Fron a baseline installation of a AWS Ubuntu Server we prepare it to host a web application learning how to access, secure, and perform the initial configuration of a bare-bones Linux server. Also we install and configure a database server, and deploy a Items Project application onto it.
This project use a Amazon Lightsail Ubuntu Server to host an application. Here some information to access the host.
- IP Address: 18.204.17.121
- SSH port: 2200
- URL: http://18.204.17.121.xip.io/category
To deploy this application in your own AWS sistem you will need:
- Amazon Web Services account
- Ubuntu Linux Server instance on Amazon Lightsail
-
Update all currently installed packages.
$ sudo apt update && sudo apt upgrade -
Change the SSH port from 22 to 2200 and forbid root access.
$ sudo vi /etc/ssh/sshd_config$ sudo service ssh restart -
Configure Lightsail firewall.
Inside the Item-Cataglog-Server instance on Amazon Lightsail go to network. Then add rules for HTTP, TCP and NTP connections.
-
Configure UFW firewall to only allow incoming connections for SSH(2200), HTTP(80) and NTP(123).
Deny all incoming:
$ sudo ufw default deny incomingAllow all outgoing:
$ sudo ufw default allow outgoingAllow SSH(2200), HTTP(80) and NTP(123) ports:
$ sudo ufw allow 2200/tcp $ sudo ufw allow 80/tcp $ sudo ufw allow 123/udpEnable firewall:
$ sudo ufw enableWarning: When changing the SSH port, make sure that the firewall is open for port 2200 first, so that you don't lock yourself out of the server.
-
Go to the AWS Lightsail instance and match the UFW configuration with the firewall instance.
After that you can logon server with:
$ ssh -i ~/.ssh/LightsailDefaultKey.rsa [email protected] -p 2200 -
Install package to automatically manage updates
$ sudo apt install unattended-upgrades
$ sudo dpkg-reconfigure --priority=low unattended-upgrades
-
Give grader access.
Create new user account on server:
$ sudo adduser graderGive user sudo permission adding grader ALL=(ALL:ALL) ALL to the file:
$ sudo visudoCreate SSH key for user:
$ ssh-keygen -f ~/.ssh/udacity_key.rsaAdd key for authorized_keys file:
$ sudo vi /home/grader/.ssh/authorized_keysChange the owner the permissions and restart the service:
$ sudo chown -R grader:grader /home/grader/.ssh $ sudo chmod 700 /home/grader/.ssh $ sudo chmod 644 /home/grader/.ssh/authorized_keys $ sudo service ssh restartNow you can logon system with the new user:
$ ssh -i ~/.ssh/udacity_key.rsa [email protected] -p 2200 -
Configure the local timezone to UTC.
By default Ubuntu systems has the timezone seted to UTC. To confirm you can run the comand:
$ sudo dpkg-reconfigure tzdata -
Install and configure Apache to serve a Python3.
Install Apache2:
$ sudo apt install apache2Install Python 3 mod_wsgi to allow apache2 to serve python3:
$ sudo apt-get install libapache2-mod-wsgi-py3Start Apache Server:
$ sudo service apache2 start -
Deploy the application.
Install Github:
$ sudo apt install gitCreate a directory named LinuxSever inside the Apache www path and get into it:
$ sudo mkdir LinuxServerClone the github application on apache www directory and move the LinuxServer.wsgi file to LinuxServer clone father:
$ sudo git clone https://github.com/psaviott/LinuxServer.git $ sudo chown -R grader:grader LinuxServer/Create a .wsgi file
$ sudo vi /var/www/LinuxServer/LinuxServer.wsgiThen paste the following code on a file:
activate_this = '/var/www/LinuxServer/LinuxServer/venv3/bin/activate_this.py' with open(activate_this) as file_: exec(file_.read(), dict(__file__=activate_this)) #!/usr/bin/python import sys import logging logging.basicConfig(stream=sys.stderr) sys.path.insert(0, "/var/www/LinuxServer/LinuxServer/") sys.path.insert(1, "/var/www/LinuxServer/") from catalog import app as application application.secret_key = 'super_secret_key'Install pip3:
$ sudo apt install python3-pipInstall create and activate a new virtual environment:
$ sudo pip3 install virtualenv $ virtualenv -p python3 venv3 $ sudo chown -R grader:grader LinuxServer/ $ . venv3/bin/activateInstall project dependencies and deactivate virtual environment:
$ pip3 install -r /requirements.txt $ sudo apt install python3-psycopg2 $ deactivate -
Create a host on Apache.
Edit wsgi.conf file:
sudo vi /etc/apache2/mods-enabled/wsgi.confBellow WSGIPythonPath add this line:
WSGIPythonPath /var/www/LinuxServer/LinuxServer/venv3/lib/python3.5/site-packagesCreate conf file:
$ sudo vi /etc/apache2/sites-available/LinuxServer.confAdd this code on file:
<VirtualHost *:80> ServerName 18.204.17.121 ServerAlias ec2-18.204.17.121.compute-1.amazonaws.com WSGIScriptAlias / /var/www/LinuxServer/LinuxServer.wsgi <Directory /var/www/LinuxServer/LinuxServer/> Order allow,deny Allow from all </Directory> Alias /static /var/www/LinuxServer/LinuxServer/static <Directory /var/www/LinuxServer/LinuxServer/static/> Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>Enable host:
$ sudo a2ensite catalogReload Apache2:
$ sudo service apache2 reload -
Install and configure PostgreSQL.
Install Python Packages:
$ sudo apt install libpq-dev python-devInstall PostgreSQL:
$ sudo apt install postgresql postgresql-contribInside psql create a new user with CREATEDB:
# CREATE USER catalog WITH PASSWORD 'bill2012' CREATEDB;Create database:
# CREATE DATABASE catalog WITH OWNER catalogSetup the database with:
$ python /var/www/LinuxServer/LinuxServer/models.py
- How to create a Amazon Lightsail Instance
- Connect to your instance with SHH private key
- How to configure UFW Firewall
- Flask Application with mod-wsgi
- Setup Apache2
- Philipe Saviott - psaviott
- Python3 documentation
- SSH Wikipedia
- Coordinated Universal Time Wikipedia
- Python mod_wsgi documentation