Mosallamy · November 4, 2022 18:28
diff --git a/Start new Ubuntu server for [Flask, nginx, gunicorn, suppercisor] b/Start new Ubuntu server for [Flask, nginx, gunicorn, suppercisor]
 # Soruce: https://www.youtube.com/watch?v=goToXTC96Co&list=PL-osiE80TeTs4UjLw5MM6OjgkjFeUxCYH&index=13

 # ----------------------------------- Server Setup -----------------------------------

 # Update server
 apt update && apt upgrade

 # Set hostname
 hostnamectl set-hostname <hostname>

 # Set hostname in hostfile
 nano /etc/hosts

 # Paste server ip under 127.0.0.1 localhost
 <hostname>   <hostname>

 # Save file

 # Add limited privilage user (other than root)
 adduser <username>

 # Add user to sudu group
 adduser <username> sudo

 # Logout as root then login with the new user
 exit

 # Setup ssh based authentication
    # Check you are in the home directory then craete new ssh directory
    mkdir .ssh

    # Go to your local machien and generate ssh keys and click enter for both options
    ssh-key -b 4096

    # Move public key to server
    scp ~/.ssh/id_rsa.pub <ipaddress>:~/.ssh/
    
    # Set permission for owner to ssh folder to read/write/execute    
    sudo chmod 700 ~/.ssh/
    sudo chmod 600 ~/.ssh/*
    
    # Exit then login, you should login without a password
    exit
    
    # Dissallow root login over ssh
    sudo nano /etc/ssh/sshd_config
    
    # Change "PermitRootLogin yes" to "PermitRootLogin no"
    
    # Uncomment "PasswordAuthentication yes" and change to "PasswordAuthentication no"
    
    # Save file
    
    # Restart ssh service
    sudo systemctl restart sshd
    
 # Setup firewall
 sudo apt install ufw


 # Setup firewall roles
 sudo ufw default allow outgoing
 sudo ufw default deny incoming

 # Allow some ports/apps
 sudo ufw allow ssh
 sudo ufw allow 5000
 sudo ufw enable

 # Check previous ports are allowed as below
 # To                         Action      From
 # --                         ------      ----
 # 22/tcp                     ALLOW       Anywhere
 # 5000                       ALLOW       Anywhere
 # 22/tcp (v6)                ALLOW       Anywhere (v6)
 # 5000 (v6)                  ALLOW       Anywhere (v6)

 sudo ufw status


 # ----------------------------------- Install Flask Application -----------------------------------

 # Install pip3
 sudo apt install python3-pip

 # Install virtualenv
 sudo apt install python3-venv

 # Create virutalenv
 python3 -m venv ./venv

 # Activate virtualenv
 source venv/bin/activate

 # Install libraries
 pip install -r requirements.txt

 # Setup keys in environment variable or config file


 # Test that flask app is working
 export FLASK_APP=run.py
 flask run --host=0.0.0.0


 # ----------------------------------- Install Nginx and Gunicorn -----------------------------------
 # Install Nginx
 sudo apt install  nginx

 # Install Gunicorn (make sure you are in the same virtualenv)
 pip install gunicorn

 # Update config file for nginx
    # remvoe default config
    sudo rm /etc/nginx/sites-enabled/default
    
    # Ceate new config file
    sudo nano /etc/nginx/sites-enabled/<project_name>
    
    # Add following configuration
    
    server {
        listen 80;
        server_name 45.79.117.165;

        location /static {
                alias /home/khalid/dalil/dalil/static;
        }

        location / {
                proxy_pass http://localhost:8000;
                include /etc/nginx/proxy_params;
                proxy_redirect off;
        }

    }   
    
 # allow port 8000
 sudo ufw allow http/tcp
 sudo ufw delete allow 5000

 # Restart nginx
 sudo systemctl restart nginx

 # Run gunicorn
    # Get number of cores
    nproc --all
    
    # <num_of_worker> = (2 * num_of_cores) + 1
    gunicorn -w <num_of_worker> run:app --preload
    gunicorn -w 5 run:app --preload
    # Check application is working

 # ----------------------------------- Setup supervisor -----------------------------------

 # Install supervisor
 sudo apt install supervisor

 # Create log folder
 sudo mkdir -p /var/log/<project>
 sudo touch /var/log/dalil/<project>.err.log
 sudo touch /var/log/dalil/<project>.out.log

 # Setup conf file for supervisor
 sudo nano /etc/supervisor/conf.d/<project_name>.conf

 # Add following conf code

 [program:<project>]
 directory=/home/<username>/<project>
 command=/home/<username>/<project>/venv/bin/gunicorn -w 3 run:app
 user=<username>
 autostart=true
 autorestart=true
 stopasgroup=true
 killasgroup=true
 stderr_logfile=/var/log/<project>/<project>.err.log
 stdout_logfile=/var/log/<project>/<project>.out.log

 # Restart supervisor
 sudo supervisorctl reload

 # Supervisor code

    # Get all supervisor process status
    sudo supervisorctl status
    
    # Get specifc supervisor process status
    sudo supervisorctl status <process>
    
    # Stop all processes
    sudo supervisorctl stop all
    
    # Start all processes
    sudo supervisorctl start all
    
 # ----------------------------------- General -----------------------------------

 # Change nginx file size limit
 sudo nano /etc/nginx/nginx.conf

 # Add code in http below: "types_hash_max_size 2048;"
 client_max_body_size 5M;

 # Restart nginx
 sudo systemctl restart nginx
	# Soruce: https://www.youtube.com/watch?v=goToXTC96Co&list=PL-osiE80TeTs4UjLw5MM6OjgkjFeUxCYH&index=13

	# ----------------------------------- Server Setup -----------------------------------

	# Update server
	apt update && apt upgrade

	# Set hostname
	hostnamectl set-hostname <hostname>

	# Set hostname in hostfile
	nano /etc/hosts

	# Paste server ip under 127.0.0.1 localhost
	<hostname> <hostname>

	# Save file

	# Add limited privilage user (other than root)
	adduser <username>

	# Add user to sudu group
	adduser <username> sudo

	# Logout as root then login with the new user
	exit

	# Setup ssh based authentication
	# Check you are in the home directory then craete new ssh directory
	mkdir .ssh

	# Go to your local machien and generate ssh keys and click enter for both options
	ssh-key -b 4096

	# Move public key to server
	scp ~/.ssh/id_rsa.pub <ipaddress>:~/.ssh/

	# Set permission for owner to ssh folder to read/write/execute
	sudo chmod 700 ~/.ssh/
	sudo chmod 600 ~/.ssh/*

	# Exit then login, you should login without a password
	exit

	# Dissallow root login over ssh
	sudo nano /etc/ssh/sshd_config

	# Change "PermitRootLogin yes" to "PermitRootLogin no"

	# Uncomment "PasswordAuthentication yes" and change to "PasswordAuthentication no"

	# Save file

	# Restart ssh service
	sudo systemctl restart sshd

	# Setup firewall
	sudo apt install ufw


	# Setup firewall roles
	sudo ufw default allow outgoing
	sudo ufw default deny incoming

	# Allow some ports/apps
	sudo ufw allow ssh
	sudo ufw allow 5000
	sudo ufw enable

	# Check previous ports are allowed as below
	# To Action From
	# -- ------ ----
	# 22/tcp ALLOW Anywhere
	# 5000 ALLOW Anywhere
	# 22/tcp (v6) ALLOW Anywhere (v6)
	# 5000 (v6) ALLOW Anywhere (v6)

	sudo ufw status


	# ----------------------------------- Install Flask Application -----------------------------------

	# Install pip3
	sudo apt install python3-pip

	# Install virtualenv
	sudo apt install python3-venv

	# Create virutalenv
	python3 -m venv ./venv

	# Activate virtualenv
	source venv/bin/activate

	# Install libraries
	pip install -r requirements.txt

	# Setup keys in environment variable or config file


	# Test that flask app is working
	export FLASK_APP=run.py
	flask run --host=0.0.0.0


	# ----------------------------------- Install Nginx and Gunicorn -----------------------------------
	# Install Nginx
	sudo apt install nginx

	# Install Gunicorn (make sure you are in the same virtualenv)
	pip install gunicorn

	# Update config file for nginx
	# remvoe default config
	sudo rm /etc/nginx/sites-enabled/default

	# Ceate new config file
	sudo nano /etc/nginx/sites-enabled/<project_name>

	# Add following configuration

	server {
	listen 80;
	server_name 45.79.117.165;

	location /static {
	alias /home/khalid/dalil/dalil/static;
	}

	location / {
	proxy_pass http://localhost:8000;
	include /etc/nginx/proxy_params;
	proxy_redirect off;
	}

	}

	# allow port 8000
	sudo ufw allow http/tcp
	sudo ufw delete allow 5000

	# Restart nginx
	sudo systemctl restart nginx

	# Run gunicorn
	# Get number of cores
	nproc --all

	# <num_of_worker> = (2 * num_of_cores) + 1
	gunicorn -w <num_of_worker> run:app --preload
	gunicorn -w 5 run:app --preload
	# Check application is working

	# ----------------------------------- Setup supervisor -----------------------------------

	# Install supervisor
	sudo apt install supervisor

	# Create log folder
	sudo mkdir -p /var/log/<project>
	sudo touch /var/log/dalil/<project>.err.log
	sudo touch /var/log/dalil/<project>.out.log

	# Setup conf file for supervisor
	sudo nano /etc/supervisor/conf.d/<project_name>.conf

	# Add following conf code

	[program:<project>]
	directory=/home/<username>/<project>
	command=/home/<username>/<project>/venv/bin/gunicorn -w 3 run:app
	user=<username>
	autostart=true
	autorestart=true
	stopasgroup=true
	killasgroup=true
	stderr_logfile=/var/log/<project>/<project>.err.log
	stdout_logfile=/var/log/<project>/<project>.out.log

	# Restart supervisor
	sudo supervisorctl reload

	# Supervisor code

	# Get all supervisor process status
	sudo supervisorctl status

	# Get specifc supervisor process status
	sudo supervisorctl status <process>

	# Stop all processes
	sudo supervisorctl stop all

	# Start all processes
	sudo supervisorctl start all

	# ----------------------------------- General -----------------------------------

	# Change nginx file size limit
	sudo nano /etc/nginx/nginx.conf

	# Add code in http below: "types_hash_max_size 2048;"
	client_max_body_size 5M;

	# Restart nginx
	sudo systemctl restart nginx