django-repositories/api-sandbox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
api-sandbox/share/readmes/aws.md
ronny abraham 95b566622d initial commit
2025-04-22 18:06:11 +03:00

11 KiB
Raw Permalink Blame History

links

visudo

configuring visudo

users

tecmint.com complete guide to users

How To Configure SSH Key-Based Authentication on a Linux Server

postgres

ubuntu community postgres docs

certbot

certbot webpage to install ssl certificates

docker

ubuntu docker ce install

ubuntu docker compose install

adding/deleting users

adding a user:

("www-data" is the group name for website stuff on gandi)

sudo useradd -G www-data *-d /home/*username -m -s /bin/bash username

-G group adds the groups in a comma separated

-d /home/username specifies the home directory to be created (necessary on ubuntu)

-m flag to create scripts (necessary)

-s /bin/bash what shell is to be used (default is none)

deleting a user

userdel -r {username}

IMPORTANT

set users primary group

this is critical

sudo usermod <username> -g www-data

setting up ssh authentication

cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

apt-get commands

to see the package version:

dpkg -s postgresql | grep Version

setting up aws server

creating the server instance

aws instance

  1. Open the amazon EC2 console
  2. Choose Launch Instance
  3. The Choose an Amazon Machine Image (AMI) page has basic configuration, so pick the first ubuntu configuration
  4. This will take you to the Choose an Instance Type page, this chooses the hardware configuration, you want to pick t2.micro
  5. Hit Review and Launch
  6. This will take you to Review Instance Launch page, and that has an option for Security Groups, hit Edit security groups, on the page that pops up, pick the options you want to allow for your instance
  7. When finished, hit "done" or whatever and you'll be taken back to the Review Instance Launch page, from here hit the Launch key
  8. this will prompt you for a key pair. There are a few options. Create a new Pair and choose an existing key pair

####key pair info: aws info on key pairs

importing id_rsa

add_ssh

  1. mv /path/to/myname.pem ~/.ssh
  2. ssh-add ~/.ssh/myname.pem
  3. ssh ubuntu@INSTANCE_IP_ADDRESS

Remember that the IP ADDRESS changes whenever you restart the instance

on your computer

  1. vim /etc/hosts
  2. add a line with the server name and IP ADDRESS for that insntace
  3. ssh ubuntu@SERVERNAME

updating the hostname

aws ubuntu hostname

scroll down to find the "echo" comment

there is an issue with ubuntu instances on AWS, the name given in /etc/hostname doesn't match what exist in /etc/hosts. So if you try using sudo you'll get an error.

To fix this, you need to change those files, to get into sudo type in:

sudo su -
echo "127.0.0.1 $(hostname)" >> /etc/hosts

This will update /etc/hosts with the default hostname generated by amazon. Alternatively you can do what it says in the first link aws ubuntu hostname

setup visudo

sudo update-alternatives --config editor

su -c 'visudo'

find this line:

USERNAME ALL=(ALL) NOPASSWD: ALL

replace it with:

admin ALL=(ALL) ALL

add new user

adding a user on linux AWS

how to get an add the public key to the new user

  1. sudo useradd -G www-data *-d /home/*username -m -s /bin/bash username
  2. mkdir projectdir

set users primary group

this is critical

  • The primary group is the group applied to you when you log in using the usual methods (TTYs, GUI, SSH, etc.).

    sudo usermod -g www-data

set password

sudo passwd <username>

setting up ssh authentication

  1. get the public key:

     ssh-keygen -y -f /path/to/myinstance.pem

  2. copy the above results

  3. log in to the ubuntu instance using default ubuntu user

  4. change users to the custom username

     sudo su - username

  5. create the ssh directory and auth file

     cd /home/username
 mkdir .ssh
 touch .ssh/authorized_keys
 vim ~/.ssh/authorized_keys

  6. change the permissions

     chown -R username:username_gropus .ssh
 chmod 700 .ssh
 chmod 600 .ssh/authorized_keys

  7. now paste in the public_key you got in step 1

  8. log out and test with the username

     ssh username@instance.domain

add username to the sudo group

AWS has a sudo group that allows a user sudo priveleges

usermod -a -G sudo username

apt-get setup

sudo apt-get update
sudo apt-get install aptitude

postgres

note:

if you are using docker for postgres, skip this and go to the docker section. It is completely unnecessary and you don't even need to install postgres

links fix locale error with postgres

could not connect to server solution

locale solution

remote connecting

sudo apt-get install postgresql
sudo apt-get install postgresql-contrib
sudo locale-gen en_US en_US.UTF-8 hu_HU hu_HU.UTF-8
sudo dpkg-reconfigure locales
sudo service postgresql restart
sudo -u postgres psql postgres
sudo -u postgres createdb **website_dbname**

sudo apt-get install postgresql-server-dev-X.Y
sudo apt-get install postgresql-server-dev-9.3

change password for db user "postgres"

sudo -u postgres psql postgres

ALTER USER Postgres WITH PASSWORD '<newpassword>';

set up postgresql to remote access

######(see "remote connecting" link above)

#####Note: be careful with this, because anyone will be able to mess around with it

  1. sudo vim /etc/postgresql/9.3/main/postgresql.conf
  2. find listen_addresses and change it to listen_addresses = '*'
  3. sudo vim /etc/postgresql/9.3/main/pg_hba.conf
  4. find host all all 127.0.0.1/32 trust and change 127.0.0.1/32 to 0.0.0.0/0
  5. sudo service postgresql restart
  6. test it by running: psql -h ip_address -U username -d database
  7. e.g. psql -h 173.246.107.96 -U postgres postgres

setup the /var/www directory

cd /var
sudo mkdir www
sudo chgrp www-data www -R
sudo chmod g+w www -R

install python packages

sudo apt-get install python-dev
sudo apt-get install python3-dev
sudo apt-get install libjpeg-dev

install and set up supervisor

sudo apt-get install supervisor

make sure www-data is a group for the main user

vim /etc/supervisor/supervisord.conf

add the following:

[unix_http_server]
file=/var/run/supervisor.sock
chmod=0770
chown=nobody:www-data

[supervisorctl]
serverurl=unix:///var/run//supervisor.sock
chmod=0770
chown=nobody:www-data

run the following commands:

sudo service supervisor stop
sudo service supervisor start

install pip and virtualenv

virtualenv install

sudo apt-get install python-pip
sudo pip install virtualenv
sudo pip install virtualenvwrapper

echo "WORKON_HOME=~/.virtualenvs" >> .bashrc
echo ". /usr/local/bin/virtualenvwrapper.sh" >> .bashrc

Docker

docker

uninstall old (if necessary)
sudo apt-get remove docker docker-engine docker.io containerd runc
set up apt-get
sudo apt-get update
sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common
verify install

check that fingerprint key "9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88" is the same

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
    
sudo apt-key fingerprint 0EBFCD88
install repository
sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
install docker
sudo apt-get update 
sudo apt-get install docker-ce docker-ce-cli containerd.io

docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

nginx

sudo apt-get install nginx

certbot

In order to use ssl/https it is necessary to install a certificate. This is especially true if the nginx config file has already been set up to use ssl. (for example, you are reinstalling an environment, or creating production based on staging, etc)

certbot.eff.org allows you to install a free certificate

add certbot ppa

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

install certbot

sudo apt-get install certbot python-certbot-nginx

Choose how you'd like to run certbot

OPTION1: get and install your certificates
sudo apt-get install certbot python-certbot-nginx
OPTION2: just get the certificate (already configured)
sudo certbot --nginx

Use Option1 when you are just starting a project, but you know you are going to be using SSL

Use Option2 when you have already set up nginx to work with https, for example, you are reinstalling an existing project, etc.

set up vim remote editing

this just means adding the server pem file location to .ssh/config

in ~/.ssh/config add the following info

Host minionfinder.com
    HostName minionfinder.com
    IdentityFile /Users/ronny/projects/django/minyanfinder.prj/share/ssh/minionfinder.pem

where minionfinder.com refers to the host name and the IdentityFile section is the fully qualified pathname of the pem file

bootstrap server

fab (prod|rel) deploy.bootstrap