http://clappaws.club/
http://34.214.27.203/
Catalog app is a small restful CRUD app with python flask and postgresql sqlalchemy deploying on apache2 server hosted on AWS lightsail ubuntu 16.04 LTS. This app is to display sport equipments categories and items to the general public, and allow authorized users to create, update, and delete categories and items.
- Apache2
- Ubuntu 16.04 on AWS lightsail
- VirtualEnv
- Virtualbox and Vagrant
- Python 3.5/3.6
- Twitter Bootstrap 4
- Coverage and Tox (cross-platform cross-version test tools)
- Flask Framework
- Mod_WSGI
- Flask Login
- Flask OAuthlib
- Flask WTForms (validate form elements)
- Flask Flash (display flash messages)
- Flash SQLAlchemy
- Postgresql
- SQLAlchemy
- Psycopg2
- Jinja2
- Werkzeug
- Ratelimit
- Decorator
- Requests
- Oauthlib
- Itsdangerous
- MarkupSafe
- Pep8
- Create blueprints to distribute a large app into resuable components
- Utilize restful CRUD to create/update/delete categories and items records by authoirzed users
- Employ authentication and authorization to grant CRUD access to authorized users
- Generate catalog.json endpoint at http:///catalog.json
- Add a new database user "catalog" with limited permission (CreateDB only)
- Change ssh port from 22 to 2200
- Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)
- Assign a new user "grader" the permission to access apache server on AWS lightsail
- Download virtual box from https://www.virtualbox.org/wiki/Download_Old_Builds_5_1
- Follow the instructions to setup virtualbox
- Download git from https://git-scm.com/downloads
- follow the instructions to set up git bash
- Download vagrant from https://www.vagrantup.com/downloads
- Follow the instructions to setup vagrant. (Note: if the current version is non-compatiable with your OS, downgrade the version)
-
Download from https://github.com/udacity/fullstack-nanodegree-vm
-
Download source codes from https://github.com/melc/catalog
cd fullstack-nanodegree-vm/vagrant cd catalog git clone https://github.com/melc/catalog
-
Createa a new file *config.py", copy the following lines of codes and paste to the file config.py
import os DEBUG = True CSRF_ENABLED = True SECRET_KEY = os.urandom(20) GOOGLE_CLIENT_ID = <google client_id> GOOGLE_CLIENT_SECRET = <google client secret> FACEBOOK_APP_ID = <facebook app id> FACEBOOK_APP_SECRET = <facebook app secret> SQLALCHEMY_DATABASE_URI = 'postgresql://vagrant:vagrant@localhost:5432/catalog'
-
Install ubuntu 16.04 LTS
cd vagrant/ vagrant up
-
Login to installed ubuntu VM
vagrant ssh
(note: $ will be changed to vagrant@vagrant:~$)
-
Install python dependencies
sudo python3.5 -m pip install -r requirements.txt
-
Reset database user vagrant password if prompted
psql postgres ALTER ROLE vagrant WITH ENCRYPTED
-
Create database catalog
psql vagrant CREATE DATABASE catalog;
-
Replace line of code in the file application.py,
old code: app.run(debug=True) new code: app.run(debug=True, host='0.0.0.0', port=8000)
-
Replace line of code in the file *app.py" (webapp/app.py)
old code: app.config.from_pyfile('/var/www/catalog/config.py') new code: app.config.from_object('config')
-
Launch application.py
python3.5 application.py
- Create an account on http://aws.amazon.com
- On AWS Managament Console select Lightsail
- Choose OS only Ubuntu 16.04 LTS
- Change SSH key pair from default to a new ssh key pairs and download to your host machine
- Create Instance and Static IP, attach static ip to instance
-
Open the file /etc/ssh/sshd_config on host machine, change the port number 22 to 2200.
-
Click on the button "Connect using SSH", and execute the following commands on virtual machine
sudo service ssh restart sudo ufw status sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh sudo ufw allow 2200/tcp sudo ufw allow www sudo ufw allow 123/udp sudo ufw deny 22 sudo ufw enable sudo ufw status
To Action From 22 DENY Anywhere 2200/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 123/udp ALLOW Anywhere 22 (v6) ALLOW Anywhere 2200/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 123/udp (v6) ALLOW Anywhere (v6) -
Update external firewall by clicking on the AWS lightsail instance, then selecting the 'Networking' tab, and configuring the firewall to match the internal firewall settings above (123(UDP) and 2200(TCP));
-
Change the permission of ssh key pairs file to readonly on host machine
chmod 600 </path/to/ssh key pairs>.pem
-
Logon virtual machine
ssh -i </path/to/ssh key pairs>.pem -p 2200 ubuntu@<aws lightsail public ip>
-
Create a new user grader
sudo adduser grader
-
Enter passphrase twice
-
Check if the new user was created successfully
su - grader
(the user should be changed from ubuntu to grader) -
Grant sudo permission to the new user
sudo visudo
(make sure the user is ubuntu in lieu of grader)Insert the following line of codes under
root ALL=(ALL:ALL) ALL
grader ALL=(ALL:ALL) ALL
-
Verify the new user having sudo permission
su - grader
sudo -l
Matching Defaults entries for grader on
ip-XX-XX-XX-XX.ec2.internal:
env_reset, mail_badpass,
secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
User may run the following commands on
ip-XX-XX-XX-XX.ec2.internal:
(ALL : ALL) ALL
-
On host machine,
-
Execute the following:
<path/to/ssh-keygen>/ssh-keygen
-
Choose a file name for the ssh key pair (ex. grader_key)
-
Enter passphrase twice
-
Copy the contents of ssh key pair file (ex. grader_key.pub)
cat / <path/to/ssh-keygen> grader_key.pub
-
Log in to the virtual machine
ssh -i </path/to/ssh key pairs>.pem -p 2200 ubuntu@<aws lightsail public ip>
-
-
-
On virtual machine,
-
Switch to the new user grader home directory
su - grader
-
Create a new directory .ssh
sudo mkdir .ssh
-
Create a new file authorized_keys
touch ~/.ssh/authorized_keys
-
Paste the contents of ssh key pair file into authorized_keys
- Change .ssh and authorized_keys permissions.
chmod 700 .ssh chmod 644 .ssh/authorized_keys
- Check PasswordAuthentication setting open the file /etc/ssh/sshd_config, and find the following line,
# Change to no to disable tunnelled clear text passwords 'PasswordAuthentication 'no'
-
-
On host machine,
- login to virtual machine with the new user "grader"
ssh -i <ssh key pair> -p 2200 <new user>@<aws lightsail public ip>
(ex. grader_key)
-
Execute the following command,
sudo dpkg-reconfigure tzdata
-
Go to bottom, and select “None of the above”
-
Select "UTC"
-
Install apache2,
sudo apt-get update sudo apt-get install apache2 apache2-dev
-
Install python3.5
sudo apt-get install python3.5-dev
-
Install mod wsgi
sudo apt-get install libapache2-mod-wsgi-py3
-
Update and upgrade packages
sudo apt-get update && sudo apt-get upgrade
-
Enable apache module, mod wsgi, and restart apache
sudo a2enmod wsgi ***** enabling module wsgi sudo service apache2 restart ***** activate the new configuration
-
Install postgresql
sudo apt-get install postgresql postgresql-contrib
-
Start postgresql
sudo /etc/init.d/postgresql start
-
Create a database superuser vagrant
sudo -u postgres -i psql CREATE ROLE vagrant WITH LOGIN; ALTER ROLE vagrant with ENCRYPTED PASSWORD 'vagrant';
-
Create database catalog with superuser owner vagrant
CREATE DATABASE catalog OWNER 'vagrant'; ALTER ROLE vagrant SUPERUSER;
-
Insert the following line of codes into the file /etc/postgresql/9.5/main/pg_hba.conf
local all vagrant peer
-
Create a database user catalog
sudo /etc/init.d/postgresql restart sudo -u postgres -i psql CREATE USER catalog WITH LOGIN; ALTER ROLE catalog with ENCRYPTED PASSWORD 'catalog';
-
Assign create database permission to new user catalog
ALTER ROLE catalog WITH CREATEDB;
-
Insert the following line of codes into the file /etc/postgresql/9.5/main/pg_hba.conf
local all <db user name> md5
-
Restart postgresql
sudo /etc/init.d/postgresql restart
-
Download project catalog from github
cd /var/www/ git clone https://github.com/melc/catalog
-
Change ownership of catalog to ubuntu
sudo chown -R ubuntu:ubuntu /var/www/catalog
-
Install virtualenv
apt-get install python3-pip pip3 install virtualenv
-
Create virtual environment for catalog app
cd /var/www/catalog virtualenv -p python3.5 venv
-
Activate virtual environment
source venv/bin/activate
-
Install python3.5 dependencies
venv/bin/python3.5 -m pip install -r requirements.txt
-
Check if dependencies installed correctly
cd venv/lib/python3.5/site-packages
-
Run catalog application on localhost http://localhost:8000/
python3.5 application.py
-
Deactivate virtual environment
deactivate
-
Create a file config.py
touch /var/www/catalog/config.py
-
Copy the following lines of codes and paste to the file config.py
import os DEBUG = True CSRF_ENABLED = True SECRET_KEY = os.urandom(20) GOOGLE_CLIENT_ID = <google client_id> GOOGLE_CLIENT_SECRET = <google client secret> FACEBOOK_APP_ID = <facebook app id> FACEBOOK_APP_SECRET = <facebook app secret> SQLALCHEMY_DATABASE_URI = 'postgresql://vagrant:vagrant@localhost:5432/catalog'
- Setup google api account
- Go to google deveoper console, https://console.developers.google.com/apis/dashboard
- Select credentials, create Client ID and Client Secret
- Copy Client ID and Client Secret to the file config.py
- Setup authorized javascript origins (ex. http://127.0.0.1:5000)
- Setup authorized redirect URIs *(ex. http://127.0.0.1:5000/login/google_authorized)
- Setup facebook api account
- Go to facebook graph api console, https://developers.facebook.com/
- Choose facebook login, click on
My Apps
on top right screen, selectAdd a New App
- Follow the instruction to create APP ID and APP SECRET
- Copy APP ID and APP SECRET to the file config.py
- Select facebook login dashboard, set
Client OAuth Login
toYes
,Web OAuth Login
toYes
- Setup valid oauth redirect URIs (ex. http://127.0.0.1:5000/login/facebook_authorized)
-
Configure virtual host
touch /etc/apache2/sites-available/catalog.conf copy and paste the following lines of codes into the file *catalog.conf*
<VirtualHost *:80> ServerName XX.XX.XX.XX ServerAdmin xxx@gmail.com WSGIScriptAlias / /var/www/catalog/catalog.wsgi <Directory /var/www/catalog/webapp/> Order allow,deny Allow from all Options -Indexes </Directory> Alias /static /var/www/catalog/webapp/static <Directory /var/www/catalog/webapp/static> Order allow,deny Allow from all Options -Indexes </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn </VirtualHost>
-
Enable virtual host
a2dissite 000-default *** disable default configuration file sudo a2ensite catalog *** enable new created configuration file sudo service apache2 restart sudo apache2ctl restart
-
Create .wsgi file /var/www/catalog/catalog.wsgi
-
Add the following lines of codes into the file catalog.wsgi
#!/usr/bin/python activator = '/var/www/catalog/venv/bin/activate_this.py' # Looted from virtualenv; should not require modification, since it's defined relatively with open(activator) as f: exec(f.read(), {'__file__': activator}) import sys import logging logging.basicConfig(stream=sys.stderr) sys.path.insert(0,"/var/www/catalog/") from run import app as application
-
Restart apache
sudo service apache2 restart