linux_server_configuration

• The IP address and SSH port so your server can be accessed by the reviewer.
  • IP: 52.33.105.217
  • Port: 2200
• The complete URL to your hosted web application: http://ec2-52-33-105-217.us-west-2.compute.amazonaws.com/
• A summary of software you installed and configuration changes made:

  • Preparation of dev environment:

    • Create new development environment.
    • Download private keys and write down your public IP address.
    • Move the private key file into the folder ~/.ssh:

      • $ mv ~/Downloads/udacity_key.rsa ~/.ssh/
        

    • Set file rights (only owner can write and read.):

      • $ chmod 600 ~/.ssh/udacity_key.rsa
        

    • SSH into the instance:

      • $ ssh -i ~/.ssh/udacity_key.rsa root@PUPLIC-IP-ADDRESS
        

  • Created user grader

    • $ adduser NEWUSER
      

  • Gave new user the permission to sudo

    • Open the sudo configuration:

      * $ visudo
      

  • Updated list of software and upgraded all local software.

    •  $ sudo apt-get update
      

    •  $ sudo sudo apt-get upgrade
      

  • Configurated ssh access:

    • Opened the config file:

      •  $ vim /etc/ssh/sshd_config
        

    • Made following changes:
      • Change to Port 2200.
      • Change PermitRootLogin from without-password to no.
      • Temporalily change PasswordAuthentication from no to yes.
      • Append UseDNS no.
      • Append AllowUsers NEWUSER.
    • Restarted SSH Service:

      •  $ /etc/init.d/ssh restart
        

  • Created SSH Keys:

    • Generated a SSH key pair on the local machine:

      •  $ ssh-keygen
        

    • Installed ssh-copy-id (in my case i had a mac) and copied public key to the server:

      •  $ brew install ssh-copy-id
        

      •  $ ssh-copy-id username@remote_host -p**_PORTNUMBER_**
        

    • Logined with the new user:

      •  $ ssh -v grader@PUBLIC-IP-ADDRESS -p2200
        

    • Opened SSHD config:

      •  $ sudo vim /etc/ssh/sshd_config
        

      • Change PasswordAuthentication back from yes to no.

  • Setuped ufw:

    • Turned UFW on with the default set of rules:

      •  $ sudo ufw enable
        

    • Checked the status of UFW:

      •  $ sudo ufw status verbose
        

    • Allowed incoming TCP packets on port 2200 (SSH):

      •  $ sudo ufw allow 2200/tcp
        

    • Allowed incoming TCP packets on port 80 (HTTP):

      •  $ sudo ufw allow 80/tcp
        

    • Allowed incoming UDP packets on port 123 (NTP):

      •  $ sudo ufw allow 123/udp
        

  • Configured time zone:

    •  $ sudo dpkg-reconfigure tzdata
      

    • Then chose 'None of the above', then UTC.

  • Installed and configurated Apache:

    •  $ sudo apt-get install apache2
      

  • Installed mod_wsgi for serving Python apps from Apache and the helper package python-setuptools:

    •  $ sudo apt-get install python-setuptools libapache2-mod-wsgi
      

  • Restarted the Apache server for mod_wsgi to load:

    •  $ sudo service apache2 restart
      

  • Createed an empty Apache config file with the hostname:

    •  $ echo "ServerName HOSTNAME" | sudo tee /etc/apache2/conf-available/catalog.conf
      

  • Enabled the new config file:

    •  $ sudo a2enconf catalog
      

  • Installed Git:

    •  $ sudo apt-get install git
      

  • Installed additional packages that enable Apache to serve Flask applications:

    •  $ sudo apt-get install libapache2-mod-wsgi python-dev
      

  • Enabled mod_wsgi:

    •  $ sudo a2enmod wsgi
      

  • Created a Flask app:

    •  $ cd /var/www
      

    •  $ sudo mkdir catalog
      

    •  $ cd catalog
      

    •  $ sudo mkdir catalog
      

    •  $ cd catalog
      

    •  $ sudo mkdir static templates
      

  • Created the file that will contain the flask application logic:

    •  $ sudo nano __init__.py
      

  • Pasted in the following code: from flask import Flask
    app = Flask(name)
    @app.route("/")
    def hello():
    return "Veni vidi vici!!"
    if name == "main":
    app.run()

  • Installed pip installer:

    •  $ sudo apt-get install python-pip
      

  • Installed virtualenv:

    •  $ sudo pip install virtualenv
      

  • Setted virtual environment to name 'venv':

    •  $ sudo virtualenv venv
      

  • Enabled all permissions for the new virtual environment (no sudo should be used within):

    •  $ sudo chmod -R 777 venv
      

  • Activated the virtual environment:

    •  $ source venv/bin/activate
      

  • Installed Flask inside the virtual environment:

    •  $ pip install Flask
      

  • Ran the app:

    •  $ python __init__.py
      

  • Deactivated the environment:

    •  $ deactivate
      

  • Configured and Enable a New Virtual Host#

  • Created a virtual host config file

    •  $ sudo nano /etc/apache2/sites-available/catalog.conf
      

  • Pasted in the following lines of code: <VirtualHost *:80> ServerName PUBLIC-IP-ADDRESS ServerAdmin admin@PUBLIC-IP-ADDRESS WSGIScriptAlias / /var/www/catalog/catalog.wsgi <Directory /var/www/catalog/catalog/> Order allow,deny Allow from all Alias /static /var/www/catalog/catalog/static <Directory /var/www/catalog/catalog/static/> Order allow,deny Allow from all ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined

  • Enabled the virtual host:

    •  $ sudo a2ensite catalog
      

  • Created the .wsgi File and Restart Apache

    •  $ cd /var/www/catalog and $ sudo vim catalog.wsgi
      

  • Pasted in the following lines of code: #!/usr/bin/python import sys import logging logging.basicConfig(stream=sys.stderr) sys.path.insert(0,"/var/www/catalog/")

    from catalog import app as application
    application.secret_key = 'Add your secret key'
    

  • Restarted Apache:

    •  $ sudo service apache2 restart
      

  • Cloned project 3 solution repository on GitHub:

    •  $ git clone git@github.com:maxbogus/fullstack-nanodegree-vm.git
      

  • Moved all content to /var/www/catalog/catalog/-directory and delete the leftover empty directory.

  • Made the GitHub repository inaccessible:

  • Created and opened .htaccess file:

    •  $ cd /var/www/catalog/
      

    •  $ sudo vim .htaccess
      

  • Pasted in the following: RedirectMatch 404 /.git

  • Activated virtual environment:

    •  $ source venv/bin/activate
      

  • Installed httplib2 module in venv:

    •  $ pip install httplib2
      

  • Installed requests module in venv:

    •  $ pip install requests
      

  • Installed flask.ext.seasurf (only seems to work when installed globally):

    •  $ *sudo pip install flask-seasurf
      

  • Installed oauth2client.client:

    •  $ sudo pip install --upgrade oauth2client
      

  • Installed SQLAlchemy:

    •  $ sudo pip install sqlalchemy
      

  • Installed the Python PostgreSQL adapter psycopg:

    •  $ sudo apt-get install python-psycopg2
      

  • Installed PostgreSQL:

    •  $ sudo apt-get install postgresql postgresql-contrib
      

  • Checked that no remote connections are allowed (default):

    •  $ sudo vim /etc/postgresql/9.3/main/pg_hba.conf
      

  • Opened the database setup file:

    •  $ sudo vim database_setup.py
      

  • Changed the line starting with "engine" to (fill in a password): python engine = create_engine('postgresql://catalog:PW-FOR-DB@localhost/catalog')

  • Changed the same line in application.py respectively

  • Renamed application.py:

    •  $ mv application.py __init__.py
      

  • Created needed linux user for psql:

    •  $ sudo adduser catalog (choose a password)
      

  • Changed to default user postgres:

    •  $ sudo su - postgres
      

  • Connected to the system:

    •  $ psql
      

  • Created user with LOGIN role and set a password:

    CREATE USER catalog WITH PASSWORD 'PW-FOR-DB';

  • Allowed the user to create database tables:

    ALTER USER catalog CREATEDB;

  • Created database:

    CREATE DATABASE catalog WITH OWNER catalog;

  • Connected to the database catalog

    \c catalog

  • Revoked all rights:

    REVOKE ALL ON SCHEMA public FROM public;

  • Granted only access to the catalog role:

    GRANT ALL ON SCHEMA public TO catalog;

  • Exited out of PostgreSQl and the postgres user:

    \q, then $ exit

  • Created postgreSQL database schema:

    •  $ python database_setup.py
      

  • Restarted Apache:

    •  $ sudo service apache2 restart
      

  • Opened http://www.hcidata.info/host2ip.cgi and receive the Host name for your public IP-address

  • Opened the Apache configuration files for the web app:

    •  $ sudo vim /etc/apache2/sites-available/catalog.conf
      

  • Pasted in the following line below ServerAdmin: ServerAlias http://ec2-52-33-105-217.us-west-2.compute.amazonaws.com/

  • Enabled the virtual host:

    •  $ sudo a2ensite catalog
      

  • Went to the project on the Developer Console: https://console.developers.google.com/project

  • Navigated to APIs & auth > Credentials > Edit Settings

  • Added your host name and public IP-address to your Authorized JavaScript origins and your host name + oauth2callback to Authorized redirect URIs

  • Went on the Facebook Developers Site to My Apps https://developers.facebook.com/apps/

  • Setupped my application

• A list of any third-party resources you made use of to complete this project:
  • www.stackoverflow.com
  • http://askubuntu.com/questions/410244/a-command-to-list-all-users-and-how-to-add-delete-modify-users
  • https://help.ubuntu.com/community/AutomaticSecurityUpdates
  • https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
  • https://wiki.ubuntu.com/UncomplicatedFirewall
  • https://help.github.com/articles/set-up-git/#platform-linux
  • https://discussions.udacity.com/t/oauth-provider-callback-uris/20460
  • http://httpd.apache.org/docs/2.2/en/vhosts/name-based.html