This is the last project for the "Full Stack Web Developer Nanodegree" program on Udacity, the project consist in the deploying a ubuntu vsp (virtual private server) and do the following tasks:
- use a linux server instance, its recommended to use Amazon lightsail, Digital Ocean, Lonide
- Change the ssh port from 22 to 2200
- Configure the Uncomplicated Firewall (UFW) to only allow incoming connection for SSH (port 2200), HTTP (port 80) and NTP (port 123)
- Create a user (grader)
- Give grader the permission to sudo
- Create an SSH key pair for grader using the ssh-keygen tool
- Install apache2 and deploy the Item Catalog Project done early in the course
For the project I used digital ocean which has a $5/mo $0.007/hr plan. The process is very easy:
- Create a new droplet, use Ubuntu 16.04.6 X64
- You will receive an email with the root password
- ip address: 192.241.149.216
- SSH port: 2200
- project url: http://192.241.149.216.xip.io/
- Apache2
- libapache2-mod-wsgi
- postgresql
- python-pip
- python-Flask
- Git
- python-httplib2
- python-requests
- python-bleach
- python-sqlachemy
- python-oauth2client
- python-psycopg2
- python-passlib
- python-virtualenv
To connect to the server and open its files for editing i used putty and WinSCP, to test grader and create public and private keys i used Git Bash which is a emulated linux console application that can interact with the windows file system that comes with Git.
Note: Is possible also to use a linux subsystem to do all the tasks, just open windows store type linux and install the linux you want to work with, but keep in mind that is not advised to open linux files from Windows metadata may corrupt your work
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo adduser grader
For this you need to create the file called grader inside the directory /etc/sudoers.d
root@ubuntu-s-1vcpu-1gb-nyc1-01:/etc/sudoers.d# sudo nano grader
Add the following line inside grader
grader ALL=(ALL) NOPASSWD:ALL
This step has two parts: first generate a SSH key pair on your local machine second copy the public key to the server.
LOCAL MACHINE: If you are using gitbash on windows the keys will located in "C:\Users\YOUR_username\.ssh", also by default name of your keys are id_rsa and id_rsa.pub I named mine graderKEY and graderKEY.pub
Sertech@SertechLaptop MINGW64 ~
$ ssh-keygen -t rsa -b 2048 -C "Udacity GRADER"
SERVER:In the server change user to grader, create a directory called .ssh in grader's home directory, inside that folder create a file named authorized_keys and finally copy and paste the contents of id_rsa.pub into authorized_keys
root@ubuntu-s-1vcpu-1gb-nyc1-01:/home# su grader
grader@ubuntu-s-1vcpu-1gb-nyc1-01:~$ mkdir ~/.ssh
Here paste the contents of graderKEY.pub(in this case) ctrl+o to save ctrl+x to exit
grader@ubuntu-s-1vcpu-1gb-nyc1-01:~$ sudo nano ~/.ssh/authorized_keys
grader@ubuntu-s-1vcpu-1gb-nyc1-01:~$ chmod 700 ~/.ssh
grader@ubuntu-s-1vcpu-1gb-nyc1-01:~$ sudo chmod 644 ~/.ssh/authorized_keys
Edit the file called sshd_config located in /etc/ssh/sshd_config, look for a commented line or just a line that says Port 22 and change it to Port 2200
root@ubuntu-s-1vcpu-1gb-nyc1-01:~# sudo nano /etc/ssh/sshd_config
root@ubuntu-s-1vcpu-1gb-nyc1-01:~# sudo service ssh restart
root@ubuntu-s-1vcpu-1gb-nyc1-01:~# sudo ufw allow 2200
root@ubuntu-s-1vcpu-1gb-nyc1-01:~# sudo ufw allow 80
root@ubuntu-s-1vcpu-1gb-nyc1-01:~# sudo ufw allow 123
root@ubuntu-s-1vcpu-1gb-nyc1-01:~# sudo ufw enable
root@ubuntu-s-1vcpu-1gb-nyc1-01:~# sudo dpkg-reconfigure tzdata
It will open a different menu, inside it select none of the above, then select UTC and finish
Current default time zone: 'Etc/UTC'
Local time is now: Mon May 27 02:54:36 UTC 2019.
Universal Time is now: Mon May 27 02:54:36 UTC 2019.
$ sudo apt-get install apache2
$ sudo apt-get install libapache2-mod-wsgi
$ sudo a2enmod wsgi
root@ubuntu-s-1vcpu-1gb-nyc1-01:/# sudo apt-get install postgresql
Change to the postgres user
root@ubuntu-s-1vcpu-1gb-nyc1-01:/# sudo su - postgres
postgres@ubuntu-s-1vcpu-1gb-nyc1-01:~$
Create a new user:catalog password:password with limited access to the catalog application database
postgres@ubuntu-s-1vcpu-1gb-nyc1-01:~$ createuser --interactive -P
Enter name of role to add: catalog
Enter password for new role:
Enter it again:
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
Create the catalog database
postgres@ubuntu-s-1vcpu-1gb-nyc1-01:~$ psql
postgres=# CREATE DATABASE catalog;
postgres=# \q
root@ubuntu-s-1vcpu-1gb-nyc1-01:/# sudo apt-get install git
Inside /var/www/ create a directory called catalog and there clone the Catalog repository
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog# sudo git clone https://github.com/sertech/projectProtafolio3.git catalog
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo apt-get install python-pip
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# pip install virtualenv
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo virtualenv venv
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# source venv/bin/activate
(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo pip install Flask
(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo pip install psycopg2
(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo pip install requests
(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo pip install oauth2client
(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo pip install itsdangerous
(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo pip install google-api-python-client
(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo pip install SQLAlchemy
(venv) root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# deactivate
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog#
Create a configuration file for the catalog project called catalog.conf
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog/catalog# sudo nano /etc/apache2/sites-available/catalog.conf
catalog.conf
<VirtualHost *:80>
ServerName 192.241.149.216
ServerAlias 192.241.149.216.xip.io
ServerAdmin ihatelinux@whyissohard.com
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
root@ubuntu-s-1vcpu-1gb-nyc1-01:/# sudo a2ensite catalog
note: to disable other sites use $sudo a2dissite
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog# sudo nano catalog.wsgi
catalog.wsgi
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/catalog/")
from catalog import app as application
application.secret_key = 'do not share this baby2'
It is necessary to make small changes in the application files for it to run in the server, the main application file needs to be renamed to _init_.py
BEFORE:
engine = create_engine('sqlite:///catalogApp.db')
CLIENT_ID = json.loads(open('client_secrets.json', 'r').read())['web']['client_id']
oauth_flow = flow_from_clientsecrets('client_secrets.json', scope='')
if __name__ == '__main__':
app.secret_key = 'do not share this baby'
app.debug = True
app.run(host='0.0.0.0', port=8000)
AFTER:
engine = create_engine('postgresql://catalog:password@localhost/catalog')
CLIENT_ID = json.loads(open('/var/www/catalog/catalog/client_secrets.json', 'r').read())['web']['client_id']
oauth_flow = flow_from_clientsecrets('/var/www/catalog/catalog/client_secrets.json', scope='')
if __name__ == '__main__':
app.secret_key = 'do not share this baby2'
app.run()
The directory structure should be like this inside /var/www/
+-- catalog
| +-- catalog
| | +-- __init__.py
| | +-- db_setup.py
| | +-- static
| | +-- templates
| | +-- venv (the virtual environment)
| | +-- other files and folders necessary
| +-- catalog.wsgi
A restart is necessary every time a file is change inside app directory
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog# sudo service apache2 reload
root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/catalog# sudo service apache2 restart