This is Project 5 (Linux Server Administration) of the Udacity Full Stack Web Developer nanodegree.
Version : 1.0.0
Author : Timothee Hack
- SSH :
- Website : (port 80)
Google Authentification requires a domain name to function, it cannot work with a public IP address. For this reasion, currently, only the Facebook authentification is working.
1.1. Connected to Udacity account using instructions at :!/development_environment
1.2. Connected to server using PuTTY (root@
External Resources :
# Update package list
apt-get update
# Upgrade packages
apt-get -y upgrade
# Install tool to auto-update packages
apt-get install -y unattended-upgrades
# Enable auto-update
dpkg-reconfigure -plow unattended-upgrades
# Set up server timezone
dpkg-reconfigure tzdata
External Resources :
3.1.1. Create user ```bash # Create user grader adduser --gecos "" grader # Password : kickbottlesneakfruit
# Grant sudo priviliges to grader
usermod -a -G sudo grader
3.1.2. Configure sudo priviliges
bash # Make a backup of sudoers file cp /etc/sudoers /etc/sudoers.bak
* Edit /etc/sudoers:
* Replace "root ALL=(ALL:ALL) ALL" with "grader ALL=(ALL:ALL) ALL"
* Replace "sudo ALL=(ALL:ALL) ALL" with "sudo ALL=(ALL:ALL) NOPASSWD: ALL"
# Make /etc/sudoers readonly
chmod 0444 /etc/sudoers
3.1.3. Configure hostname * Edit /etc/hostname :
Add : " localhost.localdomain localhost"
Note : To apply changes without rebooting, run the command :
sudo hostname localhost
External Resources :
3.2.1. Backup ssh configuration
# Make a backup of default ssh configuration
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
# Make backup copy readonly
chmod a-w /etc/ssh/sshd_config.factory-defaults
3.2.2. Configure ssh
- Edit file /etc/ssh/sshd_config
- Change port to 2200
- Temporairly set password authentification to yes "PasswordAuthentication yes"
- Add or edit the "AllowUsers" parameter to only show "AllowUsers grader"
- Restart ssh :
service ssh restart
3.2.3. Configure rsa key file for authenticating user grader
On a client machine with access to ssh, the one used to connect to the server :
# Generate key files for user grader
ssh-keygen -t rsa -f local-path-to-file
# Send the key file to the server
ssh-copy-id -p 2200 -i local-path-to-file grader@
3.2.4. Finalize ssh configuration
- Login with user grader :
ssh -p 2200 grader@
- Change permissions for ssh config :
sudo chmod 777 /etc/ssh/sshd_config
- Edit /etc/ssh/sshd_config
- Remove password authentification "PasswordAuthentication no"
- Reset permissions for ssh config : "sudo chmod 644 /etc/ssh/sshd_config"
- Restart ssh :
sudo service ssh restart
External Resources :
4.1. Set up UFW firewall
# Configure the UFW firewall to only allow : NTP on 123/udp, SSH on 2200/tcp and HTTP on 80/tcp
sudo ufw allow 123/udp
sudo ufw allow 2200/tcp
sudo ufw allow 80/tcp
sudo ufw enable
4.2. Set up NTP server
sudo apt-get install -y ntp
External Resources :
5.1. Install packages
sudo apt-get install -y zlib1g-dev libbz2-dev libreadline-dev python-pip build-essential python-dev python2.7-dev
sudo apt-get install python-flask python-sqlalchemy python-psycopg2 libjpeg8-dev apache2 python-setuptools libapache2-mod-wsgi
sudo pip install pillow oauth2client glances
5.1. Set up website files and configuration
# Make a main folder for the website
sudo mkdir /srv/TravelLog
# Clone the git repository with the application files
sudo git clone /srv/TravelLog
# Create a config file for the virtual host
sudo pico /etc/apache2/sites-available/TravelLog.conf
- Put the following in the file :
<VirtualHost *:80>
DocumentRoot /srv
WSGIScriptAlias / /srv/TravelLog/flaskapp.wsgi
<Directory /srv/TravelLog/TravelLog/>
Order allow,deny
Allow from all
Alias /static /srv/TravelLog/TravelLog/static
<Directory /srv/TravelLog/TravelLog/static/>
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Enable the virtual host
sudo a2ensite TravelLog
# Create the flaskapp.wsgi file
sudo nano /srv/TravelLog/flaskapp.wsgi
- Put the following in the file :
import sys
import logging
from FlaskApp import app as application
application.secret_key = 'super_secret_key'
# Deactivate the default site
sudo a2dissite 000-default
# Restart Apache
sudo service apache2 restart
External Resources :
5.2. Install and configure Postgresql
# Install packages
sudo apt-get install postgresql postgresql-contrib
# Log into the user postgres
sudo -i -u postgres
# Create catalog user and catalog db with owner catalog. Remove all other user's acces to the catalog db
psql --command "CREATE USER catalog WITH CREATEDB LOGIN PASSWORD 'cementvanitycoasterquirk'";
createdb -O catalog catalog
psql -U postgres -d catalog -c "REVOKE ALL ON SCHEMA public FROM public;"
psql -U postgres -d catalog -c "GRANT ALL ON SCHEMA public TO catalog;"
# By default postgres only allows local connections
# log out back to grader account
# Initialize the database
sudo python /srv/TravelLog/TravelLog/
sudo python /srv/TravelLog/TravelLog/
External Resources :