A baseline installation of a Linux server and prepare it to
host web applications, secure server from a number of
attack vectors, install and configure a database server.
A deep understanding of exactly what a web application
do, how they are hosted, and the interactions between
multiple systems. This project helps to turn a brand-new,
bare bones, Linux server into the secure and efficient web
application host the applications needs.
Link to Item Catalog
- Ip Address: 13.232.62.22
- SSH Port : 2200
-
Create an account on Amazon Web Services.
-
When you have been successfully logged in, launch the virtual machine and SSH into the instance.
-
Download the private key and move it to the .ssh folder.
-
To make the public key usable and secure, input
$ chmod 600 ~/.ssh/AWSKey.pem
-
Now login into the server using
$ ssh -i ~/.ssh/AWSKey.pem [email protected]
-
Now we have to add a new user grader after becoming the root user.
$ sudo adduser grader
will add a new user named grader. -
To give sudo access to the grader, make a new file under etc directory using this
$ sudo nano /etc/sudoers.d/grader
and add this text to that file :grader ALL=(ALL:ALL) ALL
. -
Run these commands to update all packages and install finger.
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install finger
-
Open a new terminal and write this command in that terminal :
$ ssh-keygen -f ~/.ssh/udacity_key.rsa
-
To read that public key, we have to use the cat command :
$ cat ~/.ssh/udacity_key.rsa.pub
-
Copy this key, and now in the first terminal, we have to go to the grader's folder located under the home directory by
$ cd /home/grader
. -
Now we have to create a ssh directory there by using
$ mkdir .ssh
and creating a file to store that public key :$ touch .ssh/authorized_keys
-
Paste that key that you copied from the second terminal into this file by editing it using
$ nano .ssh/authorized_keys
-
Now start the service again using
$ sudo service ssh restart
-
Now we can login into the remote VM through ssh using this command :
ssh -i udacity_key.rsa [email protected]
-
Change the permissions using
$ sudo chmod 700 /home/grader/.ssh
and$ sudo chmod 644 /home/grader/.ssh/authorized_keys
. -
To enforce the password based authentication, change the text after PasswordAuthentication to no, Port line to 2200 and PermitRootLogin to no after running the command
$ sudo nano /etc/ssh/sshd_config
and restart the service again using the command written in point 14. -
Now to configure the uncomplicated firewall, run these commands:
$ sudo ufw allow 2200/tcp
$ sudo ufw allow 80/tcp
$ sudo ufw allow 123/udp
$ sudo ufw enable
-
Now to deploy the application, run the following commands to install the necessary packages:
$ sudo apt-get install apache2 libapache2-mod-wsgi git
$ sudo a2enmod wsgi
$ sudo apt-get install libpq-dev python-dev
$ sudo apt-get install git
$ sudo apt-get install postgresql postgresql-contrib
$ sudo apt-get install python-pip
$ sudo pip install Flask
$ sudo pip install httplib2 oauth2client sqlalchemy psycopg2 sqlalchemy_utils
-
Now restart the service again,
sudo service apache2 restart
-
Now to deploy the application, we have to clone it in a separate directory.
-
Write down the following commands in the terminal : *
$ sudo mkdir /var/www/catalog
*$ sudo chown -R grader:grader catalog
*$ cd catalog
*$ git clone https://github.com/RahulKathuria/Item-Catalog.git
-
Now we have to create a catalog.wsgi file:
$ touch catalog.wsgi
$ nano catalog.wsgi
-
Now write this code in the file: import sys import logging logging.basicConfig(stream=sys.stderr) sys.path.insert(0, "/var/www/catalog/") from catalog import app as application application.secret_key = 'supersecretkey'
-
Rename the application from project.py to init.py
-
Now to install the virtual machine, run the following commands:-
$ sudo pip install virtualenv
$ sudo virtualenv venv
$ source venv/bin/activate
$ sudo chmod -R 777 venv
- Now change the client_secrets.json line to /var/www/catalog/client_secrets.json
- To enable the virtual host, use this command :
* -
$ sudo nano /etc/apache2/sites-available/catalog.conf
* Paste the following code into that file :
ServerAdmin [email protected]
WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Now we have to create a user to create and set the database,
-
- Create a new User named catalog :
# CREATE USER catalog WITH PASSWORD 'rahulkathuria';
- Create a new User named catalog :
-
Create a new DB named catalog:
# CREATE DATABASE catalog WITH OWNER catalog;
-
Connect to the database catalog :
# \c catalog
-
# REVOKE ALL ON SCHEMA public FROM public;
-
# GRANT ALL ON SCHEMA public TO catalog;
-
Log out from PostgreSQL:
# \q
. Then return to the grader user:$ exit
- Use
sudo nano
to edit files on the server by chaging every occurrence ofengine = create_engine('sqlite:///restaurantmenu.db')
toengine = create_engine('postgresql://catalog:rahulkathuria@localhost/catalog)
- Now run
$ lotsofmenu.py
to populate the database with the list items. - Now, at the end we have to restart the apache server by
sudo service apache2 restart
- Now open the browser and type 35.154.240.35 and you are ready to go.
- Flask Documentation
- Digital Ocean
- Stack Overflow