{"id":18376656,"url":"https://github.com/manojpatra1991/linux-server-configuration","last_synced_at":"2026-04-30T09:36:04.420Z","repository":{"id":104745812,"uuid":"102105305","full_name":"MANOJPATRA1991/Linux-Server-Configuration","owner":"MANOJPATRA1991","description":"Linux server configuration to serve a Flask application as a wsgi application","archived":false,"fork":false,"pushed_at":"2017-09-11T12:48:48.000Z","size":75,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-04-30T09:36:03.304Z","etag":null,"topics":["apache2","lightsail","linuu","local-machine","nano-editor","postgresql","python3","ssh","ubuntu1604","wsgi-application"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MANOJPATRA1991.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-01T11:12:47.000Z","updated_at":"2019-10-20T06:28:13.000Z","dependencies_parsed_at":null,"dependency_job_id":"747b12eb-40ac-4d6a-bac8-4073231642e2","html_url":"https://github.com/MANOJPATRA1991/Linux-Server-Configuration","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MANOJPATRA1991/Linux-Server-Configuration","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MANOJPATRA1991%2FLinux-Server-Configuration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MANOJPATRA1991%2FLinux-Server-Configuration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MANOJPATRA1991%2FLinux-Server-Configuration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MANOJPATRA1991%2FLinux-Server-Configuration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MANOJPATRA1991","download_url":"https://codeload.github.com/MANOJPATRA1991/Linux-Server-Configuration/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MANOJPATRA1991%2FLinux-Server-Configuration/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32460781,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T22:27:22.272Z","status":"online","status_checked_at":"2026-04-30T02:00:05.929Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apache2","lightsail","linuu","local-machine","nano-editor","postgresql","python3","ssh","ubuntu1604","wsgi-application"],"created_at":"2024-11-06T00:24:17.599Z","updated_at":"2026-04-30T09:36:04.405Z","avatar_url":"https://github.com/MANOJPATRA1991.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Linux-Server-Configuration\n\nThis is the final project of Udacity's [Full Stack Web Development Nanodegree]().\n\n## Project Requirements\n\nSet up an Apache server to serve the Item Catalog Project created as part of the Nanodegree program as a wsgi application.\n\n## Set up Ubuntu Linux server instance on Amazon Lightsail\nURL: http://ec2-13-126-178-229.ap-south-1.compute.amazonaws.com/\n\nIP address: 13.126.178.229\n\nPort: 2200\n\n## Update all packages\n\nDownload the package lists from the repositories and update them to get information on the newest versions of packages and their dependencies. This only re-synchronizes the package index files from their sources.\n```\nsudo apt-get update\n```\n\nTo do the actual upgrading\n```\nsudo apt-get upgrade\n```\n\n## Configure Firewall\n\nDeny all requests\n```\nsudo ufw default deny incoming\n```\n\nSet default for outgoing connections\n```\nsudo ufw default allow outgoing\n```\n\nAllow incoming on SSH\n```\nsudo ufw allow ssh\nsudo ufw allow 2200/tcp\n```\n\nAllow incoming on HTTP(port 80)\n```\nsudo ufw allow www\n```\n\nAllow incoming on NTP(port 123)\n```\nsudo ufw allow ntp\n```\n\nEnable firewall\n```\nsudo ufw enable\n```\n\n## Disable port 22\n\nEdit the /etc/ssh/sshd_config file to set Port to 2200.\nThen restart the service with `sudo service ssh restart`.\n\nThen disable port 22 from firewall as follows:\n```\nsudo ufw deny 22\n```\n\nCheck status of firewall with\n```\nsudo ufw status\n```\n\n\n## Disable root login\n\nTo disable root login, I added the following line of code to /etc/ssh/sshd_config\nwith the nano editor\n```\n# Disable root login\nPermitRootLogin no\n```\n\n## Create new user\n\nCreate new user account\n```\nsudo adduser grader\n```\n\nAdd new user grader with sudo permissions in a new file in etc/sudoers.d directory\n```\ntouch /etc/sudoers.d/grader\n```\nEdit the file with nano editor\n```\nsudo nano /etc/sudoers.d/grader\n```\nWrite in the file\n```\ngrader ALL=(ALL) NOPASSWD:ALL\n\n```\n\n## Generate SSH key pair for grader\nThe key is generated on the local machine using **ssh-keygen** and stored in a file named project.\nOn the server:\n```\nsu -u grader\nmkdir .ssh\ntouch .ssh/authorized_keys\nnano .ssh/authorized_keys\n```\nAnd then write the key generated on local machine to the authorized_keys file.\n\nSet file permissions:\n```\nchmod 700 .ssh\nchmod 644 .ssh/authorized_keys\n```\n\nLog in to grader account by\n```\nssh grader@13.126.178.229 -p 2200 -i ~/.ssh/project\n\n```\n\nEdit /etc/ssh/sshd_config file by logging in from the grader account to disable tunnelled clear text passwords.\n\nRestart the service when done editing.\n```\nsudo service ssh restart\n```\n\n## Configure the local timezone to UTC\n\nSet local time zone using `sudo dpkg-reconfigure tzdata` followed by selection of geographical area.\n\nIt can also be set using\n```\nsudo timedatectl set-timezone Etc/UTC\n```\n\n## Install apache2 and libapache2-mod-wsgi modules\n\n```\nsudo apt-get install apache2\nsudo apt-get install libapache2-mod-wsgi\n```\n\n## Install PostgreSQL\n```\nsudo apt-get install postgresql postgresql-contrib\n```\nLogin as superuser postgres\n```\nsudo su - postgres\n```\nCreate a new database named \"catalog\" and create a new user named \"dbuser\" in postgressql.\n```\nCREATE DATABASE catalog;\nCREATE USER dbuser;\n```\n\nSet password for dbuser\n```\nALTER ROLE dbuser WITH PASSWORD 'catalog';\n```\n\nGive user \"dbuser\" permission to \"catalog\" application database\n```\nGRANT ALL PRIVILEGES ON DATABASE catalog TO dbuser;\n```\n## Install git\n\n```\nsudo apt-get install git\n```\n\n## Update Catalog Project to run as wsgi application\n\n1. Create a new directory in /var/www named CatalogProject\n2. Clone the catalog project into CatalogProject folder using `sudo git clone \u003cGIT_REPO_LINK\u003e`\n3. Rename run.py file as __init__.py\n4. Since the app previously used sqlite, change it from `engine = create_engine('sqlite:///catalog.db')` to \n `engine = create_engine('postgresql://dbuser:catalog@localhost/catalog')`.\n5. Install all python dependencies as per the requirements.txt file.\n6. Set all python module paths relative to the GameZone folder.\n7. Create a file GameZone.conf in /etc/apache2/sites-available.\n8. GameZone.conf:\n ```\n \u003cVirtualHost *:80\u003e\n ServerName 13.126.178.229\n ServerAdmin patra.manoj0@gmail.com\n\n WSGIScriptAlias / /var/www/CatalogProject/app.wsgi\n \u003cDirectory /var/www/CatalogProject/GameZone\u003e\n Order allow,deny\n Allow from all\n \u003c/Directory\u003e\n Alias /static /var/www/CatalogProject/GameZone/app/static\n \u003cDirectory /var/www/CatalogProject/GameZone/app/static/\u003e\n Order allow,deny\n Allow from all\n \u003c/Directory\u003e\n Alias /uploads /var/www/CatalogProject/GameZone/app/uploads\n \u003cDirectory /var/www/CatalogProject/GameZone/app/uploads/\u003e\n Order allow,deny\n Allow from all\n \u003c/Directory\u003e\n Alias /app /var/www/CatalogProject/GameZone/app\n \u003cDirectory /var/www/CatalogProject/GameZone/app/\u003e\n Order allow,deny\n Allow from all\n \u003c/Directory\u003e\n\n ErrorLog ${APACHE_LOG_DIR}/error.log\n LogLevel warn\n CustomLog ${APACHE_LOG_DIR}/access.log combined\n \u003c/VirtualHost\u003e\n\n ```\n 9. Disable 000-default.conf file in /etc/apache2/sites-available.\n ```\n sudo a2dissite 000-default.conf\n ```\n \n 10. Enable GameZone.conf file in /etc/apache2/sites-available.\n ```\n sudo a2ensite GameZone.conf\n ```\n 11. Restart apache2 server with\n ```\n sudo service apache2 restart\n ```\n 12. Create app.wsgi file inside CatalogProject.\n \n ```\n #!/usr/bin/python\n import sys\n import logging\n logging.basicConfig(stream=sys.stderr)\n sys.path.insert(0,\"/var/www/CatalogProject/\")\n\n from GameZone.app import app as application\n application.secret_key = '\\xa8\\xd2\\xe1\\x07I\\r\\x8f\\xc4\\xfc\\xa8\\xb4u\u003cn%\\x13\\xf9\\xd2S\\xf3\\x06\\xce\\x8d\\r'\n\n ```\n 13. Update the permissions for the uploads folder to enable read and write.\n ```\n chmod 777 /var/www/CatalogProject/GameZone/app/uploads\n chown grader:grader /var/www/CatalogProject/GameZone/app/uploads\n ```\n \n 14. Restart the apache2 server.\n ```\n sudo service apache2 restart\n ```\n \n ## Extra much needed configurations\n \n #### Auto-update packages\n 1. Install unattended-upgrades package\n ```\n sudo dpkg-reconfigure --priority=low unattended-upgrades\n sudo apt-get install apt-listchanges\n ```\n 2. Add the following line to /etc/apt/apt.conf.d/20auto-upgrades so that the script generates more verbose output\n ```\n APT::Periodic::Verbose \"1\";\n ```\n 3. Edit the /etc/apt/apt.conf.d/50unattended-upgrades file by uncommenting the following line of code:\n ```\n \"${distro_id} ${distro_codename}-updates\";\n ```\n 4. Replace all in /etc/apt/apt.conf.d/10periodic with the following lines of code:\n ```\n // Do \"apt-get update\" automatically every day\n APT::Periodic::Update-Package-Lists \"1\";\n\n // Do \"apt-get upgrade --download-only\" every day\n APT::Periodic::Download-Upgradeable-Packages \"1\";\n\n // Run the \"unattended-upgrade\" security upgrade script\n // every day\n APT::Periodic::Unattended-Upgrade \"1\";\n\n // Do \"apt-get autoclean\" every 7-days\n APT::Periodic::AutocleanInterval \"7\";\n \n ```\n NOTE: `APT::Periodic::Unattended-Upgrade \"1\";` requires the package \"unattended-upgrades\" and will write a log in /var/log/unattended- upgrades, which can be monitored for unattended package lists.\n \n #### Security - Monitor failed login attempts\n 1. Install fail2ban\n ```\n sudo apt-get install fail2ban\n ```\n 2. Install a package \"sendmail\" to receive relevant logs on the provided email:\n ```\n sudo apt-get install sendmail\n ```\n 3. Copy jail.conf to jail.local for editing.\n NOTE: Never edit jail.conf as this file can be modified by package upgrades. All the editing is to be done in jail.local file.\n ```\n sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local\n ```\n 4. Update jail.local to include following lines of code:\n ```\n # [DEFAULT]\n bantime = 3600\n findtime = 600\n maxretry = 3\n destemail = patra.manoj0@gmail.com\n sendername = Fail2Ban\n mta = sendmail\n action = $(action_mwl)s\n\n ```\n Ban time is 1 hour.\n The mta parameter configures what mail service will be used to send mail. \n As we want the email to include the relevant log lines, you make use of action_mwl.\n \n 5. Update sshd and ssh parameters:\n \n ```\n [sshd]\n enabled = true\n\n [ssh]\n enabled = true\n banaction = ufw-ssh\n port = 2200\n filter = sshd\n logpath = /var/log/auth.log\n maxretry = 3\n\n ```\n \n 6. Create a new file /etc/fail2ban/action.d/ufw-ssh.conf and add the following:\n ```\n [Definition]\n actionstart =\n actionstop =\n actioncheck =\n actionban = ufw insert 1 deny from \u003cip\u003e to any app 2200\n actionunban = ufw delete deny from \u003cip\u003e to any app 2200\n ```\n NOTE: This file will be executed if a ban occurs.\n \n 7. Stop and restart the fail2ban service:\n \n ```\n sudo service fail2ban stop\n sudo service fail2ban start\n \n ```\n \n \n ## References\n \n 1. [Amazon Lightsail](https://lightsail.aws.amazon.com)\n 2. [Structure Large Flask Applications](https://www.digitalocean.com/community/tutorials/how-to-structure-large-flask-applications)\n 3. [How do I change my timezone to UTC/GMT?](https://askubuntu.com/questions/138423/how-do-i-change-my-timezone-to-utc-gmt)\n 4. [Apache Configuration Files](https://httpd.apache.org/docs/2.2/configuring.html)\n 5. [PostgreSQL Server Installation and Configuration](http://openobject-documentation.readthedocs.io/en/latest/1/linux/postgres/index.html)\n 6. [How To Deploy a Flask Application on an Ubuntu VPS](https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps)\n 7. [Website not loading - Apache conf problems](https://www.digitalocean.com/community/questions/website-not-loading-apache-conf-problems)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmanojpatra1991%2Flinux-server-configuration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmanojpatra1991%2Flinux-server-configuration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmanojpatra1991%2Flinux-server-configuration/lists"}