A baseline installation of a Linux distribution on a virtual machine and prepare it to host web applications.
IP Address: 18.185.57.126
SSH Port: 2200
URL using DNS: 18.185.57.126
- Update all packages
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
- Enable automatic security updates
sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
- Change timezone to UTC and Fix language issues
sudo timedatectl set-timezone UTC
sudo update-locale LANG=en_US.utf8 LANGUAGE=en_US.utf8 LC_ALL=en_US.utf8
- Create a new user grader and Give him sudo access
sudo adduser grader
sudo nano /etc/sudoers.d/grader
Then add the following text grader ALL=(ALL) ALL
- Setup SSH keys for grader
On local machine
ssh-keygen
choose path for storing public and private keys copy the contents of the public key On remote machine home as user grader
sudo su - grader
mkdir .ssh
touch .ssh/authorized_keys
sudo chmod 700 .ssh
sudo chmod 600 .ssh/authorized_keys
nano .ssh/authorized_keys
Then paste the contents of the public key created on the local machine.
- Change the SSH port from 22 to 2200 | Enforce key-based authentication | Disable login for root user
sudo nano /etc/ssh/sshd_config
Then change the following:
Find the Port line and edit it to 2200. Remove the '#' if it's put before the port line.
Find the PasswordAuthentication line and edit it to no.
Find the PermitRootLogin line and edit it to no.
Save file
run sudo service ssh restart
- Configure the Uncomplicated Firewall (UFW)
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2200/tcp
sudo ufw allow www
sudo ufw allow ntp
sudo ufw enable
- Install Apache2 and mod-wsgi for python2 and Git
sudo apt-get install apache2 libapache2-mod-wsgi git
- Install and configure PostgreSQL
sudo apt-get install libpq-dev python-dev
sudo apt-get install postgresql postgresql-contrib
sudo su - postgres
psql
Then
CREATE USER catalog WITH PASSWORD 'password';
CREATE DATABASE catalog WITH OWNER catalog;
\c catalog
REVOKE ALL ON SCHEMA public FROM public;
GRANT ALL ON SCHEMA public TO catalog;
\q
exit
Note: In your catalog project you should change database engine to
engine = create_engine('postgresql://catalog:password@localhost/catalog')
- Connect with sftp to upload project zip file
sftp -P 2200 -i grader_private_key [email protected]
put item_catalog.zip
- from the grader user unzip the project file: if not downloaded download the unzip module.
sudo apt-get install unzip
unzip item_catalog.zip
- move project to catalog folder, unzip it and create configuration file:
cd /var/www/
sudo mkdir item_catalog
cd item_catalog
cd ~
mv item_catalog -r /item_catalog
nano catalog.wsgi
Then add the following in catalog.wsgi file
#!/usr/bin/python
import sys
sys.stdout = sys.stderr
Add this if you'll create a virtual environment, So you need to activate it
#-------
activate_this = '/var/www/item_catalog/env/bin/activate_this.py'
with open(activate_this) as file_:
exec(file_.read(), dict(__file__=activate_this))
#-------
sys.path.insert(0,"/var/www/item_catalog")
from app import app as application
application.secret_key = 'secret_key'
- Setup virtual environment and Install app dependencies
sudo apt-get install python-pip
sudo -H pip install virtualenv
virtualenv env
source env/bin/activate
pip install flask packaging oauth2client redis passlib flask-httpauth
pip install sqlalchemy flask-sqlalchemy psycopg2 bleach requests
- Configure apache server
sudo nano /etc/apache2/sites-available/udacity-project.conf
Then add the following content:
<VirtualHost *:80>
ServerName 18.185.57.126
ServerAdmin <Email>
DocumentRoot /var/www/item_catalog
WSGIDaemonProcess catalog user=grader group=grader
WSGIScriptAlias / /var/www/item_catalog/catalog.wsgi
<Directory /var/www/item_catalog>
WSGIProcessGroup catalog
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>