In [1]:
from IPython.display import Audio, Image, YouTubeVideo

# PROJECT: Linux Server Configuration

## CHAPTER 1: Project Overview


### Project Overview

You will take a baseline installation of a Linux server and prepare it to host your web applications. You will secure your server from a number of attack vectors, install and configure a database server, and deploy one of your existing web applications onto it.

### Why this Project?

A deep understanding of exactly what your web applications are doing, how they are hosted, and the interactions between multiple systems are what define you as a Full Stack Web Developer. In this project, you’ll be responsible for turning a brand-new, bare bones, Linux server into the secure and efficient web application host your applications need.

### What will I Learn?

You will learn how to access, secure, and perform the initial configuration of a bare-bones Linux server. You will then learn how to install and configure a web and database server and actually host a web application.

### How does this Help my Career?

* Deploying your web applications to a publicly accessible server is the first step in getting users
* Properly securing your application ensures your application remains stable and that your user’s data is safe


## CHAPTER 2: Project Details

### How will I complete this project?

This project is linked to the [Configuring Linux Web Servers course](https://classroom.udacity.com/courses/ud299), which teaches you to secure and set up a Linux server. By the end of this project, you will have one of your web applications running live on a secure web server.

To complete this project, you'll need a Linux server instance. We recommend using [Amazon Lightsail](https://lightsail.aws.amazon.com/) for this. If you don't already have an Amazon Web Services account, you'll need to set one up. Once you've done that, here are the steps to complete this project.

### Get your server.

1. Start a new Ubuntu Linux server instance on [Amazon Lightsail](https://lightsail.aws.amazon.com/). There are full details on setting up your Lightsail instance on the next page.
2. Follow the instructions provided to SSH into your server.

### Secure your server.

3. Update all currently installed packages.
4. Change the SSH port from 22 to 2200. Make sure to configure the Lightsail firewall to allow it.
5. Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123).
>
>*Warning: When changing the SSH port, make sure that the firewall is open for port 2200 first, so that you don't lock yourself out of the server. When you change the SSH port, the Lightsail instance will no longer be accessible through the web app 'Connect using SSH' button. The button assumes the default port is being used. There are instructions on the same page for connecting from your terminal to the instance. Connect using those instructions and then follow the rest of the steps.*
>

### Give ``grader`` access.

In order for your project to be reviewed, the grader needs to be able to log in to your server.

6. Create a new user account named ``grader``.
7. Give ``grader`` the permission to sudo.
8. Create an SSH key pair for ``grader`` using the ssh-keygen tool.

### Prepare to deploy your project.

9. Configure the local timezone to UTC.
10. Install and configure Apache to serve a Python mod_wsgi application.

    * If you built your project with Python 3, you will need to install the Python 3 mod_wsgi package on your server: ``sudo apt-get install libapache2-mod-wsgi-py3``.

11. Install and configure PostgreSQL:

    * Do not allow remote connections
    * Create a new database user named catalog that has limited permissions to your ``catalog`` application database.

12. Install ``git``.

### Deploy the Item Catalog project.

13. Clone and setup your __Item Catalog__ project from the Github repository you created earlier in this Nanodegree program.
14. Set it up in your server so that it functions correctly when visiting your server’s IP address in a browser. Make sure that your ``.git`` directory is not publicly accessible via a browser!


## CHAPTER 3: Get started on Lightsail

### Get started on Lightsail

We're recommending [Amazon Lightsail](https://lightsail.aws.amazon.com/) for this project. If you prefer, you can use any other service that gives you a publicly accessible Ubuntu Linux server. But Lightsail works pretty well and it's what we've tested.

There are a few things you need to do when you create your server instance.
1. __Log in!__

First, log in to Lightsail. If you don't already have an Amazon Web Services account, you'll be prompted to create one.

![screen-shot-2017-02-10-at-14.59.35.png](attachment:screen-shot-2017-02-10-at-14.59.35.png)
*Amazon Web Services login page.*

2. __Create an instance.__

Once you're logged in, Lightsail will give you a friendly message with a robot on it, prompting you to create an instance. A Lightsail instance is a Linux server running on a virtual machine inside an Amazon datacenter.

![screen-shot-2017-02-10-at-14.58.17.png](attachment:screen-shot-2017-02-10-at-14.58.17.png)
*When you have no instances, Lightsail gives you a picture of an orange robot and suggests that you create an instance.*

3. __Choose an instance image: Ubuntu__

Lightsail supports a lot of different instance types. An instance image is a particular software setup, including an operating system and optionally built-in applications.

For this project, you'll want a plain Ubuntu Linux image. There are two settings to make here. First, choose "OS Only" (rather than "Apps + OS"). Second, choose Ubuntu as the operating system.


![screen-shot-2017-02-10-at-14.46.15.png](attachment:screen-shot-2017-02-10-at-14.46.15.png)
*When you create an instance, Lightsail asks what kind you want.
For this project, choose an "OS Only" instance with Ubuntu.*


4. __Choose your instance plan.__

The instance plan controls how powerful of a server you get. It also controls how much money they want to charge you. For this project, the lowest tier of instance is just fine. And as long as you complete the project within a month and shut your instance down, the price will be zero.
Lightsail setup: Pricing options. (Choose $5/month with first month free.)

![screen-shot-2017-02-10-at-14.46.35.png](attachment:screen-shot-2017-02-10-at-14.46.35.png)
*Lightsail's options for instance pricing.
For this project, pick the lowest one to get free-tier access.*


>
>*Be aware: If you enable additional features in Lightsail, you may be charged extra for them.*
>

5. __Give your instance a hostname.__

Every instance needs a unique hostname. You can use any name you like, as long as it doesn't have spaces or unusual characters in it. Your instance's name will be visible to you and to the project reviewer.

![screen-shot-2017-02-10-at-14.47.08.png](attachment:screen-shot-2017-02-10-at-14.47.08.png)
*I've named my instance ``silly-name-here.``*

6. __Wait for it to start up.__

It may take a few minutes for your instance to start up.

![screen-shot-2017-02-10-at-14.47.34.png](attachment:screen-shot-2017-02-10-at-14.47.34.png)
*While your instance is starting up, Lightsail shows you a grayed-out display.*

![screen-shot-2017-02-10-at-14.48.29.png](attachment:screen-shot-2017-02-10-at-14.48.29.png)
*Once your instance is running, the display gets brighter.*

7. __It's running; let's use it!__

Once your instance has started up, you can log into it with SSH from your browser.

The public IP address of the instance is displayed along with its name. In the above picture it's ``54.84.49.254.``

__Note__: When you set up OAuth for your application, you will need a DNS name that refers to your instance's IP address. You can use the [xip.io](http://xip.io/) service to get one; this is a public service offered for free by Basecamp. For instance, the DNS name ``54.84.49.254.xip.io`` refers to the server above.


![screen-shot-2017-02-10-at-14.48.40.png](attachment:screen-shot-2017-02-10-at-14.48.40.png)
*The main page for my ``silly-name-here`` instance.
The big orange "Connect using SSH" button is the next step.*


Explore the other tabs of this user interface to find the Lightsail firewall and other settings. You'll need to configure the Lightsail firewall as one step of the project.

When you SSH in, you'll be logged as the ``ubuntu`` user. When you want to execute commands as ``root``, you'll need to use the ``sudo`` command to do it.

![screen-shot-2017-02-10-at-14.49.14.png](attachment:screen-shot-2017-02-10-at-14.49.14.png)
*An SSH window logged into the server instance.
From here, it's just like any other Linux server.*

8. __Project time.__

Now that you have a working instance, you can get right into the project!


## CHAPTER 4: Linux Server Configuration Webcasts

### Webcasts for the Linux Server Configuration Project

Need some additional help getting started with the Linux Server Configuration Project, or simply curious and want to learn a little bit more? Watch the following Webcasts!

These webcasts are recordings of live Q&A sessions and demos. As always, you should read the appropriate rubric for your project thoroughly before you begin work on any project and double check the rubric before submitting. The videos were made by Udacity's coaches. Think of them as extra supplemental materials.


#### The webcasts for the Linux Server Configuration Project include:

* [SSH: How to access a remote server and edit files](https://www.youtube.com/watch?v=HcwK8IWc-a8)
* [Intro to TMux](https://www.youtube.com/watch?v=hZ0cUWWixqU)
* [Deploying a Flask App with Heroku](https://www.youtube.com/watch?v=5UNAy4GzQ5E)

### Happy Learning!


## CHAPTER 5: Project: Linux Server Configuration

### Project Submission

Student is expected to set up a Linux server with good security settings, a running web server, and deployment of their Item Catalog project from earlier in the ND.

Student instructions are as follows —

You will take a baseline installation of a Linux distribution on a virtual machine and prepare it to host your web applications, to include installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.

Note: If you have no experience working in the shell we recommend starting with [Linux Command Line Basics](https://www.udacity.com/course/viewer#!/c-ud595-nd). Otherwise, you can jump straight into [Configuring Linux Web Servers](https://www.udacity.com/course/viewer#!/c-ud299-nd).

### Evaluation

Your project will be evaluated by a Udacity Code Reviewer according to the rubric below. Be sure to review it thoroughly before you submit. All criteria must "meet specifications" in order to pass.

### Project Specification
#### Linux Server Configuration

#### User Management
Criteria |	Meets Specifications
--|--
Can you log into the server as the user ``grader`` using the submitted key? | The SSH key submitted with the project can be used to log in as grader on the server.
Is remote login of the root user disabled? | You cannot log in as root remotely.
Is the grader user given sudo access? | The grader user can run commands using sudo to inspect files that are readable only by root.

#### Security
Criteria |	Meets Specifications
--|--
Is the firewall configured to only allow for SSH, HTTP, and NTP? | Only allow connections for SSH (port 2200), HTTP (port 80), and NTP (port 123).
Are users required to authenticate using RSA keys? | Key-based SSH authentication is enforced.
Are the applications up-to-date? | All system packages have been updated to most recent versions.
Is SSH hosted on non-default port? | SSH is hosted on non-default port.

#### Application Functionality
Criteria |	Meets Specifications
--|--
Is there a web server running on port 80? | The web server responds on port 80.
Has the database server been configured to properly serve data? | Database server has been configured to serve data (PostgreSQL is recommended).
Has the web server been configured to serve the Item Catalog application? | Web server has been configured to serve the Item Catalog application as a WSGI app.

#### Documentation
Criteria |	Meets Specifications
--|--
Is a README file included in the GitHub repo containing all specified information? | A README file is included in the GitHub repo containing the following information: IP address, URL, summary of software installed, summary of configurations made, and a list of third-party resources used to complete this project.

### Submission

Please follow these steps to properly submit this project:

* Create a new GitHub repository and add a file named ``README.md``.

* Your README.md file should include all of the following:
    * i. The IP address and SSH port so your server can be accessed by the reviewer.
    * ii. The complete URL to your hosted web application.
    * iii. A summary of software you installed and configuration changes made.
    * iv. A list of any third-party resources you made use of to complete this project.

* Locate the SSH key you created for the grader user.

* During the submission process, paste the contents of the grader user's SSH key into the "Notes to Reviewer" field.

When you're ready to submit your project, click [here](https://review.udacity.com/#!/rubrics/2007/start) and follow the instructions. Due to the high volume of submissions we receive, please allow up up to 7 business days for your evaluation to be returned.

If you are having any problems submitting your project or wish to check up on the status of your evaluation, please email us at [fullstack-project@udacity.com](fullstack-project@udacity.com).

### Next Steps

You will get an email as soon as your reviewer has feedback for you. Congratulations on making it this far in the Nanodegree! You're almost finished!
 # Congratulations! You've completed this project