Udacity Linux Server Configuration
Site can be accessed publicly at http://52.20.134.48
sudo apt-get update
sudo apt-get dist-upgrade
sudo adduser grader
sudo usermod -aG sudo grader
su - grader’ && ‘sudo whoami
// validate output is 'root'
- a. Create the directory and set file permissions
mkdir -p $HOME/.ssh
// Create a .ssh directorychmod 0700 $HOME/.ssh
// Modify permissions so only grader can read, write, and execute
- b. Temporarily allow password authentication to easily copy over ssh key
sudo nano /etc/ssh/sshd_config
- Set PasswordAuthentication to yes (if not yes by default), press 'CTRL + X' and 'y' to exit and confirm save
sudo service ssh restart
// Restart ssh service for changes to take effect- Switch to local machine you intend to ssh into server from...
ssh-keygen -t rsa
// Generates an ssh key of type RSA in a directory of your choice e.g /Users/waldo/.ssh/ssh-copy-id -i $HOME/.ssh/grader.pub [email protected]
// Replace with location of your rsa key and your server's IPsudo nano /etc/ssh/sshd_config
- Set PasswordAuthentication back to no to force SSH then press 'CTRL + X' and 'y' to exit and confirm save
sudo service ssh restart
ssh [email protected] -i ~/.ssh/grader
// SSH into server to confirm key is working
- c. Change default SSH port to 2200
sudo nano /etc/ssh/sshd_config
- Replace ‘#Port 22’ with ‘Port 2200’
- Uncomment ProhibitRootLogin and set it to no to prevent brute force attacks on the root user
sudo systemctl restart ssh
- d. Edit your firewall rules in the LightSail networking tab
- Add a new rule, select 'Custom' for the Application column and '2200' for the port range
- Delete the first rule which allows SSH on Port 22
- e. Check SSH is working on Port 2200
- Back in the terminal, type
systemctl ssh restart && exit
ssh [email protected] -p 2200 -i ~/.ssh/grader
- Back in the terminal, type
sudo ufw default deny incoming; sudo ufw default allow outgoing;
sudo ufw allow 2222/tcp; sudo ufw allow http; sudo ufw allow ntp
sudo ufw enable && sudo ufw status
// Turn on firewall and validate ports are set up correctlyexit
and thenssh [email protected] -p 2200 -i ~/.ssh/grader
to ensure its working
timedatectl set-timezone UTC
- Then validate with
timedatectl status
sudo apt-get install apache2
// Install Apache2curl http://localhost
// Should return Apache's default html templatesudo apt-get install libapache2-mod-wsgi python-dev
// Install mod_wsgisystemctl restart apache2
// Restart Apache2
sudo apt-get install postgresql postgresql-contrib
sudo apt-get install libpq-dev python-dev
sudo nano /etc/postgresql/10/main/pg_hba.conf
// Make sure remote connections are disabled (should be by default)sudo su postgres
- `ALTER USER postgres WITH PASSWORD 'postgres’;’
CREATE USER catalog WITH PASSWORD 'catalog’;
ALTER USER catalog CREATEDB SUPERUSER;
CREATE DATABASE pokedex WITH OWNER catalog;
\c pokedex
REVOKE ALL ON SCHEMA public FROM public;
GRANT ALL ON SCHEMA public TO catalog;
- Check everything with
\du
and\l
- Quit with
\q
and return to grader user withexit
- a. Install Git
sudo apt install git-all
- b. Setup directory
cd /var/www/html
// Directory you want to clone repository intoGit clone https://github.com/Defiled/Pokedex.git
sudo chown -R grader:grader /var/www/Pokedex/
- c. Install libraries, tools and dependencies
sudo apt-get -qq install python python-pip
sudo pip install flask sqlalchemy flask-sqlalchemy psycopg2-binary httlib2 oauth2client requests
- d. Convert to PostgreSQL from SQLite
sudo nano /var/www/Pokedex/db_populate.py
- Change "engine = create_engine('sqlite:///pokedex.db’)” to “engine = create_engine('postgresql://catalog:catalog@localhost/pokedex’)”
- Do the same in db_populate.py and project.py
- a. Setup Apache config file
sudo nano /etc/apache2/sites-available/Pokedex.conf
- Insert the following:
<VirtualHost *:80>
ServerName 52.20.134.48
# ServerAlias pokedex.usa
ServerAdmin [email protected]
WSGIDaemonProcess catalog python-path=/var/www/Pokedex:/usr/local/lib/python2.7/dist-packages
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/Pokedex/pokedex.wsgi
<Directory /var/www/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/Pokedex/static
<Directory /var/www/Pokedex/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
systemctl reload apache2
// Restart the apache serversudo a2ensite Pokedex
// Enable site- b. Create .wsgi script file
sudo nano pokedex.wsgi
- Insert the following:
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/Pokedex/")
sys.path.insert(1, "/var/www/")
from Pokedex import app as application
application.secret_key = 'pikachu'
- c. Project tweaks
sudo mv project.py __init__.py
so that python knows to treat the Pokedex directory as a modulesudo nano __init__.py
and update the CLIENT_ID variable to load the absolute path of the file it now lives in
- a. Setup and populate the PostgreSQL database
Python db_setup.py
Python db_populate.py
systemctl reload apache2
- b. Connect to server
sudo cat /var/log/apache2/error.log
to debug any issues