This describes the steps taken to deploy the catalog Flask application to an ubuntu linux server
- Public IP address: 18.236.198.135
- URL: http://ec2-18-236-198-135.us-west-2.compute.amazonaws.com/
- apache2
- libapache2-mod-wsgi
- postgresql
- pip
- python-dev
- Flask
- sqlalchemy
- oauth2client
- requests
- psycopg2
Login to Amazon Lightsail's machine only by the browser-based terminal window.
- Generate ssh key pair for the user
ubuntu
on the client machinecd ~/.ssh
ssh-keygen
- I named the key pair "udacity"
- Copy the content of udacity.pub file
cat ~/.ssh/udacity.pub
- Paste it in authorized_keys on the Amazon Lightsail machine
sudo nano ~/.ssh/authorized_keys
- Test we can login the remote machine by ssh from our local machines
ssh [email protected] -p 22 -i ~/.ssh/udacity.pem
Open 80, 123, 2200.
- Ensure that the firewall is currently disabled
sudo ufw status
- Allow http to use the port 80
sudo ufw allow 80
- Allow ntp to use the port 123
sudo ufw allow 123
- Allow ssh to use the port 2200
sudo ufw allow 2200/tcp
- Enable the firewall
sudo ufw enable
- Check the firewall is configured properly
sudo ufw status
- Confirm that only 22, 80, 123, 2200 are open
Modify sshd configuration so that sshd observes the port 2200.
- Modify
Port 22
toPort 2200
in sshd_config filesudo nano /etc/ssh/sshd_config
- Restart sshd
sudo service sshd restart
- Confirm we cannot login by the old port 22
ssh [email protected] -p 22 -i ~/.ssh/udacity.pem
- Re-login by new port 2200
ssh [email protected] -p 2200 -i ~/.ssh/udacity.pem
- Let ufw deny port 22
sudo ufw deny ssh
- Enable the firewall
sudo ufw enable
- Check port 22 is successfully denied
sudo ufw status
`sudo apt-get update`
`sudo apt-get upgrade`
- Change
PasswordAuthentication
tono
and make surePubkeyAuthentication
isyes
sudo nano /etc/ssh/sshd_config
sudo service ssh restart
- Change
PermitRootLogin
tono
sudo nano /etc/ssh/sshd_config
sudo service ssh restart
- Create new user "grader"
sudo adduser grader
- Give the user "grader" sudo access
sudo nano /etc/sudoers.d/grader
- The content:
grader ALL=(ALL:ALL) ALL
- The grader user will have a password of "grader" when performing sudo commands.
- The content:
- Generate ssh key pair for
grader
on the clientcd ~/.ssh
ssh-keygen
- I named my key pair
grader_key
- Load the generated public key to the ubuntu server
sudo su - grader
mkdir ~/.ssh
touch ~/.ssh/authorized_keys
- Copy the content of pub file from the client
sudo nano ~/.ssh/authorized_keys
- Paste the pub's content above
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
- Test you can login as
grader
by ssh on port 2200ssh [email protected] -p 2200 -i ~/.ssh/grader_key
- Add the URL
http://ec2-18-236-198-135.us-west-2.compute.amazonaws.com/
to authorized Javascript Origins and Authorized redirect URIs - Download new client_secrets.json and replace the old one. In my case I had already clones my git repo so I made this change via sudo nano on the ubuntu server.
-
Put Catalog app under
/var/www
cd /var/www/
- Clone this git repo:
sudo git clone https://github.com/jkolden/catalog-ubuntu-vagrant.git
-
Install Flask in virtual environment by pip
cd catalog/
sudo apt-get install python-pip
sudo pip install virtualenv
sudo virtualenv venv
source venv/bin/activate
sudo pip install Flask sqlalchemy oauth2client requests psycopg2
- Change the user to
postgres
sudo su - postgres
- Create the user
catalog
createuser catalog with password 'catalog'
- Create DB
catalog
psql -c 'create database catalog;'
- Create tables and load data to DB
cd /var/www/catalog/catalog
python database_setup1.py
python categories.py
-
Install Apache
sudo apt-get install apache2
-
Set up Apache config for Item Catalog app
sudo nano /etc/apache2/sites-available/catalog.conf
<VirtualHost *:80>
ServerName 18.236.198.135.xip.io
ServerAlias ec2-18-236-198-135.us-west-2.compute.amazonaws.com
ServerAdmin [email protected]
WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/catalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/catalog/catalog/static
<Directory /var/www/catalog/catalog/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Enable the virtual host
sudo a2ensite catalog
- Install mod_wsgi
sudo apt-get install libapache2-mod-wsgi python-dev
sudo a2enmod wsgi
- Create the wsgi file
cd /var/www/catalog
sudo nano catalog.wsgi
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/catalog/")
from catalog.application import app as application
application.secret_= 'some_secret_key'
- Restart Apache
sudo service apache2 restart
- Navigate to http://ec2-18-236-198-135.us-west-2.compute.amazonaws.com/.
- Test login and adding categories/items.