#100DaysOfWeb in Python Transcripts
Chapter: Days 89-92: Deploying Python web apps to Linux
Lecture: Server software config

Login or purchase this course to watch this video and the rest of the course contents.
0:00 It's time to set up our server. We've got to new, empty server that's all ready to go but what software does it need? We saw it requires uWSGI.
0:09 It requires Nginx. It's going to require Python. And, actually a couple other things as well. So let's do that right now.
0:16 I have a script that I typically run and we're going to just work our way down that script. We also have a couple configuration files
0:23 which you typically get by copying from the Nginx website or uWSGI website and filling it out. We're also going to just copy that in
0:31 and dock it over and adjust it for what we're doing here. So we have three new files. If you go up here and look at our structure
0:40 we have our Alembic, we have our main web code with like static and view and stuff, and then we have this server bit that we're having here.
0:48 So, to configure Nginx we're going to use this file. To configure uWSGI, this one and to configure our server, this one.
0:54 Now, technically this is a bash script but I don't really plan for you to run it. Although, you probably can. It's more just a bash script so we get
1:02 syntax highlighting verification and things like that. So the first thing we do when we create our server
1:06 is we're going to want to update it's software and then upgrade it. You saw it comes out of the box with eleven security problems; that's not amazing.
1:14 The next thing we're going to need to do is give it some of its build tools and source control tools git and build essentials.
1:20 That's so when we pip and solve things, that goes better. So we're going to go through that here. Let's go and reconnect to our server.
1:28 Now, when you see apt here, that's configuring the system. Later we're going to use pip and configure just
1:34 a virtual environment for this version of Python. Here we are installing the build tools. That installed quite a bit of stuff, but that was good.
1:42 The next thing we want to do is install Python3. So we'll do that here. See at the moment, we're getting Python 3.6.7.1 which will give us whatever
1:53 the latest version of Python 3 is. Which is probably what you want. Next, we're going to install a couple of things here to
1:59 enable better support for compressed responses in uWSGI. So we're going to install that. Great, that works.
2:07 Now, we're going to install Nginx as a system wide thing later uWSGI is a Python thing so we're going to install that into our virtual environment.
2:15 So now we're going to install Nginx. Now it's also nice to be able to monitor your server and see what it's up to.
2:23 One of the things that I really like is this utility called nload, and it let's you basically see inbound and outbound network traffic.
2:30 So we're going to install that as well. And we can run nload, and it will show us... Well there's not a lot going on right now
2:37 but if we were running a real web app with real traffic to clients and databases and stuff you would see this thing was slamming.
2:44 So you can use that to check that out later. Not technically required, but very helpful. So this is basically our Linux requirements.
2:51 The next thing I want to do is make sure that no one can get into our system except for on the few ports we would allow them.
2:58 So we're going to install this thing called Fail2Ban which will block people attempting to log in over SSH and failing. Mostly this is for passwords.
3:08 We don't have passwords enabled but just in case it gets turned on let's stop the dictionary attacks. So we'll run that. Alright, Fail2Ban is set up.
3:16 That's all good. The next thing we're going to do is use a built-in fire wall called Uncomplicated Firewall, uwf.
3:22 And, we're going to allow only three ports to be opened on the server. The two web ports http and https, even if you only serve
3:29 https traffic, you probably still need http open because if they just type your domain.com, enter the first request is going to hit http
3:37 and then you can just redirect it over to https. So these two allow that. You can see it updated the firewall rules.
3:46 And we're also going to want to be able to log back in. If you don't allow SSH, you're never coming back. Alright, so we're going to allow that.
3:54 And then finally, we're going to turn on the firewall. This gives us a scary warning saying you may not be able to connect if you got this wrong.
4:01 Right, but you can see right here, we're allowing SSH so we say yes. And right now is probably a good time to log out
4:07 and log back in, making sure you haven't broken anything. Whoa, alright things are still good. So we've got our firewall set up
4:13 our dictionary attack blocker set up our software set up A good thing to do, let's just really quickly configure GiT, and then I'll call it done.
4:22 So, we're going to use git to put our source code and update our source code on the server. Basically, we'll check it out there
4:28 and just do a Git pull on it. Now, you could log in every time or we could even register an SSH key on our server with GitHub and things like that
4:37 but we can set up this cache so that it will remember our password for, I don't know that's like a month or something. So, let's do that.
4:44 We enabled a cache, and then we enabled to run with a longer time out. I guess this is probably duplicate. A good thing to do is
4:52 if you are ever going to check anything in you have to put in your email here or it won't let you check in. It won't let you do a Git push.
5:00 So email as well as your name. Okay, looks like Git is all set up. The next thing we're going to do is set up our source code
5:08 and our web app structure login files and things like that. We'll do that in the next video. So, hopefully, even if you're not familiar with Linux
5:14 that's not a whole lot of commands to run. We technically could have just run them all at once but I like to go through step by step
5:21 and talk you through them.


Talk Python's Mastodon Michael Kennedy's Mastodon