Project 5 (Deploying to linux server)
Configuring a Linux server to host a web app securely using flask application on to Digitalocean. Installation of a Linux distribution on a virtual machine and prepare it to host web application(Item Catalog). It includes installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.
IP address: 139.59.130.134
Accessible SSH port: 2200
Application URL: http://139.59.130.134
- Run
sudo adduser graderto create a new user named grader - Create a new file in the sudoers directory with
sudo nano /etc/sudoers.d/grader - Add the following line
grader ALL=(ALL:ALL) ALL
- Download package lists with
sudo apt-get update - New versions of packages with
sudo apt-get upgrade
- Run
sudo nano /etc/ssh/sshd_config - Change the port from
22 to 2200 sudo service ssh restart
Step 4 : Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)
sudo ufw allow 2200/tcpsudo ufw deny 22- To delete port from status
sudo ufw delete <DENY/ALLOW> <PORT NUMBER> sudo ufw allow 80/tcpsudo ufw allow 123/udpsudo ufw allow sshsudo ufw allow wwwsudo ufw allow ftpsudo ufw enable
- Run
sudo dpkg-reconfigure tzdataand then choose none of above then UTC
- Generate key-pair with
ssh-keygen - Save keygen file into (/home/user/.ssh/id_rsa).and fill the password . 2 keys will be generated, public key (id_rsa.pub) and identification key(id_rsa).
- Login into grader account using
sudo login grader - Make a directory in grader account :
mkdir .ssh - Make a authorized_keys file using
touch .ssh/authorized_keys - From your local machine,copy the contents of public key(id_rsa.pub) paste that contents on authorized_keys of grader account using
nano authorized_keysand save it . - Give the permissions :
chmod 700 .sshandchmod 644 .ssh/authorized_keys. nano /etc/ssh/sshd_config, change PasswordAuthentication tonosudo service ssh restart
- Run
sudo nano /etc/ssh/sshd_config - Change
PermitRootLogin without-passwordtoPermitRootLogin no - Restart ssh with
sudo service ssh restart
sudo apt-get install apache2
- Run
sudo apt-get install libapache2-mod-wsgi python-dev - Enable mod_wsgi with
sudo a2enmod wsgi - Start the web server with
sudo service apache2 start
- Install git using
sudo apt-get install git cd /var/wwwsudo mkdir catalog- Change owner of the newly created catalog folder
sudo chown -R grader:grader catalog cd catalog- Clone your project from github
git clone <LINK FOR PROJECT 4 REPOSETORY> catalog - Create a catalog.wsgi file
nano catalog.wsgi, then add this inside:
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/catalog/")
from catalog import app as application
application.secret_key = 'super_secret_key'
WTF_CSRF_ENABLED = True
.
- Rename application.py to init.py
mv application.py __init__.py
- Install pip with
sudo apt-get install python-pip - Install the virtual environment
sudo pip install virtualenv - Create a new virtual environment with
sudo virtualenv venv - Activate the virutal environment
source venv/bin/activate - Change permissions
sudo chmod -R 777 venv
- Install Flask
pip install Flask - Install other project dependencies
sudo pip2 install httplib2 oauth2client sqlalchemy flask-sqlalchemy psycopg2-binary bleach requests sqlalchemy_utils
nano __init__.py- Change client_secrets.json path to
/var/www/catalog/catalog/client_secrets.json
- run
sudo nano /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
ServerName 139.59.130.134
ServerAlias http://139.59.130.134
ServerAdmin [email protected]
WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
.
sudo apt-get install libpq-dev python-devsudo apt-get install postgresql postgresql-contribsudo su - postgrespsql- Write these lines line-by-line :
CREATE USER catalog WITH PASSWORD 'password';ALTER USER catalog CREATEDB;CREATE DATABASE catalog WITH OWNER catalog;\c catalogREVOKE ALL ON SCHEMA public FROM public;GRANT ALL ON SCHEMA public TO catalog;\qexit- Change create engine line in your
__init__.py,database_setup.pyandfakedata.pyto:engine = create_engine('postgresql://catalog:password@localhost/catalog') - Run
sudo python database_setup.py
sudo service apache2 restart
Step 17 : Visit site at Catalog App
Oauth not work because the domain
- Udacity FSND
- Deploying a Python
- stackoverflow
- ask Ubuntu
- Amazon EC2 Linux Instances
- mod_wsgi (Apache)
- mod_wsgi
- project 4 Item Catalog
sudo tail -100 /var/log/apache2/error.log----> To check if there any error with apatchepython <File_name>.py runserver -d----> debug mode