A baseline installation of a Linux distribution on a virtual machine and prepare it to host web applications, to include installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.
Public IP address : 35.154.231.1
SSH port : 2200
URL : http://ec2-35-154-231-1.ap-south-1.compute.amazonaws.com
1. Moved the primary key to the .ssh directory.
2. Apply RW owner rights on the key
$ chmod 600 .ssh/LightsailDefaultPrivateKey-ap-south-1.pem
3. SSH into the instance
$ ssh [email protected] -i ~/.ssh/LightsailDefaultPrivateKey-ap-south-1.pem
* Make sure you have a good and a stable internet connection to ssh into the server
$ sudo adduser grader
$ sudo nano /etc/sudoers.d/grader
Add "grader ALL=(ALL:ALL) ALL" to the newly created file and save
$ ssh-keygen -t rsa
Copy the contents of the .pub file to the virtual machine
$ nano /home/grader/.ssh/authorized_keys
Now, we are able to login to the lightsail instance by :
ssh [email protected] -i ~/.ssh/LightsailDefaultPrivateKey-ap-south-1.pem -p 2200
Source : https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
$ sudo nano /etc/ssh/sshd_config
Make sure PasswordAuthentication is set to no
Change port to 2200 from 22
Change PermitRootLogin to no
$ sudo service ssh restart
Change timezone to UTC using $ sudo timedatectl set-timezone UTC
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow 2200/tcp
$ sudo ufw allow www
$ sudo ufw allow ntp
$ sudo ufw enable
$ sudo apt-get install apache2 libapache2-mod-wsgi git
$ sudo a2enmod wsgi
1. Installing python dependencies and PostgreSQL
$ sudo apt-get install libpq-dev python-dev
$ sudo apt-get install postgresql postgresql-contrib
2. Log into PostgreSQL shell
$ sudo su - postgres
$ psql
3. Create a new user and database named catalog. Connect to the db, revoke rights,
lock down permissions only to user catalog.
CREATE USER catalog WITH PASSWORD 'password';
CREATE DATABASE catalog WITH OWNER catalog;
\c catalog
REVOKE ALL ON SCHEMA public FROM public;
GRANT ALL ON SCHEMA public TO catalog;
\q
$ exit
$ sudo apt-get install python-pip
$ sudo pip install Flask
$ sudo pip install httplib2 oauth2client sqlalchemy psycopg2 sqlalchemy_utils
$ sudo mkdir /var/www/catalog
$ sudo chown -R grader:grader /var/www/catalog
$ git clone https://github.com/AvneeshAFC/Item_Catalog.git /var/www/catalog/catalog
1. $ touch catalog.wsgi && nano catalog.wsgi
2. Add the following lines and save
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/catalog/")
from project import app as application
application.secret_key = 'super_secret_key'
3. Inside the files project.py, database_setup.py, lotsofmenus.py make the following changes for
correct database connection :
Change engine = create_engine('sqlite:///restaurantmenuwithusers.db') to
engine = create_engine('postgresql://catalog:password@localhost/catalog')
$ cd /var/www/catalog/catalog/
$ python database_setup.py
$ python lotsofmenus.py
Fill in the client_id and client_secret fields in the file client_secrets.json. Also change the javascript_origins field to the IP address and AWS assigned URL of the host. In this instance that would be: "javascript_origins":["http://ec2-35-154-231-1.ap-south-1.compute.amazonaws.com"] These addresses also need to be entered into the Google Developers Console -> API Manager -> Credentials, in the web client under "Authorized JavaScript origins".
$ sudo nano /etc/apache2/sites-available/000-default.conf
Add the following lines and save
<VirtualHost *:80>
ServerName 35.154.231.1
ServerAdmin [email protected]
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
$ sudo service apache2 restart
Source : https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps