IP address: 35.176.22.51
SSH port: 2200.
Username for Udacity reviewer: udacity
- Create an instance of Ubuntu in Lihtsail
- Link a static IP to ubuntu instance
- Download the private key
udacity.pem
- Log into the remote VM as root user (
ubuntu
) through ssh:$ ssh -i "udacity.pem" [email protected]
. - Create a new user udacity:
$ sudo adduser udacity
. - Grant udacity the permission to sudo, by adding a new file under the suoders directory:
$ sudo nano /etc/sudoers.d/udacity
. In the file put in:udacity ALL=(ALL:ALL) ALL
, then save and quit. - Generate an encryption key pair with:
$ ssh-keygen -f /home/udacity/.ssh/id_rsa
- Rename the public key
id_rsa.pub
toauthorized_keys
, and change the permissions:$ sudo chmod 700 /home/udacity/.ssh
.$ sudo chmod 644 /home/udacity/.ssh/authorized_keys
.- Change the owner from
ubuntu
toudacity
:$ sudo chown -R udacity:udacity /home/udacity/.ssh
- Copy the private key
id_rsa.rsa
to local machine for udacity reviewer - Enforce key-based authentication, change SSH port to
2200
and disable remote login of root user:$ sudo nano /etc/ssh/sshd_config
- Change
PasswordAuthentication
tono
. - Change
Port
to2200
. - Change
PermitRootLogin
tono
$ sudo service ssh restart
.
$ sudo apt-get update
.$ sudo apt-get upgrade
.
- Open time configuration and set it to UTC:
$ sudo dpkg-reconfigure tzdata
. - Install ntp daemon ntpd for a better synchronization of the server's time over the network connection:
$ sudo apt-get install ntp
.
- Install unattended-upgrades:
$ sudo apt-get install unattended-upgrades
. - Enable it by:
$ sudo dpkg-reconfigure --priority=low unattended-upgrades
.
Project requirements need the server to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123).
$ sudo ufw allow 2200/tcp
.$ sudo ufw allow 80/tcp
.$ sudo ufw allow 123/udp
.$ sudo ufw enable
.- Add 3 rules above as Security Group inbound rules of AWS EC2 instance
$ sudo apt-get install apache2
.- Install mod_wsgi with the following command:
$ sudo apt-get install libapache2-mod-wsgi python-dev
. - Enable mod_wsgi:
$ sudo a2enmod wsgi
. $ sudo service apache2 start
.$ sudo apt-get install git
.
-
Clone the item-catalog app from Github
$ cd /var/www $ sudo mkdir catalog $ sudo chown -R udacity:udacity catalog $ cd /catalog $ git clone https://github.com/jacoboAR/item-catalog.git catalog
-
To make .git directory is not publicly accessible via a browser, create a .htaccess file in the .git folder and put the following in this file:
RedirectMatch 404 /\.git
-
Install pip , virtualenv (in /var/www/Catalog)
$ sudo apt-get install python-pip $ sudo pip install virtualenv $ sudo virtualenv venv $ source venv/bin/activate $ sudo chmod -R 777 venv
-
Install Flask and other dependencies:
$ sudo pip install -r catalog/requirements.txt
-
Install Python's PostgreSQL adapter psycopg2:
$ sudo pip install psycopg2
-
Configure and Enable a New Virtual Host
$ sudo nano /etc/apache2/sites-available/catalog.conf
Add the following content:
<VirtualHost *:80> ServerName 35.176.97.167 ServerAdmin [email protected] WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages WSGIProcessGroup catalog WSGIScriptAlias / /var/www/catalog/catalog.wsgi <Directory /var/www/catalog/catalog/> Order allow,deny Allow from all </Directory> Alias /static /var/www/catalog/catalog/static ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Enable the new virtual host:
$ sudo a2ensite catalog
-
Create and configure the .wsgi File
$ cd /var/www/catalog/ $ sudo nano catalog.wsgi
Add the following content:
import sys import logging logging.basicConfig(stream=sys.stderr) sys.path.insert(0, "/var/www/catalog/") from catalog import app as application
-
The app were developed on local machine needs some tweaks in order to be deployed on Lightsail. The major modifications include:
- Rename
app.py
to__init__.py
- Update the absolute path of
client_secrets.json
in__init__.py
- Add app.secret_key for the Flask app in
__init__.py
- Add the code to create a dummy user in
fake_db.py
- Rename
- Install some necessary Python packages for working with PostgreSQL:
$ sudo apt-get install libpq-dev python-dev
. - Install PostgreSQL:
$ sudo apt-get install postgresql postgresql-contrib
- PostgreSQL automatically creates a new user 'postgres' during its installation. So we can connect to the database by using postgres username with:
$ sudo -u postgres psql
- Create a new user called 'catalog' with his password:
# CREATE USER catalog WITH PASSWORD 'catalog';
- Give catalog user the CREATEDB permission:
# ALTER USER catalog CREATEDB;
- Create the 'catalog' database owned by catalog user:
# CREATE DATABASE catalog WITH OWNER catalog;
- Connect to the database:
# \c catalog
- Revoke all the rights:
# REVOKE ALL ON SCHEMA public FROM public;
- Lock down the permissions to only let catalog role create tables:
# GRANT ALL ON SCHEMA public TO catalog;
- Log out from PostgreSQL:
# \q
. Then return to the udacity user:$ exit
. - Edit the
db_seed.py
anddatabase_setup.py
file:
Changeengine = create_engine('sqlite:///category.db')
toengine = create_engine('postgresql://catalog:catalog@localhost/catalog')
- Remote connections to PostgreSQL should already be blocked. Double check by opening the config file:
$ sudo nano /etc/postgresql/9.5/main/pg_hba.conf
- Go to the project on the Developer Console, and navigate to APIs & Auth > Credentials > Edit Settings
- Add the hostname and piblic IP address to the Authorized JavaScript origins and (host name + 'oauth2callback'), (host name + 'gconnect') to Authorized redirect URIs.
- Populate the PostgreSQL database with
$ python db_seed.py
- Restart Apache to launch the app:
$ sudo service apache2 restart
- If an internal error shows up when you try to access the app, open Apache error log as a reference for debugging:
$ sudo tail -20 /var/log/apache2/error.log