This page explains how to set up and secure a Linux distribution/OS on a virtual machine, install and configure a web and database server to host a web application.
- The Linux distribution is Ubuntu 16.04 LTS.
- The virtual private server is Digital Ocean.
- The web application is my Restaurant Menu CRUD App created earlier in this Nanodegree program.
- The database server is PostgreSQL.
- My local machine is Ubuntu 16.04.
- Google API is not accepting bare APIs anymore hence Authentication has been disabled from back-end.
- Password set for user account grader: test
we will deploy a flask server project to a Ubuntu Server(Droplet) on Digital Ocean.
We will setup an internal postgres server as the database and demonstrate some advanced server management.
- Start a new server (or Droplet) on Digital Ocean.
- SSH into the server (ssh [email protected] -p 2200 -i /home/saltgen/.ssh/grader)
- Update all currently installed packages.
sudo apt-get update
sudo apt-get upgrade
- Change the SSH port from 22 to 2200. Make sure to configure the firewall to allow it.
- Open ssh config in
nano.
sudo nano /etc/ssh/sshd_config-
Locate "Port 22" in that file. Change it to "Port 2200".
-
Restart ssh service.
sudo service ssh restart- Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123).
sudo ufw allow 2200
sudo ufw allow 80
sudo ufw allow 123- Enable ufw(Uncomplicated Firewall).
sudo ufw enable- Check the status/Rules of ufw firewall
sudo ufw status- Now ssh port has been changed to 2200. Try exiting the ssh connection and re-connecting with the following command.
ssh [email protected] -p 2200 -i /home/USER_FOLDER/.ssh/grader- Create a new user account named
grader.
sudo adduser grader- Give
graderthe permission to sudo.
- To give
gradersudo permission.
sudo usermod -aG sudo grader- Create an SSH key pair for
graderusing the ssh-keygen tool
-
We will now have to setup a ssh key-pair for grader.
-
Login as grader, ssh [email protected] -p 2200 -i /home/USER_FOLDER/.ssh/grader
-
Don't give a password this time as ssh keys are themselves meant to be credentials so you can say that they are themselves passwords.
-
Copy the contents of
grader.pubfile. -
On the server terminal, run -
ssh [email protected] -p 2200 -i /home/USER_FOLDER/.ssh/grader
mkdir .ssh
chmod 700 .ssh
nano .ssh/authorized_keys
# paste the contents and save the file
chmod 644 .ssh/authorized_keys- Restart the ssh service.
sudo service sshd restart- Configure the local timezone to UTC.
- To configure timezone, run the following command.
sudo dpkg-reconfigure tzdata-
Select "None of the above" and then select UTC.
-
When done, you should see something like this in the terminal.
Current default time zone: 'Etc/UTC'
Local time is now: Sat Jul 15 04:50:15 UTC 2017.
Universal Time is now: Sat Jul 15 04:50:15 UTC 2017.- Install and configure Apache to serve a Python mod_wsgi application.
- To serve Python using Apache and mod_wsgi, install the following components.
sudo apt-get install apache2 libapache2-mod-wsgi python-dev
- Then start apache service.
sudo service apache2 restart- Install and configure PostgreSQL.
-
Create a new database user named
catalogthat has limited permissions to yourcatalogapplication database. -
Install postgresql as follows
sudo apt-get install postgresql- Now to create
catalogdatabase, run the following to get into psql shell.
sudo -u postgres psql- Install postgresql as follows
sudo apt-get install postgresql- Now to create
catalogdatabase, run the following to get into psql shell.
sudo -u postgres psql- Then when inside psql shell, run the following.
create user catalog with password 'password';
create database catalog with owner catalog;- Then exit psql shell with the following command.
\q- Add the following line in /etc/apache2/mods-enabled/wsgi.conf file
sudo nano /etc/apache2/sites-available/FlaskApp.conf- Add the following lines to configure the virtual host:
<VirtualHost *:80>
ServerName 142.93.208.96
ServerAdmin [email protected]
WSGIScriptAlias / /var/www/html/FlaskApp/FlaskApp/flaskapp.wsgi
<Directory /var/www/html/FlaskApp/FlaskApp>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/html/FlaskApp/FlaskApp/static
<Directory /var/www/html/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Enable virtual host:
sudo a2ensite FlaskApp
- Reload Apache:
sudo service apache2 reload.
- Create /var/www/FlaskApp/FlaskApp/flaskapp.wsgi file by typing,
sudo nano /var/www/FlaskApp/FlaskApp/flaskapp.wsgi
- Add the following lines:
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/html/FlaskApp/")
from FlaskApp import app as application
application.secret_key = 'Add your secret key'- Restart Apache: sudo service apache2 restart.
- python database_setup.py
- python lotsofmenus.py
-
Disable the default Apache site: sudo a2dissite 000-default.conf.
-
Reload Apache: sudo service apache2 reload.
Once this is done, enable the site and restart Apache.
sudo a2ensite FlaskApp # enable site
sudo service apache2 reload
The server should be live now. Visit the IP to check (http://142.93.208.96). If an error occurs, check the logs.
sudo tail /var/log/apache2/error.log- To disable root login & password-based login through ssh, open the ssh config file.
sudo nano /etc/ssh/sshd_config- Make changes as shown below.
PermitRootLogin no
PasswordAuthentication no- Save the file and restart ssh server.
sudo service sshd restart-
DigitalOcean Articles
-
How To Configure the Apache Web Server on an Ubuntu or Debian VPS
-
Thanks to @aviaryan on GitHub for the README reference