A basic steps for installation of Ubuntu Linux on a virtual machine to host a Flask web application. This includes the installation of updates, securing the system from a number of attack vectors and installing/configuring web and database servers.
- ip address: 3.123.20.102
- ssh prot : 2200
- URL : http://ec2-3-123-20-102.eu-central-1.compute.amazonaws.com
I accessed the lightsail instance using SSH with the following command:
ssh -i LightsailDefaultKey-eu-central-1.pem ubuntu@3.123.20.102
Created a new user named grader using the following command:
sudo adduser grader
Followed the instructions in command line and added a secure password. After that I granted sudo permissions to grader user.
Updated all currently installed applications:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install python-psycopg2
sudo apt-get install python-flask python-sqlalchemy
sudo apt-get install python-pip
sudo dpkg-reconfigure tzdata
sudo apt-get install ntp
server ntp.ubuntu.com
server pool.ntp.org
sudo service ntp reload
sudo apt-get install apache2
sudo apt-get install libapache2-mod-wsgi
And configured a new Virtual Host by sudo vim /etc/apache2/sites-available/catalog-app.conf with the following content:
<VirtualHost *:80>
ServerName 3.123.20.102
#ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/catalogApp/mycatalog.wsgi
<Directory /var/www/catalogApp/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalogApp/catalog/static
<Directory /var/www/catalogApp/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
sudo a2ensite catalog-app
After that I created the .wsgi file by sudo vim /var/www/catalog-app/mycatalog.wsgi with the following content:
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/catalogApp/")
from catalog import app as application
application.secret_key = 'Add your secret key'
sudo service apache restart
sudo apt-get install postgresql postgresql-contrib
sudo -i -u postgres
createuser --interactive
createdb catalog
psql \password catalog
sudo apt-get install git-all
Then to setup Catalog project I cloned the Catalog app repository inside the /var/www/ and followed the README instructions. I made additional changes for the project to work with PostgreSQL. I changed /instance/database_setup.py file from
SQLALCHEMY_DATABASE_URI = "sqlite:///../catalog/catalog.db"
SQLALCHEMY_DATABASE_URI = "postgresql://catalog:password@localhost/catalog"
Changed from root user to new grader user:
su - grader Then added directory .ssh with
mkdir .ssh Added file .ssh/authorized_keys and copied ssh public key contents of udacity_key to authorized_keys, and finally restricted permissions to .ssh and authorized_keys:
chmod 700 .ssh chmod 644 .ssh/authorized_keys
To force key based authentication I edited /etc/ssh/sshd_config file from
PasswordAuthentication yes to
PasswordAuthentication no Then, restarted ssh service:
sudo service ssh restart
To host SSH on non-default port 22, I edited /etc/ssh/sshd_config file from
Port 22 to
Port 2200 And finally restarted ssh service:
sudo service ssh restart
'''To setup UFW, first I check firewall status with:'''
sudo ufw status
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2200/tcp
sudo ufw allow www
sudo ufw allow ntp
sudo ufw enable
To accomplish this task I added a text file named grader to /etc/sudoers.d/ directory with the following content:
grader ALL=(ALL) ALL
This way the user is asked for password at least once per session. The remote user grader is given sudo privileges.
- INSTALL GIT
- Initial Server Setup with Ubuntu 14.04
- How To Configure the Apache Web Server on an Ubuntu or Debian VPS
- How to isntall and use postgresgl
- How To Secure PostgreSQL on an Ubuntu VPS
- How To Deploy a Flask Application on an Ubuntu VPS
- Flask Deploying - mod_wsgi (Apache)
- Flask by Example - Setting Up Postgres, SQLAlchemy, and Alembic
- A Step by Step Guide to Install LAMP (Linux, Apache, MySQL, Python) on Ubuntu
- How to enforce password complexity on Linux