For this submission I will be providing a private key to log in to my amazon lightsail server. This key will be sent in the reviewer's notes.
Using Amazon Lightsail I started my own ubuntu server.
Public IP: 35.176.192.35
Amazon Lightsail allow its users to use an interactive terminal on their site to directly communicate with their servers using ssh. However, I always prefer to use my own ssh client runnning on my personal ubuntu machine.
Initially, to enter my server using ssh I created a .pem key file using amazon lightsail client. I saved this .pem file to my .ssh folder, and then simply logged in using ssh [email protected] -i udacityServerKey.pem
First, I updated all my packages.
sudo apt-get update
sudo apt-get upgrade -y
Then, as a personal preference, I installed the automatic security upgrades for Ubuntu. It not only makes my server more safe, it also brings useful tools.
sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
To add the grader user I simply:
adduser grader
Then I gave sudo permission to it:
echo "grader ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/grader
I generated a SSH key-pair for grader:
#On my local machine
ssh-keygen -t rsa
I then configured this ssh key-pair in my Lightsail server
su grader
mkdir ~/.ssh
vim ~/.ssh/authorized_keys
-> Copied the authorized key
Later, I configured permissions for the files I just created:
chmod 700 ~/.ssh
chmod 644 ~/.ssh/authorized_keys
From now on, the grader can log in using:
ssh [email protected] -i id_rsa_udacity
I opened the ssh config file
vim /etc/ssh/sshd_config
(make sure not to use ssh_config)
Changed port declaration from 22 to 2200
Also made sure to set:
PermitRootLogin
to no
,
PasswordAuthentication
to no
To avoid password authentication when login in, we want to use ssh key-pairs for that.
Then I simply restarted the ssh service sudo service ssh restart
NOTE: As I was using Amazon's Lightsail an extra step was needed. It is required to add the custom SSH port to the allowed ports table in the Amazon Lightsail client.
To begin, I initialized some default rules
sudo ufw default deny incoming
-> Deny all incoming requests
sudo ufw default allow outgoin
-> Allow all outgoing requests
Then I allowed incoming connection from the selected SSH port:
sudo ufw allow 2200/tcp
HTTP requests:
sudo ufw allow www
And NTP requests:
sudo ufw allow ntp
Finally, I enabled ufw:
sudo ufw enable
From now on, the grader can log in using:
ssh [email protected] -p 2200 -i id_rsa_udacity
Simply:
sudo dpkg-reconfigure tzdata
-> Select none of the above and then UTC
First I installed the required packages:
sudo apt-get install apache2
sudo apt-get install libapache2-mod-wsgi
sudo apt-get install postgresql
I created a app.wsgi
file on my project's root directory to point to my wsgi application:
import sys
import os
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/udacity-item-catalog/catalog")
from app import app as application
I then configured apache to serve it. In etc/apache2/sites-enabled/000-default.conf
:
<VirtualHost *:80>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName localhost
ServerAlias ec2-35-176-192-35.eu-west-2.compute.amazonaws.com
WSGIDaemonProcess catalog user=grader group=grader threads=5
WSGIScriptAlias / /var/www/udacity-item-catalog/catalog/app.wsgi
<Directory /var/www/udacity-item-catalog/catalog>
WSGIProcessGroup catalog
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
WSGIScriptAlias / /var/www/udacity-item-catalog/catalog/app.wsgi
points to my app.wsgi file. Allowing apache to serve it
WSGIDaemonProcess catalog user=grader group=grader threads=5
starts a process to serve my application
ServerAlias ec2-35-176-192-35.eu-west-2.compute.amazonaws.com
allows my server to use it's own domain name (Required for Google's OAuth configuration)
First, I logged in as the postgres user:
sudo -i -u postgres
Then I created a database user and a database:
createuser --interactive -P
-> This will start an interactive console program to create a new postgres user
Finally I created my catalog database:
-
To run postgres console:
psql
-
To create database:
CREATE DATABASE catalog;
First I installed git:
sudo apt-get install git
Then I simply cloned my repo to the /var/www/
directory
It is also important to protect my .git folder so I used:
sudo chmod 700 /var/www/udacity-item-catalog/catalog/.git
-> this to avoid unauthorized modifications to my git configuration files
Later, I installed my application dependencies:
sudo apt-get install python-flask
sudo apt-get install python-sqlalchemy
sudo apt-get install python-pip
sudo pip install bleach
sudo pip install flask-seasurf
sudo pip install github-flask
sudo pip install httplib2
sudo pip install oauth2client
sudo pip install requests
sudo pip install faker #only for seeders
Finally I restarted the apache service:
sudo service apache2 restart
After adding my server alias to my 000-default.conf
it is important to enable the virtual host using sudo a2ensite
Then simply I went to Google Cloud Console -> Udacity Item Catalog -> APIs -> Credentials -> Web OAuth Credentials and added ec2-35-176-192-35.eu-west-2.compute.amazonaws.com
to my Javascript Origins and ec2-35-176-192-35.eu-west-2.compute.amazonaws.com/gconnect
to my authorized callbacks