udacity-linux-server-configuration

Project Description

Take a baseline installation of a Linux distribution on a virtual machine and prepare it to host your web applications, to include installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.

• IP address: 35.167.27.204

• Accessible SSH port: 2200

• Application URL: http://ec2-35-167-27-204.us-west-2.compute.amazonaws.com/

Walkthrough

1. Create new user named grader and give it the permission to sudo

• SSH into the server through ssh -i ~/.ssh/udacity_key.rsa root@35.167.27.204
• Run $ sudo adduser grader to create a new user named grader
• Create a new file in the sudoers directory with sudo nano /etc/sudoers.d/grader
• Add the following text grader ALL=(ALL:ALL) ALL
• Run sudo nano /etc/hosts
• Prevent the error sudo: unable to resolve host by adding this line 127.0.1.1 ip-10-20-52-12

2. Update all currently installed packages

• Download package lists with sudo apt-get update
• Fetch new versions of packages with sudo apt-get upgrade

3. Change SSH port from 22 to 2200

• Run sudo nano /etc/ssh/sshd_config
• Change the port from 22 to 2200
• Confirm by running ssh -i ~/.ssh/udacity_key.rsa -p 2200 root@35.167.27.204

4. Configure the Uncomplicated Firewall (UFW) to only allow incoming connections for SSH (port 2200), HTTP (port 80), and NTP (port 123)

• sudo ufw allow 2200/tcp
• sudo ufw allow 80/tcp
• sudo ufw allow 123/udp
• sudo ufw enable

5. Configure the local timezone to UTC

• Run sudo dpkg-reconfigure tzdata and then choose UTC

6. Configure key-based authentication for grader user

• Run this command cp /root/.ssh/authorized_keys /home/grader/.ssh/authorized_keys

7. Disable ssh login for root user

• Run sudo nano /etc/ssh/sshd_config
• Change PermitRootLogin without-password line to PermitRootLogin no
• Restart ssh with sudo service ssh restart
• Now you are only able to login using ssh -i ~/.ssh/udacity_key.rsa -p 2200 grader@35.167.27.20

8. Install Apache

• sudo apt-get install apache2

9. Install mod_wsgi

• Run sudo apt-get install libapache2-mod-wsgi python-dev
• Enable mod_wsgi with sudo a2enmod wsgi
• Start the web server with sudo service apache2 start

10. Clone the Catalog app from Github

• Install git using: sudo apt-get install git
• cd /var/www
• sudo mkdir catalog
• Change owner of the newly created catalog folder sudo chown -R grader:grader catalog
• cd /catalog
• Clone your project from github git clone https://github.com/rrjoson/udacity-item-catalog.git catalog
• Create a catalog.wsgi file, then add this inside:

import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/catalog/")

from catalog import app as application
application.secret_key = 'supersecretkey'

• Rename application.py to init.py mv application.py __init__.py

11. Install virtual environment

• Install the virtual environment sudo pip install virtualenv
• Create a new virtual environment with sudo virtualenv venv
• Activate the virutal environment source venv/bin/activate
• Change permissions sudo chmod -R 777 venv

12. Install Flask and other dependencies

• Install pip with sudo apt-get install python-pip
• Install Flask pip install Flask
• Install other project dependencies sudo pip install httplib2 oauth2client sqlalchemy psycopg2 sqlalchemy_utils

13. Update path of client_secrets.json file

• nano __init__.py
• Change client_secrets.json path to /var/www/catalog/catalog/client_secrets.json

14. Configure and enable a new virtual host

• Run this: sudo nano /etc/apache2/sites-available/catalog.conf
• Paste this code:

<VirtualHost *:80>
    ServerName 35.167.27.204
    ServerAlias ec2-35-167-27-204.us-west-2.compute.amazonaws.com
    ServerAdmin admin@35.167.27.204
    WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
    WSGIProcessGroup catalog
    WSGIScriptAlias / /var/www/catalog/catalog.wsgi
    <Directory /var/www/catalog/catalog/>
        Order allow,deny
        Allow from all
    </Directory>
    Alias /static /var/www/catalog/catalog/static
    <Directory /var/www/catalog/catalog/static/>
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

• Enable the virtual host sudo a2ensite catalog

15. Install and configure PostgreSQL

• sudo apt-get install libpq-dev python-dev
• sudo apt-get install postgresql postgresql-contrib
• sudo su - postgres
• psql
• CREATE USER catalog WITH PASSWORD 'password';
• ALTER USER catalog CREATEDB;
• CREATE DATABASE catalog WITH OWNER catalog;
• \c catalog
• REVOKE ALL ON SCHEMA public FROM public;
• GRANT ALL ON SCHEMA public TO catalog;
• \q
• exit
• Change create engine line in your __init__.py and database_setup.py to: engine = create_engine('postgresql://catalog:password@localhost/catalog')
• python /var/www/catalog/catalog/database_setup.py
• Make sure no remote connections to the database are allowed. Check if the contents of this file sudo nano /etc/postgresql/9.3/main/pg_hba.conf looks like this:

local   all             postgres                                peer
local   all             all                                     peer
host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5

16. Restart Apache

• sudo service apache2 restart

17. Visit site at http://35.167.27.204

Special Thanks to iliketomatoes for a very helpful README