This is a summary of how I configured the Amazon EC2 instance to run the item_catalog application.
- SSH is available on port 2200 at the IP address: 52.24.117.220.
- The public URL for the hosted website is: http://ec2-52-24-117-220.us-west-2.compute.amazonaws.com or just 52.24.117.220
In the terminal on the local machine, create the RSA private key file by running the following commands:
touch ~/.ssh/udacity_key.rsa
nano ~/.ssh/udacity_key.rsa
then, pasted the contents of the udacity_key.rsa file you downloaded from the Udacity website.
In the terminal on the local machine, create the RSA public/private key file by running the following commands:
ssh-keygen
When asked to save the key, enter: ~/.ssh/grader.rsa
cat ~/.ssh/grader.rsa.pub and copy the contents of this output to the clipboard.
ssh -i ~/.ssh/udacity_key.rsa [email protected]
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install finger
adduser grader
mkdir /home/grader/.ssh
touch /home/grader/.ssh/authorized_keys
nano /home/grader/.ssh/authorized_keys
Paste the contents of the clipboard from above and save the file.
touch /etc/sudoers.d/grader
nano /etc/sudoers.d/grader
grader ALL=(ALL:ALL) ALL
sudo apt-get install ntp
sudo dpkg-reconfigure tzdata
Choose None of the above, on next screen, choose UTC.
sudo nano /etc/ssh/sshd_config
Change Port 22 to Port 2200 # this makes ssh run on port 2200 instead of 22.
Add AllowUsers grader # this makes grader the only user that can ssh to the remote server
sudo service ssh restart # restart the ssh service.
If all goes well, you will get disconnected, but should be able to log back in using the following command:
ssh -p 2200 -i ~/.ssh/grader.rsa [email protected]
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2200/tcp
sudo ufw allow www
sudo ufw allow ntp
WARNING: This next command enables the firewall. Before running it, make sure you have changed the ssh port to 2200 AND that you've opened port 2200 in the firewall. Otherwise, you will be permanently locked out of accessing your server.
sudo ufw enable
sudo apt-get install apache2
sudo apt-get install python-setuptools libapache2-mod-wsgi python-dev
Install git so that you can clone the item_catalog application into the Flask app.
sudo apt-get install git
Follow these instructions to deploy the Flask application, using git clone to clone the item_catalog app from GitHub to the remote server.
In the .git folder, insert a .htaccess file to deny access to that directory, though I don't know if this is necessary or not.
sudo nano .htaccess
Type: deny from all and save the file.
Once everything is configured, you'll need to restart the apache2 service: sudo apache2ctl restart
Follow these instructions to install and configure the postgres database server and create the user: catalog and create the database called catalog.
Follow these instructions for using unattended-upgrades to keep server security software automatically updated.
Fail2Ban can be setup to block IP addresses for users attempting to gain access to the server via ssh who fail authentication 5 times.
Follow these instructions to install Fail2Ban. Configure Fail2Ban to send email to grader@localhost. To read the emails in the grader account, you'll need to install mailutils.
sudo apt-get install mailutils
To monitor the health of the server and its processes, install the glances application.
sudo apt-get install glances
To run glances, simply enter the command glances.