Mosallamy/Start new Ubuntu server for [Flask, nginx, gunicorn, suppercisor]

## Start new Ubuntu server for [Flask, nginx, gunicorn, suppercisor]
# Soruce: https://www.youtube.com/watch?v=goToXTC96Co&list=PL-osiE80TeTs4UjLw5MM6OjgkjFeUxCYH&index=13

# ----------------------------------- Server Setup -----------------------------------

# Update server
apt update && apt upgrade

# Set hostname
hostnamectl set-hostname <hostname>

# Set hostname in hostfile
nano /etc/hosts

# Paste server ip under 127.0.0.1 localhost
<hostname>   <hostname>

# Save file

# Add limited privilage user (other than root)
adduser <username>

# Add user to sudu group
adduser <username> sudo

# Logout as root then login with the new user
exit

# Setup ssh based authentication
    # Check you are in the home directory then craete new ssh directory
    mkdir .ssh

    # Go to your local machien and generate ssh keys and click enter for both options
    ssh-key -b 4096

    # Move public key to server
    scp ~/.ssh/id_rsa.pub <ipaddress>:~/.ssh/

    # Set permission for owner to ssh folder to read/write/execute
    sudo chmod 700 ~/.ssh/
    sudo chmod 600 ~/.ssh/*

    # Exit then login, you should login without a password
    exit

    # Dissallow root login over ssh
    sudo nano /etc/ssh/sshd_config

    # Change "PermitRootLogin yes" to "PermitRootLogin no"

    # Uncomment "PasswordAuthentication yes" and change to "PasswordAuthentication no"

    # Save file

    # Restart ssh service
    sudo systemctl restart sshd

# Setup firewall
sudo apt install ufw


# Setup firewall roles
sudo ufw default allow outgoing
sudo ufw default deny incoming

# Allow some ports/apps
sudo ufw allow ssh
sudo ufw allow 5000
sudo ufw enable

# Check previous ports are allowed as below
# To                         Action      From
# --                         ------      ----
# 22/tcp                     ALLOW       Anywhere
# 5000                       ALLOW       Anywhere
# 22/tcp (v6)                ALLOW       Anywhere (v6)
# 5000 (v6)                  ALLOW       Anywhere (v6)

sudo ufw status


# ----------------------------------- Install Flask Application -----------------------------------

# Install pip3
sudo apt install python3-pip

# Install virtualenv
sudo apt install python3-venv

# Create virutalenv
python3 -m venv ./venv

# Activate virtualenv
source venv/bin/activate

# Install libraries
pip install -r requirements.txt

# Setup keys in environment variable or config file


# Test that flask app is working
export FLASK_APP=run.py
flask run --host=0.0.0.0


# ----------------------------------- Install Nginx and Gunicorn -----------------------------------
# Install Nginx
sudo apt install  nginx

# Install Gunicorn (make sure you are in the same virtualenv)
pip install gunicorn

# Update config file for nginx
    # remvoe default config
    sudo rm /etc/nginx/sites-enabled/default

    # Ceate new config file
    sudo nano /etc/nginx/sites-enabled/<project_name>

    # Add following configuration

    server {
        listen 80;
        server_name 45.79.117.165;

        location /static {
                alias /home/khalid/dalil/dalil/static;
        }

        location / {
                proxy_pass http://localhost:8000;
                include /etc/nginx/proxy_params;
                proxy_redirect off;
        }

    }

# allow port 8000
sudo ufw allow http/tcp
sudo ufw delete allow 5000

# Restart nginx
sudo systemctl restart nginx

# Run gunicorn
    # Get number of cores
    nproc --all

    # <num_of_worker> = (2 * num_of_cores) + 1
    gunicorn -w <num_of_worker> run:app --preload
    gunicorn -w 5 run:app --preload
    # Check application is working

# ----------------------------------- Setup supervisor -----------------------------------

# Install supervisor
sudo apt install supervisor

# Create log folder
sudo mkdir -p /var/log/<project>
sudo touch /var/log/dalil/<project>.err.log
sudo touch /var/log/dalil/<project>.out.log

# Setup conf file for supervisor
sudo nano /etc/supervisor/conf.d/<project_name>.conf

# Add following conf code

[program:<project>]
directory=/home/<username>/<project>
command=/home/<username>/<project>/venv/bin/gunicorn -w 3 run:app
user=<username>
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true
stderr_logfile=/var/log/<project>/<project>.err.log
stdout_logfile=/var/log/<project>/<project>.out.log

# Restart supervisor
sudo supervisorctl reload

# Supervisor code

    # Get all supervisor process status
    sudo supervisorctl status

    # Get specifc supervisor process status
    sudo supervisorctl status <process>

    # Stop all processes
    sudo supervisorctl stop all

    # Start all processes
    sudo supervisorctl start all

# ----------------------------------- General -----------------------------------

# Change nginx file size limit
sudo nano /etc/nginx/nginx.conf

# Add code in http below: "types_hash_max_size 2048;"
client_max_body_size 5M;

# Restart nginx
sudo systemctl restart nginx
	# Soruce: https://www.youtube.com/watch?v=goToXTC96Co&list=PL-osiE80TeTs4UjLw5MM6OjgkjFeUxCYH&index=13

	# ----------------------------------- Server Setup -----------------------------------

	# Update server
	apt update && apt upgrade

	# Set hostname
	hostnamectl set-hostname <hostname>

	# Set hostname in hostfile
	nano /etc/hosts

	# Paste server ip under 127.0.0.1 localhost
	<hostname> <hostname>

	# Save file

	# Add limited privilage user (other than root)
	adduser <username>

	# Add user to sudu group
	adduser <username> sudo

	# Logout as root then login with the new user
	exit

	# Setup ssh based authentication
	# Check you are in the home directory then craete new ssh directory
	mkdir .ssh

	# Go to your local machien and generate ssh keys and click enter for both options
	ssh-key -b 4096

	# Move public key to server
	scp ~/.ssh/id_rsa.pub <ipaddress>:~/.ssh/

	# Set permission for owner to ssh folder to read/write/execute
	sudo chmod 700 ~/.ssh/
	sudo chmod 600 ~/.ssh/*

	# Exit then login, you should login without a password
	exit

	# Dissallow root login over ssh
	sudo nano /etc/ssh/sshd_config

	# Change "PermitRootLogin yes" to "PermitRootLogin no"

	# Uncomment "PasswordAuthentication yes" and change to "PasswordAuthentication no"

	# Save file

	# Restart ssh service
	sudo systemctl restart sshd

	# Setup firewall
	sudo apt install ufw


	# Setup firewall roles
	sudo ufw default allow outgoing
	sudo ufw default deny incoming

	# Allow some ports/apps
	sudo ufw allow ssh
	sudo ufw allow 5000
	sudo ufw enable

	# Check previous ports are allowed as below
	# To Action From
	# -- ------ ----
	# 22/tcp ALLOW Anywhere
	# 5000 ALLOW Anywhere
	# 22/tcp (v6) ALLOW Anywhere (v6)
	# 5000 (v6) ALLOW Anywhere (v6)

	sudo ufw status


	# ----------------------------------- Install Flask Application -----------------------------------

	# Install pip3
	sudo apt install python3-pip

	# Install virtualenv
	sudo apt install python3-venv

	# Create virutalenv
	python3 -m venv ./venv

	# Activate virtualenv
	source venv/bin/activate

	# Install libraries
	pip install -r requirements.txt

	# Setup keys in environment variable or config file


	# Test that flask app is working
	export FLASK_APP=run.py
	flask run --host=0.0.0.0


	# ----------------------------------- Install Nginx and Gunicorn -----------------------------------
	# Install Nginx
	sudo apt install nginx

	# Install Gunicorn (make sure you are in the same virtualenv)
	pip install gunicorn

	# Update config file for nginx
	# remvoe default config
	sudo rm /etc/nginx/sites-enabled/default

	# Ceate new config file
	sudo nano /etc/nginx/sites-enabled/<project_name>

	# Add following configuration

	server {
	listen 80;
	server_name 45.79.117.165;

	location /static {
	alias /home/khalid/dalil/dalil/static;
	}

	location / {
	proxy_pass http://localhost:8000;
	include /etc/nginx/proxy_params;
	proxy_redirect off;
	}

	}

	# allow port 8000
	sudo ufw allow http/tcp
	sudo ufw delete allow 5000

	# Restart nginx
	sudo systemctl restart nginx

	# Run gunicorn
	# Get number of cores
	nproc --all

	# <num_of_worker> = (2 * num_of_cores) + 1
	gunicorn -w <num_of_worker> run:app --preload
	gunicorn -w 5 run:app --preload
	# Check application is working

	# ----------------------------------- Setup supervisor -----------------------------------

	# Install supervisor
	sudo apt install supervisor

	# Create log folder
	sudo mkdir -p /var/log/<project>
	sudo touch /var/log/dalil/<project>.err.log
	sudo touch /var/log/dalil/<project>.out.log

	# Setup conf file for supervisor
	sudo nano /etc/supervisor/conf.d/<project_name>.conf

	# Add following conf code

	[program:<project>]
	directory=/home/<username>/<project>
	command=/home/<username>/<project>/venv/bin/gunicorn -w 3 run:app
	user=<username>
	autostart=true
	autorestart=true
	stopasgroup=true
	killasgroup=true
	stderr_logfile=/var/log/<project>/<project>.err.log
	stdout_logfile=/var/log/<project>/<project>.out.log

	# Restart supervisor
	sudo supervisorctl reload

	# Supervisor code

	# Get all supervisor process status
	sudo supervisorctl status

	# Get specifc supervisor process status
	sudo supervisorctl status <process>

	# Stop all processes
	sudo supervisorctl stop all

	# Start all processes
	sudo supervisorctl start all

	# ----------------------------------- General -----------------------------------

	# Change nginx file size limit
	sudo nano /etc/nginx/nginx.conf

	# Add code in http below: "types_hash_max_size 2048;"
	client_max_body_size 5M;

	# Restart nginx
	sudo systemctl restart nginx