{"id":28209550,"url":"https://github.com/ywzheng1/linux-server-configuration","last_synced_at":"2025-08-27T22:32:58.796Z","repository":{"id":235382132,"uuid":"208640715","full_name":"ywzheng1/linux-server-configuration","owner":"ywzheng1","description":"Linux server set up on Ubuntu and Amazon Lightsail","archived":false,"fork":false,"pushed_at":"2019-09-15T18:47:27.000Z","size":302,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-17T16:14:34.040Z","etag":null,"topics":["amazon-lightsail","deployment","http","linux-server","ssh-key","ssh-port","ubuntu1604","ufw","vagrant","virtual-machine"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ywzheng1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-09-15T18:45:59.000Z","updated_at":"2020-05-11T20:20:22.000Z","dependencies_parsed_at":"2024-04-23T07:54:38.469Z","dependency_job_id":null,"html_url":"https://github.com/ywzheng1/linux-server-configuration","commit_stats":null,"previous_names":["ywzheng1/linux-server-configuration"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ywzheng1%2Flinux-server-configuration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ywzheng1%2Flinux-server-configuration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ywzheng1%2Flinux-server-configuration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ywzheng1%2Flinux-server-configuration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ywzheng1","download_url":"https://codeload.github.com/ywzheng1/linux-server-configuration/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ywzheng1%2Flinux-server-configuration/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259154391,"owners_count":22813593,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amazon-lightsail","deployment","http","linux-server","ssh-key","ssh-port","ubuntu1604","ufw","vagrant","virtual-machine"],"created_at":"2025-05-17T16:12:45.887Z","updated_at":"2025-06-10T21:31:42.558Z","avatar_url":"https://github.com/ywzheng1.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"## Linux Server Configuration  \n---\n#### Server Details:\nIP address: http://3.226.249.31/  \nSSH port: 2200\n\n- The Linux distribution is Ubuntu 16.04 LTS.  \n- The virtual private server is Amazon Lighsail.  \n- The web application is my [Item Catalog project](https://github.com/ywzheng1/item-catalog_dog-breed-group/tree/master).\n- The database server is PostgreSQL.\n\nYou can visit http://3.226.249.31/ for website deployed.\n\n![](images/application-screenshot.png)\n\n# Configuration steps\n---\n#### 1.Create an instance in AWS Lightsail  \nGo to [AWS Lightsail](https://lightsail.aws.amazon.com/ls/webapp/home/resources) and create a new account / sign in with your account.\n\nClick Create instance and choose Linux/Unix,OS only Ubuntu 16.04LTS\n\nChoose a payment plan (the cheapest plan is enough for now and it's free for first month)\n\nClick Create button to create an instance.\n\n###### :page_with_curl: *Reference:*\n\nServerPilot, [How to Create a Server on Amazon Lightsail](https://serverpilot.io/community/articles/how-to-create-a-server-on-amazon-lightsail.html)\n\n#### 2. Set up SSH key :key:\nGo to account page from your AWS account. You will find your SSH key there.\n\nDownload your SSH key, the file name will be like `LightsailDefaultPrivateKey-*.pem`\n\nNavigate to the directory where your file is stored in your terminal.\n\nRun `chmod 600 LightsailDefaultPrivateKey-*.pem` to restrict the file permission.\n\nChange name to `lightsail_key.rsa`.\n\nRun a command `ssh -i lightsail_key.rsa ubuntu@3.226.249.31 in your terminal`, where 3.226.249.31 is the public IP address of the instance.\n\n\n#### 3. Update and upgrade installed packages\n```\nsudo apt-get update\nsudo apt-get upgrade\n```\n\n#### 4. Change the SSH port from 22 to 2200\nEdit the /etc/ssh/sshd_config file: `sudo nano /etc/ssh/sshd_config`.  \nChange the port number on line 5 from 22 to 2200.  \nSave and exit using `CTRL+X` and confirm with Y.  \nRestart SSH: `sudo service ssh restart`.  \n\n\n#### 5. Set up Uncomplicated Fire Wall (UFW)\nConfigure UDW to allow only incoming request from port2200(SSH), port80 (HTTP) and port123 (NTP).\n\n`sudo ufw status` -- utf should be inactive\n\n`sudo ufw default deny incoming` -- deny all incoming requests\n\n`sudo ufw default deny outgoing` -- allow all outgoing requests\n\n`sudo ufw allow 2200/tcp` -- allow incoming ssh request\n\n`sudo ufw allow 80/tcp` -- allow all http request\n\n`sudo ufw allow 123/udp` -- allow ntp request\n\n`sudo ufw deny 22` -- deny incoming request for port 22\n\n`sudo ufw enable` -- enable ufw\n\n`sudo ufw status` -- check current status of ufw\n\nGo to AWS page and set up relevant ports from `networking` tab.\n\nClick on the `Manage` option of the Amazon Lightsail Instance, then the Networking tab,\n![](images/UFW-1.png)\nInside Manage, navigate to Networking tab, and then change the firewall configuration to match the internal firewall settings above.\n\nAllow ports 80(TCP), 123(UDP), and 2200(TCP), and deny the default port 22.\n![](images/UFW.png)\n\n\n#### 6. Create a new user called grader and give an access\nRun `udo adduser grader` to create a new user called grader\n\nCreate a new directory in sudoer directory with `sudo nano /etc/sudoers.d/grader`\n\nAdd `grader ALL=(ALL:ALL) ALL` in nano editor\n\nRun `sudo nano /etc/hosts`\n\nSet SSH keys for grader user with `ssh-keygen` in your local machine.\n\nCopy the generated SSH to a virtual environment.\n\nRun the following command in your virtual environment.\n\n`su - grader` -- switch user\n\n`mkdir .ssh`\n\n`touch .ssh/authorized_keys`\n\n`nano .ssh/authorized_keys` and copy your generated SSH key here.\n\nReload SSH with `service ssh restart`\n\nThen now you can login grader user.\n\n###### * Disable rootlogin\n\nOpen `/etc/ssh/sshd_config` and find PermitRootLogin and change it to no.\n\n\n#### 7. Set up local time zone\nRun `sudo dpkg-reconfigure tzdata` and choose UTC\n\n#### 8. Install Apache application and wsgi module\nRun `sudo apt-get install apache2` to install apache\n\nRun `sudo apt-get install python-setuptools libapache2-mod-wsgi` to install mod-wsgi module\n\nStart the server `sudo service apache2 start`\n\nEnter public IP of the Amazon Lightsail instance into browser. If Apache is working, you should see:\n![](images/apache2.png)\n\n#### 9. Install git\nRun `sudo apt-get install git`\n\nConfigure your username and email. git config --global user.name \u003cusername\u003e and git config --global user.email \u003cemail\u003e\n\n#### 10. Clone your project\nRun `cd /var/www and sudo mkdir catalog`\n\nChange the owner to grader `sudo chown -R grader:grader catalog`\n\nRun `sudo chmod catalog` to give a permission to clone the project.\n\nSwitch to the catalog directory and clone the Catalog project.\n\n`cd catalog` and `git clone https://github.com/ywzheng1/item-catalog_dog-breed-group/tree/master`\n\nAdd catalog.wsgi file by running `sudo nano catalog.wsgi` and add the following code.\n\n```\nimport sys\nimport logging\nlogging.basicConfig(stream=sys.stderr)\nsys.path.insert(0, \"/var/www/catalog/\")\n\nfrom catalog import app as application\napplication.secret_key = 'secret'\nModify filenames to deploy on AWS.\n```\nRename webserver.py to `__init__.py` by running command `mv webserver.py __init__.py`\n\nIn `__init__.py` file, replace app.run to following:\n```\n# app.run(host=\"0.0.0.0\", port=8000, debug=True)\napp.run()\n```\n\n#### 11. Install virtual environment and Flask framework\nFirst install pip, `sudo apt-get install python-pip`\n\nRun `sudo apt-get install python-virtualenv` to install virtual environment\n\nCreate a new virtuall environment with `sudo virtualenv venv` and activate it `source venv/bin/activate`\n\nChange permissions to the viertual environment folder `sudo chmod -R 777 venv`\n\nInstall the following dependencies:\n```\npip install httplib2\npip install requests\npip install --upgrade oauth2client\npip install sqlalchemy\npip install flask\nsudo apt-get install libpq-dev\npip install psycopg2\n```\n\n#### 12. Configure Apache\nCreate a config file `sudo nano /etc/apache2/sites-available/catalog.conf`\n\nPaste the following code\n```\n\u003cVirtualHost *:80\u003e\n    ServerName Your-Public-IP-Address\n    ServerAdmin Your-prefrred-email-address\n    WSGIScriptAlias / /var/www/catalog/catalog.wsgi\n    \u003cDirectory /var/www/catalog/catalog/\u003e\n        Order allow,deny\n        Allow from all\n    \u003c/Directory\u003e\n    Alias /static /var/www/catalog/catalog/static\n    \u003cDirectory /var/www/catalog/catalog/static/\u003e\n        Order allow,deny\n        Allow from all\n    \u003c/Directory\u003e\n    ErrorLog ${APACHE_LOG_DIR}/error.log\n    LogLevel warn\n    CustomLog ${APACHE_LOG_DIR}/access.log combined\n\u003c/VirtualHost\u003e\n```\nEnable the new virtual host `sudo a2ensite catalog`\n\n#### 13. Install and configure PostgressSQL\nRun `sudo apt-get install PostgreSQL`\n\nLogin to postgress `sudo su - postgres`\n\nAfter switch user to pstgres, run `psql`\n\nCreate a new user `CREATE USER catalog` WITH PASSWORD 'password' by running below command\n```\npostgres=# CREATE ROLE catalog WITH LOGIN PASSWORD 'catalog';\npostgres=# ALTER ROLE catalog CREATEDB;\n```\n\nCreate a DB called 'catalog' with `ALTER USER catalog CREATEDB` and `CREATE DATABASE catalog WITH OWNER catalog`\n\nList the existing roles: `\\du`. The output should be like this:\n```\n                  List of roles\nRole name | Attributes                                                 | Member of\n----------+------------------------------------------------------------+-----------\ncatalog   | Create DB                                                  | {}\npostgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}\n```\nConnect to the DB with `\\c catalog`  \n\nChange a grand from public to catalog `GRANT ALL ON SCHEMA public TO catalog`\n\nExit psql: \\q.\n\nSwitch back to the grader user: `exit`.\n\nChange the engine inside Flask application:\n```\nengine = create_engine('postgresql://catalog:password@localhost/catalog')\n```\n\n###### :page_with_curl: *Reference*\n\nDigitalOcean: [How To Secure PostgreSQL on an Ubuntu VPS.](https://www.digitalocean.com/community/tutorials/how-to-secure-postgresql-on-an-ubuntu-vps)\n\n\n#### 14. Restart Apache\nRun sudo service apache2 restart and check http://3.226.249.31/\n\n\n---\n\n##### References\nFlask document\n\nDigital Ocean\n\niliketomatoes'repository\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fywzheng1%2Flinux-server-configuration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fywzheng1%2Flinux-server-configuration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fywzheng1%2Flinux-server-configuration/lists"}