup file:
sudo python database_setup.py
- Restart Apache
sudo service apache2 restart
- Connect via psql, connect to the database and add the categories
INSERT INTO category (id, name) VALUES (1, 'Cameras');
INSERT INTO category (id, name) VALUES (2, 'Lenses');
INSERT INTO category (id, name) VALUES (3, 'Tripods');
INSERT INTO category (id, name) VALUES (4, 'Drones');
INSERT INTO category (id, name) VALUES (5, 'Bags');
- Restart Apache
sudo service apache2 restart
- Modify /etc/apache2/sites-available/FlaskApp.conf to:
ServerName 52.13.215.215.xip.io
ServerAlias 52.13.215.215.xip.io
- Update the redirect and origin URL of the Google Sign-in credentials, save and download the update JSON
- Paste the update content of the client secret JSON file to the client_secrets.json in the server instance.
- Create a .htaccess folder in the root folder of the website on the server instance
- Write and save the following into it:
RedirectMatch 404/\.git
sudo service apache restart
See error log with command:
sudo tail -20 /var/log/apache2/error.log
- Amazon Lightsail
- Apache
- mod_wsgi
- Ubuntu
- virtalenv
- pip
- Python 2.7
- Flask
- PostgresSQL
- psycopg2
- SQLAlchemy
- httplib2
- requests
https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps
https://askubuntu.com/questions/27559/how-do-i-disable-remote-ssh-login-as-root-from-a-server