Linux Server Configuration is the capstone project of Full Stack Web Developer Nanodegree Program provided by Udacity.
Linux Server Configuration project has the following goals:
- Access, secure, and perform the initial configuration of a bare-bones Linux server
- Install and configure a web server
- Install and configure database server
- Host a web application
Book Catalog Flask-based application is built earlier as Project 2 of Full Stack Web Developer Nanodegree Program provided by Udacity.
Verify the deployment by visiting http://54.191.192.22.xip.io.
Linux Server Configuration project consists of the following steps:
- Initial configuring of Ubuntu Linux server instance on Amazon Lightsail
- Configuring Apache web server
- Configuring PostgreSQL database server
- Deploying Book Catalog as mod_wsgi application
To secure the server, the following steps were taken:
- All currently installed packages are updated using
sudo apt-get updateandsudo apt-get upgradecommands. - The Lightsail firewall is configured to allow incoming connections for
SSH(port2200). - The Uncomplicated Firewall (UFW) is configured to allow connections according to project specifications.
To host SSH on a non-default port, port 22 is changed to port 2200 in /etc/ssh/sshd_config configuration file.
# What ports, IPs and protocols we listen for
Port 2200
UFW is configured to only allow connections for SSH (port 2200), HTTP (port 80), and NTP (port 123). Below is the list of current UFW rules.
Status: active
Default: deny (incoming), allow (outgoing), disabled (routed)
To Action From
-- ------ ----
22 DENY IN Anywhere
2200 ALLOW IN Anywhere
80 ALLOW IN Anywhere
123 ALLOW IN Anywhere
123/udp ALLOW IN Anywhere
22 (v6) DENY IN Anywhere (v6)
2200 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
123 (v6) ALLOW IN Anywhere (v6)
123/udp (v6) ALLOW IN Anywhere (v6)
The local timezone for grader is configured to UTC using the following command.
sudo timedatectl set-timezone UTC
Apache web server is installed using the following command.
sudo apt-get install apache2The Book Catalog project is built with Python 3, so the Python 3 mod_wsgi package is installed on the server to host Book Catalog as a mod_wsgi application.
sudo apt-get install libapache2-mod-wsgi-py3PostgreSQL database server is installed using the following command.
sudo apt-get install postgresqlTo disable remote connections to the PostgreSQL database, in PostgreSQL client authentication configuration file /etc/postgresql/9.5/main/pg_hba.conf listen addresses are set to 127.0.0.1.
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
Database user account namedcatalog with limited permissions to Book Catalog database was created via interactive terminal for working with PostgreSQL using the following commands.
postgres=# create user catalog with login password 'catalog';
CREATE ROLE
postgres=# alter user catalog with createdb;
ALTER ROLE To allow Apache to serve the Book Catalog project as a WSGI applicaton, the following folder structure is used.
bookCatalog/
bookcatalog.wsgi
bookCatalog/
static/
templates/
__init__.py
client_secrets.json
database_setup.py
lotsofbooks.pyThe following programs are installed on the server.
- git: to clone the Book Catalog project from GitHub
- pip: to install some Python modules
The Book Catalog project was built using Flask, which was installed using the commmand below.
pip install FlaskThe following Python modules and dependencies are installed on the server:
- flask_sqlalchemy: to work with SQLAlchemy
- httplib2: to provide web access via HTTP
- psycopg2: to connect and work with PostgreSQL server
- oauth2client: to work with OAuth 2.0
Virtual host configured in bookCatalog.conf file under /etc/apache2/sites-available/.
<VirtualHost *:80>
ServerName 54.191.192.22
WSGIScriptAlias / /var/www/bookCatalog/bookcatalog.wsgi
<Directory /var/www/bookCatalog/bookCatalog/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/bookCatalog/bookCatalog/static
<Directory /var/www/bookCatalog/bookCatalog/static/>
Order allow,deny
Allow from all
</Directory>
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
To enable the configured virtual host and disable the default Apache configuration, the following commands were used.
sudo a2ensite bookCatalog
sudo a2dissite 000-default.confThe bookcatalog.wsgi file under /var/www/bookCatalog/ is below.
#!/usr/bin/python
import sys
import logging
logging.basicConfig(stream=sys.stderr)
sys.path.insert(0,"/var/www/bookCatalog/")
from bookCatalog import app as application
application.secret_key = 'alexandrabaturina'Under catalog user, the empty catalogitems database is created.
CREATE DATABASE catalogitems;
For demonstration purposes, the catalogitems database is populated from the lotsoibooks.py file using the following commands:
python database_setup.py
python lotsofbooks.py- Flask mod_wsgi official documentation
- Official PostgreSQL documentation
- Git documentation
- How to Set or Change the Time Zone in Linux
- How To Set Up a Firewall with UFW on Ubuntu 18.04
- How to Deploy a Flask App to a Linux Server
+ Alexandra Baturina