Udacity-Linux-Server-Configuration

Udacity Linux Server Configuration

Site can be accessed publicly at http://52.20.134.48

Update all packages

• sudo apt-get update
• sudo apt-get dist-upgrade

Create a user called "grader"

• sudo adduser grader

Give grader admin rights

• sudo usermod -aG sudo grader
• su - grader’ && ‘sudo whoami // validate output is 'root'

Setup SSH key for grader

• a. Create the directory and set file permissions
  • mkdir -p $HOME/.ssh // Create a .ssh directory
  • chmod 0700 $HOME/.ssh // Modify permissions so only grader can read, write, and execute
• b. Temporarily allow password authentication to easily copy over ssh key
  • sudo nano /etc/ssh/sshd_config
  • Set PasswordAuthentication to yes (if not yes by default), press 'CTRL + X' and 'y' to exit and confirm save
  • sudo service ssh restart // Restart ssh service for changes to take effect
  • Switch to local machine you intend to ssh into server from...
  • ssh-keygen -t rsa // Generates an ssh key of type RSA in a directory of your choice e.g /Users/waldo/.ssh/
  • ssh-copy-id -i $HOME/.ssh/grader.pub [email protected] // Replace with location of your rsa key and your server's IP
  • sudo nano /etc/ssh/sshd_config
  • Set PasswordAuthentication back to no to force SSH then press 'CTRL + X' and 'y' to exit and confirm save
  • sudo service ssh restart
  • ssh [email protected] -i ~/.ssh/grader // SSH into server to confirm key is working
• c. Change default SSH port to 2200
  • sudo nano /etc/ssh/sshd_config
  • Replace ‘#Port 22’ with ‘Port 2200’
  • Uncomment ProhibitRootLogin and set it to no to prevent brute force attacks on the root user
  • sudo systemctl restart ssh
• d. Edit your firewall rules in the LightSail networking tab
  • Add a new rule, select 'Custom' for the Application column and '2200' for the port range
  • Delete the first rule which allows SSH on Port 22
• e. Check SSH is working on Port 2200
  • Back in the terminal, type systemctl ssh restart && exit
  • ssh [email protected] -p 2200 -i ~/.ssh/grader

5. Configure Firewall Settings

• sudo ufw default deny incoming; sudo ufw default allow outgoing;
• sudo ufw allow 2222/tcp; sudo ufw allow http; sudo ufw allow ntp
• sudo ufw enable && sudo ufw status // Turn on firewall and validate ports are set up correctly
• exit and then ssh [email protected] -p 2200 -i ~/.ssh/grader to ensure its working

6. Set timezone to UTC

• timedatectl set-timezone UTC
• Then validate with timedatectl status

7. Install Apache and mod_wsgi

• sudo apt-get install apache2 // Install Apache2
• curl http://localhost // Should return Apache's default html template
• sudo apt-get install libapache2-mod-wsgi python-dev // Install mod_wsgi
• systemctl restart apache2 // Restart Apache2

Source

8. Install and setup PostgreSQL database with catalog user

• sudo apt-get install postgresql postgresql-contrib
• sudo apt-get install libpq-dev python-dev
• sudo nano /etc/postgresql/10/main/pg_hba.conf // Make sure remote connections are disabled (should be by default)
• sudo su postgres
• `ALTER USER postgres WITH PASSWORD 'postgres’;’
• CREATE USER catalog WITH PASSWORD 'catalog’;
• ALTER USER catalog CREATEDB SUPERUSER;
• CREATE DATABASE pokedex WITH OWNER catalog;
• \c pokedex
• REVOKE ALL ON SCHEMA public FROM public;
• GRANT ALL ON SCHEMA public TO catalog;
• Check everything with \du and \l
• Quit with \q and return to grader user with exit

9. Setup Python project

• a. Install Git
  • sudo apt install git-all
• b. Setup directory
  • cd /var/www/html // Directory you want to clone repository into
  • Git clone https://github.com/Defiled/Pokedex.git
  • sudo chown -R grader:grader /var/www/Pokedex/
• c. Install libraries, tools and dependencies
  • sudo apt-get -qq install python python-pip
  • sudo pip install flask sqlalchemy flask-sqlalchemy psycopg2-binary httlib2 oauth2client requests
• d. Convert to PostgreSQL from SQLite
  • sudo nano /var/www/Pokedex/db_populate.py
  • Change "engine = create_engine('sqlite:///pokedex.db’)” to “engine = create_engine('postgresql://catalog:catalog@localhost/pokedex’)”
  • Do the same in db_populate.py and project.py

10. Configure Apache and mod_wsgi

• a. Setup Apache config file
  • sudo nano /etc/apache2/sites-available/Pokedex.conf
  • Insert the following:

<VirtualHost *:80>
   ServerName 52.20.134.48
   # ServerAlias pokedex.usa
   ServerAdmin [email protected]
   WSGIDaemonProcess catalog python-path=/var/www/Pokedex:/usr/local/lib/python2.7/dist-packages
   WSGIProcessGroup catalog
   WSGIScriptAlias / /var/www/Pokedex/pokedex.wsgi
   <Directory /var/www/>
       Order allow,deny
       Allow from all
   </Directory>
   Alias /static /var/www/Pokedex/static
   <Directory /var/www/Pokedex/static/>
       Order allow,deny
       Allow from all
   </Directory>
   ErrorLog ${APACHE_LOG_DIR}/error.log
   LogLevel warn
   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

• systemctl reload apache2 // Restart the apache server
• sudo a2ensite Pokedex // Enable site
• b. Create .wsgi script file
  • sudo nano pokedex.wsgi
  • Insert the following:

import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0, "/var/www/Pokedex/")
sys.path.insert(1, "/var/www/")

from Pokedex import app as application
application.secret_key = 'pikachu'

• c. Project tweaks
  • sudo mv project.py __init__.py so that python knows to treat the Pokedex directory as a module
  • sudo nano __init__.py and update the CLIENT_ID variable to load the absolute path of the file it now lives in

11. Finish setup

• a. Setup and populate the PostgreSQL database
  • Python db_setup.py
  • Python db_populate.py
  • systemctl reload apache2
• b. Connect to server
  • sudo cat /var/log/apache2/error.log to debug any issues