#100DaysOfWeb in Python Transcripts
Chapter: Days 89-92: Deploying Python web apps to Linux
Lecture: Server software config
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
It's time to set up our server. We've got to new, empty server that's all ready to go but what software does it need? We saw it requires uWSGI.
0:09
It requires Nginx. It's going to require Python. And, actually a couple other things as well. So let's do that right now.
0:16
I have a script that I typically run and we're going to just work our way down that script. We also have a couple configuration files
0:23
which you typically get by copying from the Nginx website or uWSGI website and filling it out. We're also going to just copy that in
0:31
and dock it over and adjust it for what we're doing here. So we have three new files. If you go up here and look at our structure
0:40
we have our Alembic, we have our main web code with like static and view and stuff, and then we have this server bit that we're having here.
0:48
So, to configure Nginx we're going to use this file. To configure uWSGI, this one and to configure our server, this one.
0:54
Now, technically this is a bash script but I don't really plan for you to run it. Although, you probably can. It's more just a bash script so we get
1:02
syntax highlighting verification and things like that. So the first thing we do when we create our server
1:06
is we're going to want to update it's software and then upgrade it. You saw it comes out of the box with eleven security problems; that's not amazing.
1:14
The next thing we're going to need to do is give it some of its build tools and source control tools git and build essentials.
1:20
That's so when we pip and solve things, that goes better. So we're going to go through that here. Let's go and reconnect to our server.
1:28
Now, when you see apt here, that's configuring the system. Later we're going to use pip and configure just
1:34
a virtual environment for this version of Python. Here we are installing the build tools. That installed quite a bit of stuff, but that was good.
1:42
The next thing we want to do is install Python3. So we'll do that here. See at the moment, we're getting Python 3.6.7.1 which will give us whatever
1:53
the latest version of Python 3 is. Which is probably what you want. Next, we're going to install a couple of things here to
1:59
enable better support for compressed responses in uWSGI. So we're going to install that. Great, that works.
2:07
Now, we're going to install Nginx as a system wide thing later uWSGI is a Python thing so we're going to install that into our virtual environment.
2:15
So now we're going to install Nginx. Now it's also nice to be able to monitor your server and see what it's up to.
2:23
One of the things that I really like is this utility called nload, and it let's you basically see inbound and outbound network traffic.
2:30
So we're going to install that as well. And we can run nload, and it will show us... Well there's not a lot going on right now
2:37
but if we were running a real web app with real traffic to clients and databases and stuff you would see this thing was slamming.
2:44
So you can use that to check that out later. Not technically required, but very helpful. So this is basically our Linux requirements.
2:51
The next thing I want to do is make sure that no one can get into our system except for on the few ports we would allow them.
2:58
So we're going to install this thing called Fail2Ban which will block people attempting to log in over SSH and failing. Mostly this is for passwords.
3:08
We don't have passwords enabled but just in case it gets turned on let's stop the dictionary attacks. So we'll run that. Alright, Fail2Ban is set up.
3:16
That's all good. The next thing we're going to do is use a built-in fire wall called Uncomplicated Firewall, uwf.
3:22
And, we're going to allow only three ports to be opened on the server. The two web ports http and https, even if you only serve
3:29
https traffic, you probably still need http open because if they just type your domain.com, enter the first request is going to hit http
3:37
and then you can just redirect it over to https. So these two allow that. You can see it updated the firewall rules.
3:46
And we're also going to want to be able to log back in. If you don't allow SSH, you're never coming back. Alright, so we're going to allow that.
3:54
And then finally, we're going to turn on the firewall. This gives us a scary warning saying you may not be able to connect if you got this wrong.
4:01
Right, but you can see right here, we're allowing SSH so we say yes. And right now is probably a good time to log out
4:07
and log back in, making sure you haven't broken anything. Whoa, alright things are still good. So we've got our firewall set up
4:13
our dictionary attack blocker set up our software set up A good thing to do, let's just really quickly configure GiT, and then I'll call it done.
4:22
So, we're going to use git to put our source code and update our source code on the server. Basically, we'll check it out there
4:28
and just do a Git pull on it. Now, you could log in every time or we could even register an SSH key on our server with GitHub and things like that
4:37
but we can set up this cache so that it will remember our password for, I don't know that's like a month or something. So, let's do that.
4:44
We enabled a cache, and then we enabled to run with a longer time out. I guess this is probably duplicate. A good thing to do is
4:52
if you are ever going to check anything in you have to put in your email here or it won't let you check in. It won't let you do a Git push.
5:00
So email as well as your name. Okay, looks like Git is all set up. The next thing we're going to do is set up our source code
5:08
and our web app structure login files and things like that. We'll do that in the next video. So, hopefully, even if you're not familiar with Linux
5:14
that's not a whole lot of commands to run. We technically could have just run them all at once but I like to go through step by step
5:21
and talk you through them.