Installed and configured all required software to turn a baseline Ubuntu Amazon Web Services server into a fully functional web application server, including Apache Web Server and PostgreSQL database server.

Linux Server Configuration -- FSDN Project6

The objective of this project is to perform baseline installation of a Linux distribution on a virtual machine. Hosted a web applications, to include installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.



Implementation Procedure

1. Login as a root user on VM

  • Visit Amazon lightsail account to obtain AWS IP address and key. Download Lightsailkey.pem and move it to ~/.ssh folder on your local machine
  • Open your terminal and type chmod 400 ~/.ssh/Lightsail-key.pem followed by ssh -i ~/.ssh/Lightsailkey.pem ubuntu@

2. Add new user grader

  • sudo adduser grader
  • sudo nano /etc/sudoers.d/grader
  • Add following lines grader ALL=(ALL:ALL) ALL

3. Update existing installed packages

  • sudo apt-get update
  • sudo apt-get upgrade

4. Configuring the key based authentication for user grader

  • On your local machine generate public and private key and save it in the ~/.ssh folder using ssh-keygen -f ~/.ssh/udacity-rsakey
  • On Virtual Machine: su - grader mkdir .ssh touch .ssh/authorized_keys nano .ssh/authorized_keys
  • Copy the content of previously generated to this file.
  • Provide permissions to the user grader: sudo chmod 700 .ssh sudo chmod 644 .ssh/authorized_keys sudo chown -R grader:grader .ssh
  • Reload SSH using sudo service ssh restart
  • At this point we should be able to log into the remote VM using ssh -i ~/.ssh/udacity-rsakey grader@

5. Change SSH port from 22 to 2200

  • sudo nano /etc/ssh/sshd_config --> Modify port 22 to 2200 and save it.
  • sudo service ssh restart
  • At this point we should be able to log into the remote VM using ssh -i ~/.ssh/udacity-rsakey grader@ -p 2200 **Add a custom application and tcp protocol with corresponding port set to 2200 in the networking section in your instance at amazon lightsail.

6. Disabling ssh login for root use

  • sudo nano /etc/ssh/sshd_config --> Modify PermitRootLogin to no and save it
  • sudo service ssh restart

7. Configuring Uncompatible Firewall (UFW)

  • Allow incoming connections for SSH at port 2200, HTTP at port 80 and NTP at port 123.
  • sudo ufw allow 2200/tcp
  • sudo ufw allow 80/tcp
  • sudo ufw allow 123/tcp
  • sudo ufw enable
  • sudo ufw status

8. Setting the local timezone to UTC

  • sudo dpkg-reconfigure tzdata and then choose UTC.

9.Install Apache and mod_wsgi

  • sudo apt-get install apache2
  • sudo apt-get install libapache2-mod-wsgi python-dev
  • sudo a2enmod wsgi to enable mod_wsgi
  • sudo service apache2 start

10. Install git and cloning item_catalog from Github

  • sudo apt-get install git
  • cd /var/www
  • sudo mkdir catalog
  • sudo chown -R grader:grader catalog to provide created catalog ownership to grader
  • cd /catalog
  • git clone catalog
  • sudo nano catalog.wsgi and then paste the following in catalog.wsgi:
    import sys
    import logging
    sys.path.insert(0, "/var/www/catalog/")
    from catalog import app as application
    application.secret_key = 'supersecretkey'
  • Rename to using sudo mv

11. Install Virtual Environment

  • sudo pip install virtualenv
  • sudo virtualenv venv
  • source venv/bin/activate
  • sudo chmod -R 777 venv

12. Install Flask and supporting dependencies

  • sudo apt-get install python-pip
  • pip install Flask
  • sudo pip install httplib2 oauth2client sqlalchemy psycopg2 sqlalchemy_utils

13. Updating redirect-uris in client_secrets.json and path in

  • sudo nano
  • Change client_secrets.json path to /var/www/catalog/catalog/client_secrets.json.
  • Change fb_client_secrets.json path to /var/www/catalog/catalog/fb_client_secrets.json.
  • Update the redirect-uris and javascript-origins in client_secrets.json with this new URL

14. Enable new Virtual host

  • sudo nano /etc/apache2/sites-available/catalog.conf
  • Paste the following:
    <VirtualHost *:80>
        ServerAdmin admin@
        WSGIDaemonProcess catalog python-path=/var/www/catalog:/var/www/catalog/venv/lib/python2.7/site-packages
        WSGIProcessGroup catalog
        WSGIScriptAlias / /var/www/catalog/catalog.wsgi
        <Directory /var/www/catalog/catalog/>
            Order allow,deny
            Allow from all
        Alias /static /var/www/catalog/catalog/static
        <Directory /var/www/catalog/catalog/static/>
            Order allow,deny
            Allow from all
        ErrorLog ${APACHE_LOG_DIR}/error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined
  • sudo a2ensite catalog to enable virtual host.

15. Install and Configure PostgreSQL*

  • sudo apt-get install libpq-dev python-dev
  • sudo apt-get install postgresql postgresql-contrib
  • sudo su - postgres
  • psql
  • CREATE USER catalog WITH PASSWORD 'mypassword';
  • CREATE DATABASE catalog WITH OWNER catalog;
  • \c catalog
  • REVOKE ALL ON SCHEMA public FROM public;
  • GRANT ALL ON SCHEMA public TO catalog;
  • \q
  • exit
  • Update existing engine path to engine = create_engine('postgresql://catalog:mypassword@localhost/catalog') in , and
  • sudo python
  • sudo python
  • sudo service apache2 restart
  • sudo python then visit



