This is an Udacity's Full Stack Web Developer course project submission where the purpose was to completely setup and secure a linux-based server on the internet. Basically, I went through Firewall configurations and used SSH keys to make sure this server will be acessed only by authorized personnel.
- IP: 167.71.176.162
- SSH Port: 2200
- URL: http://adautovjr.codes
- Update package list
sudo apt-get update
- Perform an upgrade
sudo apt-get upgrade
- Remove old packages
sudo apt-get autoremove
-
Create the new user
- Install finger
sudo apt-get install finger
- Add new user "grader"
sudo adduser grader
- check user info
cat /etc/passwd
- Install finger
-
Give
sudo
access to the new user (e.g. grader)- Open sudoers options
sudo cat /etc/sudoers
- Get list of sudoers
sudo ls /etc/sudoers.d
- Create user profile for the new user (e.g. grader)
sudo touch /etc/sudoers.d/grader
- Edit profile
sudo nano /etc/sudoers.d/grader
- Add new line
grader ALL=(ALL) NOPASSWD:ALL
- Open sudoers options
- build key pairs in local (in CMD or git bash)
ssh-keygen
- name key pairs (e.g. GraderPrivateKey)
- enter passphrase (Sent on Instructor notes)
- Login linux us a user (e.g. grader)
- Create a folder and a file by
mkdir .ssh touch .ssh/authorized_keys
- Go to local key folder
cat id_rsa.pub
- copy all
- back to linux
nano .ssh/authorized_keys
- paste all
- save
- change folder permission
chmod 700 .ssh chmod 644 .ssh/authorized_keys
- ssh grader@167.71.176.162 -p 2200 -i GraderPrivateKey
- enter passphrase (Sent on Instructor notes)
- Type
sudo nano /etc/ssh/sshd_config
- scroll down and find
PasswordAuthentication Yes
- change Yes to No
- Find
PermitRootLogin
- Change to
PermitRootLogin no
- Find
#Port 22
- Uncomment and change to 2200
- restart service
sudo service ssh restart
- Block all incoming connections on all ports:
sudo ufw default deny incoming
- Deny incoming connections for SSH on port 22:
sudo ufw deny 22
- Allow outgoing connection on all ports:
sudo ufw default allow outgoing
- Allow incoming connection for SSH on port 2200:
sudo ufw allow 2200/tcp
- Allow incoming connections for HTTP on port 80:
sudo ufw allow www
- Allow incoming connection for NTP on port 123:
sudo ufw allow ntp
- To check the rules that have been added before enabling the firewall use:
sudo ufw show added
- To enable the firewall, use:
sudo ufw enable
- To check the status of the firewall, use:
sudo ufw status
-
Install Apache:
sudo apt-get install apache2
- Install the libapache2-mod-wsgi package and setting:
sudo apt-get install libapache2-mod-wsgi sudo apt-get install libapache2-mod-wsgi-py3 (if python3, this case used 2)
- Enable the mod_wsgi using the command:
sudo a2enmod wsgi
- Install some libraries of python development:
sudo apt-get install libpq-dev python-dev
- Install the libapache2-mod-wsgi package and setting:
-
Install packages on requirements.txt
pip install -r requirements.txt
-
Install git and clone project
sudo apt-get install git
- Navigate to
/var/www/html/ItemsCatalog/
- Clone to ItemsCatalog folder
sudo git clone projectURL ItemsCatalog
- Navigate to
-
Install Virtual Environment
-
From /var/www/html/ItemsCatalog/ directory install pip:
sudo apt-get install python3-pip
-
Install the virtual environment:
sudo apt-get install python-virtualenv
-
Create the virtual environment:
sudo virtualenv -p python3 venv3
-
Change the ownership to grader with:
sudo chown -R grader:grader venv3/
-
- From /var/www/html/ItemsCatalog/
touch /var/www/html/ItemsCatalog/ItemsCatalog.wsgi
- Add
#!/usr/bin/python import sys import logging logging.basicConfig(stream=sys.stderr) sys.path.insert(0, "/var/www/html/ItemsCatalog/") from ItemsCatalog import app as application
- Save
- Create and edit virtual host
sudo nano /etc/apache2/sites-available/ItemsCatalog.conf
- Add IP address
<VirtualHost *:80> ServerName adautovjr.codes ServerAdmin adautovjr@yahoo.com WSGIScriptAlias / /var/www/html/ItemsCatalog/ItemsCatalog.wsgi WSGIDaemonProcess ItemsCatalog python-path=/home/adminfm5/ItemsCatalog/venv/lib/python3.7/site-packages:/var/www/html/ItemsCatalog/venv/lib/python3.7/site-packages WSGIProcessGroup ItemsCatalog <Directory /var/www/html/ItemsCatalog/> Order allow,deny Allow from all <Files ItemsCatalog.wsgi> Require all granted </Files> </Directory> Alias /static /var/www/html/ItemsCatalog/static <Directory /var/www/html/ItemsCatalog/static/> Order allow,deny Allow from all </Directory> ErrorLog /var/www/html/ItemsCatalog/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
- Enable the virtual host by using the command:
sudo a2ensite ItemsCatalog.conf
- Type the following command for restarting the apache:
service apache2 reload service apache2 restart