{"id":20389227,"url":"https://github.com/maneeshd/linux-server-config","last_synced_at":"2026-04-16T10:31:21.278Z","repository":{"id":134229327,"uuid":"168242526","full_name":"maneeshd/linux-server-config","owner":"maneeshd","description":"Udacity FSND Project - Linux Server Configuration","archived":false,"fork":false,"pushed_at":"2019-01-29T23:13:30.000Z","size":30,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-04T23:44:24.549Z","etag":null,"topics":["apache2","flask","gunicorn","linux","python","systemd"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maneeshd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-29T22:53:51.000Z","updated_at":"2019-01-29T23:13:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"903f228c-57a9-4ffe-9ed0-c81bc2052ad0","html_url":"https://github.com/maneeshd/linux-server-config","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/maneeshd/linux-server-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maneeshd%2Flinux-server-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maneeshd%2Flinux-server-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maneeshd%2Flinux-server-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maneeshd%2Flinux-server-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maneeshd","download_url":"https://codeload.github.com/maneeshd/linux-server-config/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maneeshd%2Flinux-server-config/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31881971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T09:23:21.276Z","status":"ssl_error","status_checked_at":"2026-04-16T09:23:15.028Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apache2","flask","gunicorn","linux","python","systemd"],"created_at":"2024-11-15T03:16:42.365Z","updated_at":"2026-04-16T10:31:20.839Z","avatar_url":"https://github.com/maneeshd.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Linux Server Configuration\n\nUdacity Full Stack Developer Nanodegree :: Deploying Item Catalog web application in a linux server\n\nTake a baseline installation of a Linux distribution on a virtual machine and prepare it to host your web applications, to include installing updates, securing it from a number of attack vectors and installing/configuring web and database servers.\n\n- [Linux Server Configuration](#linux-server-configuration)\n  - [Deployment Details](#deployment-details)\n  - [Deployment Steps](#deployment-steps)\n    - [1. Initial login to the server as user `ubuntu`](#1-initial-login-to-the-server-as-user-ubuntu)\n    - [2. Update the operating system pakages and reboot if required](#2-update-the-operating-system-pakages-and-reboot-if-required)\n    - [3. Configure automatic security and critical updates](#3-configure-automatic-security-and-critical-updates)\n    - [4. Set timezone to UTC](#4-set-timezone-to-utc)\n    - [5. Create user `grader`](#5-create-user-grader)\n    - [6. Create passwords for users `ububtu` and `grader` to do ssh-copy-id](#6-create-passwords-for-users-ububtu-and-grader-to-do-ssh-copy-id)\n    - [7. Add user `grader` to sudoers list](#7-add-user-grader-to-sudoers-list)\n    - [8. Create SSH Keypairs for users `ubuntu` and `grader`](#8-create-ssh-keypairs-for-users-ubuntu-and-grader)\n    - [9. Create a keypair in your local machine](#9-create-a-keypair-in-your-local-machine)\n    - [10. Enable SSH logins through passwords in server temporarily](#10-enable-ssh-logins-through-passwords-in-server-temporarily)\n    - [11. `ssh-copy-id` the local machines' public key to `grader`](#11-ssh-copy-id-the-local-machines-public-key-to-grader)\n    - [12. Disable SSH logins through passwords in server permanently](#12-disable-ssh-logins-through-passwords-in-server-permanently)\n    - [13. Install Apache2 and enable required proxy modules](#13-install-apache2-and-enable-required-proxy-modules)\n    - [14. Configure firewall to allow OpenSSH, 'Apache Full', port 80, 123 and 2200](#14-configure-firewall-to-allow-openssh-apache-full-port-80-123-and-2200)\n    - [15. Enable port 2200 and HTTPS in the Lightsail VM Networking settings](#15-enable-port-2200-and-https-in-the-lightsail-vm-networking-settings)\n    - [16. Disable root login through SSH, change SSH port and add aloowed users to SSH config](#16-disable-root-login-through-ssh-change-ssh-port-and-add-aloowed-users-to-ssh-config)\n    - [17. Install Pip and Virtualenv, create a virtual environment for webapp](#17-install-pip-and-virtualenv-create-a-virtual-environment-for-webapp)\n    - [18. Install PostgreSQL and setup item-catalog database](#18-install-postgresql-and-setup-item-catalog-database)\n    - [19. Clone item-catalog git repository, put oauth2 data and install python packages](#19-clone-item-catalog-git-repository-put-oauth2-data-and-install-python-packages)\n    - [20. Configure gunicorn server and systemd service to manage the backend server](#20-configure-gunicorn-server-and-systemd-service-to-manage-the-backend-server)\n    - [21. Configue Apache2 server to be a reverse proxy, add domain name](#21-configue-apache2-server-to-be-a-reverse-proxy-add-domain-name)\n    - [22. Configure HTTPS and SSL](#22-configure-https-and-ssl)\n  - [References](#references)\n\n## Deployment Details\n\n- Application URL: https://md-item-catalog.ml\n\n- Virtual Server: Amazon Lightsail Instance\n  \n- Operating System: Ubuntu 18.04 LTS\n\n- IP Address: `13.233.215.53`\n\n- SSH Port: `2200` (Only Key based logins supported)\n  \n- Web Server: Apache2 Web Server acting as reverse proxy\n  \n- Backend Server: Gunicorn with 4 workers running the web app listening to port 5000 in localhost. Managed by systemd.\n  \n## Deployment Steps\n\n### 1. Initial login to the server as user `ubuntu`\n\n```bash\n$ ssh -i ~/.ssh/Lightsail_Key.pem ubuntu@13.233.215.53\n```\n\n### 2. Update the operating system pakages and reboot if required\n\n```bash\n$ sudo apt-get update\n$ sudo apt-get upgrade\n$ sudo apt-get dist-upgrade\n$ sudo reboot\n```\n\n### 3. Configure automatic security and critical updates\n\nFollow the official documentation: [Ubuntu Automatic Update Configuration](https://help.ubuntu.com/lts/serverguide/automatic-updates.html.en)\n\n### 4. Set timezone to UTC\n\nCheck if the current timezone is set to UTC using:\n\n```bash\n$ date\nTue Jan 29 15:42:28 UTC 2019\n```\n\nIf not UTC set timezone to UTC using the command below:\n\n(select 'None of the above' from the menu and then select 'UTC'.)\n\n```bash\n$ sudo dpkg-reconfigure tzdata\n\nCurrent default time zone: 'Etc/UTC'\nLocal time is now:      Tue Jan 29 15:45:18 UTC 2019.\nUniversal Time is now:  Tue Jan 29 15:45:18 UTC 2019.\n```\n\n### 5. Create user `grader`\n\n```bash\n$ sudo adduser grader\nAdding user 'grader' ...\nAdding new group 'grader' (1002) ...\nAdding new user 'grader' (1002) with group 'grader' ...\nCreating home directory '/home/grader' ...\nCopying files from '/etc/skel' ...\nEnter new UNIX password:\nRetype new UNIX password:\npasswd: password updated successfully\nChanging the user information for grader\nEnter the new value, or press ENTER for the default\n        Full Name []: Udacity Grader\n        Room Number []:\n        Work Phone []:\n        Home Phone []:\n        Other []:\nIs the information correct? [Y/n] Y\n```\n\n### 6. Create passwords for users `ububtu` and `grader` to do ssh-copy-id\n\n```bash\n$ sudo passwd ubuntu\nEnter new UNIX password: ********\nRetype new UNIX password: ********\npasswd: password updated successfully\n\n$ sudo passwd grader\nEnter new UNIX password: ********\nRetype new UNIX password: ********\npasswd: password updated successfully\n```\n\n### 7. Add user `grader` to sudoers list\n\n```bash\n$ usermod -aG sudo grader\n```\n\n### 8. Create SSH Keypairs for users `ubuntu` and `grader`\n\n```bash\n# As user ubuntu\n$ ssh-keygen -t rsa -b 4096\nGenerating public/private rsa key pair.\nEnter file in which to save the key (/home/ubuntu/.ssh/id_rsa):\nCreated directory '/home/ubuntu/.ssh'.\nEnter passphrase (empty for no passphrase):\nEnter same passphrase again:\nYour identification has been saved in /home/ubuntu/.ssh/id_rsa.\nYour public key has been saved in /home/ubuntu/.ssh/id_rsa.pub.\nThe key fingerprint is:\nSHA256:6xESKDYeewIYOE2upVA71LwRzayaA0DttwPHAWwVmzs ubuntu@ip-172-26-6-133\nThe keys randomart image is:\n+---[RSA 4096]----+\n|++*++B.          |\n|==.=+o*          |\n|=.% o*o          |\n|oB Oo+..         |\n|o.+o=Eo S        |\n|  +o o.. o       |\n|   .  . o        |\n|       . .       |\n|        .        |\n+----[SHA256]-----+\n\n# As user grader\n$ ssh-keygen -t rsa -b 4096\nGenerating public/private rsa key pair.\nEnter file in which to save the key (/home/grader/.ssh/id_rsa):\nCreated directory '/home/grader/.ssh'.\nEnter passphrase (empty for no passphrase):\nEnter same passphrase again:\nYour identification has been saved in /home/grader/.ssh/id_rsa.\nYour public key has been saved in /home/grader/.ssh/id_rsa.pub.\nThe key fingerprint is:\nSHA256:6xESKDYeewIYOE2upVA71LwRzayaA0DttwPHAWwVmzs grader@ip-172-26-6-133\nThe keys randomart image is:\n+---[RSA 4096]----+\n|++*++B.          |\n|==.=+o*          |\n|=.% o*o          |\n|oB Oo+..         |\n|o.+o=Eo S        |\n|  +o o.. o       |\n|   .  . o        |\n|       . .       |\n|        .        |\n+----[SHA256]-----+\n```\n\n### 9. Create a keypair in your local machine\n\n```bashr\n$ ssh-keygen -t rsa -b 4096 -C maneeshd77@gmail.com\nGenerating public/private rsa key pair.\nEnter file in which to save the key (/c/Users/mdivana/.ssh/id_rsa): fsnd_key\nEnter passphrase (empty for no passphrase):\nEnter same passphrase again:\nYour identification has been saved in fsnd_key.\nYour public key has been saved in fsnd_key.pub.\nThe key fingerprint is:\nSHA256:GKW7yzA1J1qkr1Cr9MhUwAbHbF2NrIPEgZXeOUOz3Us maneeshd77@gmail.com\nThe keys randomart image is:\n+---[RSA 2048]----+\n|.*++ o.o.        |\n|.+B + oo.        |\n| +++ *+.         |\n| .o.Oo.+E        |\n|    ++B.S.       |\n|   o * =.        |\n|  + = o          |\n| + = = .         |\n|  + o o          |\n+----[SHA256]-----+\n```\n\n### 10. Enable SSH logins through passwords in server temporarily\n\n```bash\n$ sudo vi /etc/ssh/sshd_config\nLocate 'PasswordAuthentication no' and change it to 'PasswordAuthentication yes'. Save.\n$ sudo serivce sshd restart\n```\n\n### 11. `ssh-copy-id` the local machines' public key to `grader`\n\n```bash\n$ ssh-copy-id -i ~/.ssh/fsnd_key grader@13.233.215.53\n/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: \"/c/Users/mdivana/.ssh/fsnd_key.pub\"\nThe authenticity of host '13.233.215.53 (13.233.215.53)' cannot be established.\nECDSA key fingerprint is SHA256:/9TWCe3NH67EQErMsagjifJ8hFa7uIyu0Nq6r1Pu1Iw.\nAre you sure you want to continue connecting (yes/no)? yes\n/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\ngrader@13.233.215.53 password:\n\nNumber of key(s) added: 1\n\nNow try logging into the machine, with:   'ssh -i ~/.ssh/fsnd_key grader@13.233.215.53'\nand check to make sure that only the key(s) you wanted were added.\n\nNow we can login without using password from our local machine.\n```\n\n### 12. Disable SSH logins through passwords in server permanently\n\n```bash\n$ sudo vi /etc/ssh/sshd_config\nLocate 'PasswordAuthentication yes' and change it to 'PasswordAuthentication no'. Save.\n$ sudo serivce sshd restart\n```\n\n### 13. Install Apache2 and enable required proxy modules\n\n```bash\n$ sudo apt-get install apache2\n$ sudo a2enmod\ngive the below list of modules to enable\n\nproxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html\n\n$ sudo systemctl restart apache2\n```\n\n### 14. Configure firewall to allow OpenSSH, 'Apache Full', port 80, 123 and 2200\n\n```bash\n$ sudo ufw app list\nAvailable applications:\n  Apache\n  Apache Full\n  Apache Secure\n  OpenSSH\n\n$ sudo ufw allow OpenSSH\nRules updated\nRules updated (v6)\n\n$ sudo ufw allow 'Apache Full'\nRules updated\nRules updated (v6)\n\n$ sudo ufw allow 80\nRules updated\nRules updated (v6)\n\n$ sudo ufw allow 2200\nRules updated\nRules updated (v6)\n\n$ sudo ufw enable\nCommand may disrupt existing ssh connections. Proceed with operation (y|n)? y\nFirewall is active and enabled on system startup\n\n$ sudo ufw status numbered\nStatus: active\n\n     To                         Action      From\n     --                         ------      ----\n[ 1] OpenSSH                    ALLOW IN    Anywhere\n[ 2] Apache Full                ALLOW IN    Anywhere\n[ 3] 80                         ALLOW IN    Anywhere\n[ 4] 2200                       ALLOW IN    Anywhere\n[ 5] OpenSSH (v6)               ALLOW IN    Anywhere (v6)\n[ 6] Apache Full (v6)           ALLOW IN    Anywhere (v6)\n[ 7] 80 (v6)                    ALLOW IN    Anywhere (v6)\n[ 8] 2200 (v6)                  ALLOW IN    Anywhere (v6)\n\n$ sudo reboot\n```\n\n### 15. Enable port 2200 and HTTPS in the Lightsail VM Networking settings\n\nOpen the Lightsail Instance console. Go to Netorking tab. Then in 'Firewall' settings\n\n1. Add a Custom TCP protocol with Port as 2200 to be enabled.\n2. Add HTTPS protocol to be enabled.\n\n### 16. Disable root login through SSH, change SSH port and add aloowed users to SSH config\n\n```bash\n$ sudo vi /etc/ssh/sshd_config\nLocate 'Post 22'. Uncomment line and change to 'Post 2200' (without quotes)\nLocate 'PasswordAuthentication'. Change to 'PasswordAuthentication no' (without quotes)\nAdd line 'AllowUsers ubuntu grader' (without quotes)\nAdd line 'PermitRootLogin no' (without quotes)\nSave.\n\n$ sudo service sshd restart\n\nNow the we can only ssh to server using: 'ssh -i ~/.ssh/fsnd_key grader@13.233.215.53'\n```\n\n### 17. Install Pip and Virtualenv, create a virtual environment for webapp\n\n```bash\n# As grader\n$ sudo apt-get install build-essential python3-pip\n\n$ sudo pip3 install virtualenv -U\n\n$ virtualenv fenv\nUsing base prefix '/usr'\nNew python executable in /home/grader/fenv/bin/python3\nAlso creating executable in /home/grader/fenv/bin/python\nInstalling setuptools, pip, wheel...\ndone.\n\n$ source ~/fenv/bin/activate\n(fenv) $ pip list\nPackage    Version\n---------- -------\npip        19.0.1\nsetuptools 40.7.1\nwheel      0.32.3\n```\n\n### 18. Install PostgreSQL and setup item-catalog database\n\n```sql\n-- Install postgresql\n$ sudo apt-get install postgresql\n\n-- Switch into postgresql superuser 'postgres'\n$ sudo su - postgres\n\n-- Enter psql shell\n$ psql\n\n-- Create user 'catalog'\npostgres=# CREATE ROLE catalog WITH LOGIN PASSWORD 'catalog';\nCREATE ROLE\n\n-- Create database 'catalog'\npostgres=# CREATE DATABASE catalog;\nCREATE DATABASE\n\n-- Grant all previleges on database 'catalog' to user 'catalog'\npostgres=# REVOKE ALL ON SCHEMA public FROM public;\nREVOKE\npostgres=# GRANT ALL ON SCHEMA public TO catalog;\nGRANT\npostgres=# GRANT ALL PRIVILEGES ON DATABASE catalog TO catalog;\nGRANT\n\n-- Exit psql shell\npostgres=# \\q\n\n-- Exit postgres user\n$ exit\n```\n\nUse **`postgresql://catalog:catalog@localhost/catalog`** as database url in `db_models.py` `db_util.py` and s`erver.py` in item-catalog\n\n### 19. Clone item-catalog git repository, put oauth2 data and install python packages\n\n```bash\n(fenv) $ git clone https://github.com/maneeshd/restaurants-menu.git item-catalog\nCloning into 'item-catalog'...\nremote: Enumerating objects: 93, done.\nremote: Counting objects: 100% (93/93), done.\nremote: Compressing objects: 100% (66/66), done.\nremote: Total 93 (delta 26), reused 83 (delta 22), pack-reused 0\nUnpacking objects: 100% (93/93), done.\n\n(fenv) $ cd item-catalog\n\n(fenv) $ pip install -r requirements.txt -U\n\n# Put the database url in the files stated and then -\n(fenv) $ python db_models.py\nUsing db_uri: postgresql://catalog:catalog@localhost/catalog to create models...\nDatabase models have been created successfully.\n\n(fenv) $ python db_util.py\nDatabase has been populated successfully.\n\n(fenv) $ vi wsgi.py\n# Put the following inside wsgi.py\nfrom server import APP\n\n\nif __name__ == \"__main__\":\n    APP.run(\"localhost\", port=5000, threaded=True)\n```\n\n**Put the Google and Facebook OAuth2 data in oauth_data directory. (Refer `oauth_data/README.txt` in item-catalog repo for more info)**\n\n### 20. Configure gunicorn server and systemd service to manage the backend server\n\n```bash\n$ cd ~/item-catalog\n\n$ mkdir gunicorn_logs\n\n$ vi gunicorn.conf\n# Put the following data inside gunicorn.conf\nworkers = 3\nerrorlog = '/home/grader/item-catalog/gunicorn_logs/errors.log'\naccesslog = '/home/grader/item-catalog/gunicorn_logs/access.log'\n\n# Create a systemd service for gunicorn\n$ sudo vi /etc/systemd/system/ItemCatalog.service\n# Put the following data between --- inside ItemCatalog.service\n--------------------------------\n[Unit]\nDescription=Gunicorn instance to serve Item-Catalog\nAfter=network.target\n\n[Service]\nUser=grader\nGroup=grader\nRestart=on-failure\nWorkingDirectory=/home/grader/item-catalog\nExecStart=/home/grader/fenv/bin/gunicorn -c gunicorn.conf -b localhost:5000 wsgi:APP --preload --capture-output --log-level debug\n\n[Install]\nWantedBy=multi-user.target\n--------------------------------\n\n# Reload daemon\n$ sudo systemctl daemon-reload\n\n# Enable ItemCatalog service\n$ sudo systemctl enable ItemCatalog\n\n# Start ItemCatalog serivice\n$ sudo systemctl start ItemCatalog\n\n$ sudo systemctl status ItemCatalog\n● ItemCatalog.service - Gunicorn instance to serve Item-Catalog\n   Loaded: loaded (/etc/systemd/system/ItemCatalog.service; enabled; vendor preset: enabled)\n   Active: active (running) since Mon 2019-01-28 13:00:07 UTC; 1 day 8h ago\n Main PID: 17468 (gunicorn)\n    Tasks: 4 (limit: 547)\n   CGroup: /system.slice/ItemCatalog.service\n           ├─17468 /home/grader/fenv/bin/python3 /home/grader/fenv/bin/gunicorn -c gunicorn.conf -b localhost:5000 wsgi:APP --preload\n           ├─17491 /home/grader/fenv/bin/python3 /home/grader/fenv/bin/gunicorn -c gunicorn.conf -b localhost:5000 wsgi:APP --preload\n           ├─17492 /home/grader/fenv/bin/python3 /home/grader/fenv/bin/gunicorn -c gunicorn.conf -b localhost:5000 wsgi:APP --preload\n           └─17493 /home/grader/fenv/bin/python3 /home/grader/fenv/bin/gunicorn -c gunicorn.conf -b localhost:5000 wsgi:APP --preload\nJan 28 13:00:07 ip-172-26-6-133 systemd[1]: Stopped Gunicorn instance to serve Item-Catalog.\nJan 28 13:00:07 ip-172-26-6-133 systemd[1]: Started Gunicorn instance to serve Item-Catalog.\nlines 1-13/13 (END)\n```\n\n### 21. Configue Apache2 server to be a reverse proxy, add domain name\n\n```bash\n$ sudo vi /etc/apache2/sites-available/000-default.conf\n\u003cVirtualHost *:80\u003e\n    ServerName md-item-catalog.ml  \n    ServerAlias www.md-item-catalog.ml\n\n    ServerAdmin maneeshd77@gmail.com\n    DocumentRoot /var/www/html\n\n    ErrorLog ${APACHE_LOG_DIR}/error.log\n    CustomLog ${APACHE_LOG_DIR}/access.log combined\n\n    \u003cProxy *\u003e\n        Order deny,allow\n        Allow from all\n    \u003c/Proxy\u003e\n    ProxyPreserveHost On\n    \u003cLocation \"/\"\u003e\n        ProxyPass \"http://localhost:5000/\"\n        ProxyPassReverse \"http://localhost:5000/\"\n    \u003c/Location\u003e\n\u003c/VirtualHost\u003e\n\n# Check for syntax errors\n$ sudo apache2ctl configtest\nSyntax OK\n\n$ sudo apache2ctl restart\n```\n\n### 22. Configure HTTPS and SSL\n\n```bash\n# Enable mod_ssl in apache2\n$ sudo a2enmod ssl\n\n# Install Certbot\n$ sudo add-apt-repository ppa:certbot/certbot\nPress ENTER to accept.\n\n$ sudo apt-get install python-certbot-apache\nCertbot is now ready to use, but in order for it to configure SSL for Apache we need to assign a ServerName in \nthe apache config i.e. a domain has to be assigned to ServerName and the www.domain assigned to ServerAlias.\n\n$ cat /etc/apache2/sites-available/000-default.conf\nMake sure ServerName and ServerAlias is set with required values.\n\n$ sudo apache2ctl configtest\nSyntax OK\n\n$ sudo systemctl reload apache2\n\n# Obtain a SSL certificate from LetsEncrypt\n$ sudo certbot --apache -d md-item-catalog.ml -d www.md-item-catalog.ml\n...\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n-------------------------------------------------------------------------------\n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n-------------------------------------------------------------------------------\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 2\n\nThe configuration will be updated, and Apache will reload to pick up the new settings. \ncertbot will wrap up with a message telling you the process was successful and where your certificates are stored.\n```\n\nThe server is now ready and secured. The web application is also secured with HTTPS/SSL encryption.\n\n## References\n\n- https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04\n  \n- https://help.ubuntu.com/lts/serverguide/automatic-updates.html.en\n\n- https://www.ssh.com/ssh/copy-id\n\n- https://help.ubuntu.com/community/SSH/OpenSSH/Keys\n  \n- https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart\n\n- https://www.vioan.eu/blog/2016/10/10/deploy-your-flask-python-app-on-ubuntu-with-apache-gunicorn-and-systemd/\n\n- https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaneeshd%2Flinux-server-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaneeshd%2Flinux-server-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaneeshd%2Flinux-server-config/lists"}