Wednesday, October 15, 2014

Notes on setting up Ubuntu 14.04 Django server

Ubuntu 14.04 / python / Django / uWsgi / Nginix / postgres / postgis / upstart

# Notes and reference on building Ubuntu 14.04 server

adduser skywalker
echo "skywalker    ALL=(ALL:ALL) ALL" >> visudo

nano /etc/ssh/sshd_config
Port 10022
PermitRootLogin no
AllowUsers skywalker
service ssh restart


sudo apt-get update
sudo apt-get upgrade
sudo apt-get install python-virtualenv
sudo pip install virtualenvwrapper

sudo apt-get install mercurial
https://confluence.atlassian.com/pages/viewpage.action?pageId=270827678#SetupSSHforGitandMercurialonMacOSX/Linux-startagent

clone the repo

sudo apt-get install python-dev libffi-dev

maakevirtualenv starwars
workon starwars
pip install -r requirements.txt
deactivate

sudo apt-get install libpq-dev
sudo apt-get install postgresql postgresql-contrib
http://www.peterstratton.com/2014/04/how-to-install-postgis-2-dot-1-and-postgresql-9-dot-3-on-ubuntu-servers/

sudo adduser yoda
sudo -u postgres createuser -D -A -P --superuser yoda
sudo -u postgres createdb -O yoda starwars

workon starwars
python manage.py migrate
python manage.py runserver
deactivate

sudo apt-get install nginx
sudo cp code/starwars/conf/djago /etc/nginx/sites-available
ln -s /etc/nginx/sites-available /etc/nginx/sites-enbled
sudo service nginx restart

mkdir /home/skywalker/code/starwars/log
sudo chmod -R 777 /home/skywalker/code/starwars/log

sudo mkdir /opt/django-nginx-uwsgi/
sudo chmod -R 777 /opt/django-nginx-uwsgi/
sudo chown skywalker:www-data /opt/django-nginx-uwsgi/

sudo usermod -g www-data skywalker
id

sudo cp /code/starwars/conf/upstart.conf /etc/init/uwsgi.conf

sudo reboot


## important

iptables -L
cat /etc/host.conf 
cat /etc/hosts.allow 
cat /etc/hosts.deny 
netstat -tulpn | grep ssh

## setting up SSL - Reference

https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04

## Hardening SSL

https://aralbalkan.com/scribbles/setting-up-ssl-with-nginx-using-a-namecheap-essentialssl-wildcard-certificate-on-digitalocean/
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/