• Server IP: 52.10.176.92
• Port: 2200
• Project Accessible at: http://ec2-52-10-176-92.us-west-2.compute.amazonaws.com/
• SSH access via ssh -i ~/.ssh/grader.rsa [email protected] -p 2200

• Create Grader Account
• Give Grader SUDO
• Create SSH Keys
• Update Packages
• Configure Timezone
• Change SSH Port
• Configure Firewall
• Install Apache
• Serve A Python mod_wsgi Application
• Install PostgreSQL
• Install Git
• Install App
• Additional Steps

• Created grader account with the following command: sudo adduser grader

• Resources used for this step.

  • https://www.udacity.com/course/viewer#!/c-ud299-nd/l-4331066009/m-4801089468

• Create the file grader in /etc/sudoer.d/ with touch /etc/sudoers.d/grader.

• Add the following text to the newly created file: grader ALL=(ALL:ALL) ALL

• Fix "sudo: unable to resolve host" error.

• Resources used for this step.

  • https://www.udacity.com/course/viewer#!/c-ud299-nd/l-4331066009/m-4801089471
  • http://ubuntuforums.org/showthread.php?t=2255583

• Create SSH key with the command ssh-keygen on your local machine(OSX or Linux).

• Create an .ssh direcory in /home/grader/ on the server with mkdir .ssh.

• CD into the the directory just created with cd ~/.ssh/.

• Create an authorized_keys file in the .ssh dirctory with touch authorized_keys.

• Paste the public key into /home/grader/.ssh/authorized_keys

• Set directory permissions

  • Using chmod set ~/.ssh to 700 with chmod 700 /home/grader/.ssh/.
  • Again, using chmod set the authorized_keys file to 644 with chmod 644 /home/grader/.ssh/authorized_keys.

• Check owner and group of ~/.ssh and ~/.ssh/authorized_keys.

• If the owner and group are not grader, set them to grader with chown -R grader:grader /home/grader/.ssh/

• Check to ensure you can log into the grader account with ssh -i ~/.ssh/grader.rsa [email protected].

  • Recheck you followed the steps above in the event of an issue or Google the error message. This how I figured out that password login was disabled on my instance already.

• Resources used for this step.

  • https://www.udacity.com/course/viewer#!/c-ud299-nd/l-4331066009/m-4801089477
  • https://www.udacity.com/course/viewer#!/c-ud299-nd/l-4331066009/m-4801089481

• Use the following commands to update the packages on the server.

  • sudo apt-get update
  • sudo apt-get upgrade. Type "Y" when asked if you would like to proceed.

• Resources used in this step.

  • https://help.ubuntu.com/community/AptGet/Howto

• Check the current timezone with date.

• If you do not see UTC in the output, change the timezone with dpkg-reconfigure tzdata.

  • Select "None of the above" from the first menu.
  • Select "UTC" at the second menu.

• You can improve the accuracy of the clock by installing ntp with sudo apt-get install ntp.

• Resources used for this step.

  • https://help.ubuntu.com/community/UbuntuTime

• Use nano to edit the SSH config file with sudo nano /etc/ssh/sshd_config.
• Change the default port from 22 to 2200 by changing the following

# What ports, IPs and protocols we listen for
Port 22

to

 # What ports, IPs and protocols we listen for
 Port 2200

• Check to see that password login is disabled.

  • You should see the following in the file. If set to "yes" change it to "no" and save the file.

    # Change to no to disable tunnelled clear text passwords
    PasswordAuthentication no
    

• Disable ssh login for root user by changing "yes" to "no" on the following line

PermitRootLogin yes

• Restart ssh with sudo service ssh restart.

• Exit the root session with exit and log back in as grader.

  ssh -i ~/.ssh/grader.rsa [email protected] -p 2200

• Check the status of the firewall with sudo ufw status.

• Ensure that by default inbound connections are denied with sudo ufw default deny incoming.

• Ensure the all outbound connections are allowed with sudo ufw default allow outgoing.

• Open ports for SSH, HTTP, and NTP with the following commands.

  • sudo ufw allow 2200/tcp
  • sudo ufw allow www
  • sudo ufw allow ntp

• Activate the firewall with sudo ufw enable.

• Resources used for this step.

  • https://www.udacity.com/course/viewer#!/c-ud299-nd/l-4331066009/m-4801089498

• Check to see if Apache is installed with apache2 -v

• If Apache is installed you will see something like this:

  Server version: Apache/2.4.7 (Ubuntu)

  Server built: Jan 14 2016 17:45:23

• If you do not have Apache installed you will see a message like this:

  The program 'apache2' is currently not installed. To run 'apache2' please ask your administrator to install the package 'apache2-bin'

• To install Apache use the following commands: sudo apt-get update sudo apt-get install apache2

• If you have installed Apache correctly you should see this page at the public IP address.

  

• Resources used for this step.

  • https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-14-04

• Install libapache2-mod-wsgi with this command:

  sudo apt-get install libapache2-mod-wsgi python-dev

• Enable libapache2-mod-wsgi:

  sudo a2enmod wsgi

• Resources used for this step.

  • https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps
  • https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-apache-and-mod_wsgi-on-ubuntu-14-04

• Install PostgreSQL:

  sudo apt-get update
  sudo apt-get install postgresql postgresql-contrib

• And while we are at it, let's install libpq-dev. It is required to build psycopg2.

  sudo apt-get install libpq-dev

• Ensure remote connections are disabled.

  sudo nano /etc/postgresql/9.3/main/pg_hba.conf

  • The default configuration disables remote connections by default. Here is a cleaned up version of the section that controls connections.

The host IPs point to local addresses by default.

• Create a new role named catalog with:

  sudo su - postgres
  psql

  CREATE USER catalog WITH PASSWORD 'somepassword';
  ALTER USER catalog CREATEDB;
  \du

• Create the catalog database:

  CREATE DATABASE catalog WITH OWNER catalog;

• Switch to catalog database:

  postgres=> \c catalog
  You are now connected to database "catalog" as user "postgres".
  catalog=>

• Ensure that the database is not able to be modified by unauthorized users.

  REVOKE ALL ON SCHEMA public FROM public;
  GRANT ALL ON SCHEMA public TO catalog;

• Resources used for this step.

  • https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-ubuntu-14-04
  • https://www.digitalocean.com/community/tutorials/how-to-secure-postgresql-on-an-ubuntu-vps
  • https://www.digitalocean.com/community/tutorials/how-to-use-roles-and-manage-grant-permissions-in-postgresql-on-a-vps--2
  • http://www.postgresql.org/message-id/[email protected]

• Install git:

  sudo apt-get install -y git

• Move to the directory where the app will be installed and clone app:

  cd /var/www/
  sudo mkdir catalog
  cd catalog
  sudo git clone https://github.com/larrytooley/Udacity-FSND2015-P3.git catalog

• Configure and Enable New Virtual host

  • Create a new configuration file:

    sudo nano /etc/apache2/sites-available/catalog.conf

  • Add this code to catalog.conf:

    <VirtualHost *:80>
                ServerName http://ec2-52-40-51-21.us-west-2.compute.amazonaws.com/
                ServerAdmin [email protected]
                WSGIScriptAlias / /var/www/catalog/catalog.wsgi
                <Directory /var/www/catalog/catalog/>
                        Order allow,deny
                        Allow from all
                </Directory>
                Alias /static /var/www/catalog/catalog/static
                <Directory /var/www/catalog/catalog/static/>
                        Order allow,deny
                        Allow from all
                </Directory>
                ErrorLog ${APACHE_LOG_DIR}/error.log
                LogLevel warn
                CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>
    

• Enable the virtual host:

  sudo a2ensite catalog

• Create a .wsgi file:

  cd /var/www/catalog
  sudo nano catalog.wsgi
  

• Add code to file:

  #!/usr/bin/python
  import sys
  import logging
  logging.basicConfig(stream=sys.stderr)
  sys.path.insert(0,"/var/www/catalog/")
  from catalog import app as application
  application.secret_key = 'Add your secret key'

• I generated application.secret_key locally and substituted it in the file:

  python

  import os
  os.urandom(24)

• Restart apache2

  sudo service apache2 restart

• Secure .git

  • Create an .htaccess file in the .git directory:

    cd /var/www/catalog/catalog/.git
    sudo nano .htaccess

  • Add the following code to the file:

    Order allow,deny
    Deny from all

• Resources used for this step:

  • https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps
  • http://flask.pocoo.org/docs/0.10/quickstart/#sessions
  • http://stackoverflow.com/questions/6142437/make-git-directory-web-inaccessible

• Install Dependancies

  sudo pip install flask httplib2 requests oauth2client sqlalchemy psycopg2

• Rename the main application file to init.py.

• Update the database connection to use PostgreSQL by change the reference to SQLite to the following to the db_model.py and __init.__py:

  'postgresql://catalog:<password>@localhost/catalog'

• Create the database schema.

  • Run the following to create the database schema:

    python db_model.py

• Install Dependancies:

  sudo apt-get install python-pip
  sudo pip install virtualenv
  cd /var/www/catalog/catalog/
  sudo virtualenv venv
  source venv/bin/activate
  sudo pip install Flask
  deactivate

• Update client_secret.

  • Use the full file path in the init.py file.

  /var/www/catalog/catalog/client_secret.json

  • Download client_secret.json from the https://console.developers.google.com.
  • Create client_secret.json file and copy the contents of the download from above into the new file.

  sudo nano client_secret.json

• Go to http://ec2-52-10-176-92.us-west-2.compute.amazonaws.com/ and use app.

Project Guide