The purpose of the project is to create a brand-new, bare bones, Linux server into the secure and efficient web application. In this project item catalog is deployed on AWS light sail server.
Item catalog app is hosted on
- IP address - 35.155.196.149
- SSH Port - 2200
- Item catalog can be accessed through http://35.155.196.149.xip.io/
- Updated & upgraded all packages using
sudo apt-get update && sudo apt-get upgrade
- Changed default SSH port from 22 to 2200
- Added ufw rule
- To deny all incoming -
sudo ufw default deny incoming
- To allow all outgoing -
sudo ufw default allow outgoing
- Opened port 2200 -
sudo ufw allow 2200/tcp
- Opened port 80 -
sudo ufw allow 80/tcp
- Opened port 123 -
sudo ufw allow 123/tcp
- To deny all incoming -
- After adding above ufw rules enabled ufw -
sudo ufw enable
- Verified ufw status using -
sudo ufw status verbose
- Removed root SSH access
- Removed password access
- Created new user
grader
- Gave sudo access to user
grader
- Generated SSH keys using ssh-keygen for
grader
- Added SSH public key to
~/.ssh/authorized_keys
- For Web server installed
sudo apt-get install apache2
- To host python based application
item-catalog
, a Web server Gateway Interface is needed, so installedsudo apt-get install libapache2-mod-wsgi python-dev
item-catalog
uses sqlite3 database, to verify/query data, installed sqlite3 client -sudo apt-get install sqlite3 libsqlite3-dev
- Verified data using
sqlite3 itemcatalog.db
item-catalog
requres below python modules likeflask
,requests
etc. So installedpip
-sudo apt-get install python-pip python-dev build-essential
- Upgraded pip -
sudo pip install --upgrade pip
- Installed required python modules
- flask -
sudo pip install -U Flask
- oauth -
sudo pip install --upgrade oauth2client
- sqlalchemy -
sudo pip install --upgrade sqlalchemy
- requests -
sudo pip install --upgrade requests
- flask -
- Verified item-catalog by running
python catalog_views.py
- Created file
/var/www/html/myapp.wsgi
to refer item-catalogimport sys sys.path.append('/var/www/html/item-catalog') from catalog_views import app as application
- Added myapp.wsgi to
/etc/apache2/sites-enabled/000-default.conf
at the end of<VirtualHost *:80>
WSGIScriptAlias / /var/www/html/myapp.wsgi
- Restarted apache server using
sudo apache2ctl restart
-
Saw below error in
/var/log/apache2/error.log
OperationalError: (sqlite3.OperationalError) unable to open database file
When application is run through wsgi, the paths are not getting resolved correctly so used absolute paths. Changed path from
sqlite:///itemcatalog.db
tosqlite:////var/www/html/item-catalog/itemcatalog.db
. Done the same forclient_secret_google.json
changed to/var/www/html/item-catalog/client_secret_google.json
-
Saw threading excepitons like below
ProgrammingError: (sqlite3.ProgrammingError) SQLite objects created in a thread can only be used in that same thread.
Since global session is used saw above errors, so change session to session scoped, so removed
DBSession = sessionmaker(bind=engine) session = DBSession()
Added
session = scoped_session(sessionmaker(bind=engine)) .. @app.teardown_request def remove_session(ex=None): session.remove()
Once all above configurations are done able to run item-catalog application, below is the demo.