- Fresh install with SSH attached into the droplet (Ubuntu LTS 16.04).
ssh root@xxx:xxx:xxx:xxx
.
adduser notalentgeek
.
usermod -aG sudo notalentgeek
.
su notalentgeek
.
- Now I am on the newly created user
notalentgeek
.
- Move into "How To Create a Self-Signed SSL Certificate for Apache in Ubuntu 16.04" tutorial.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
.
- In the form I put everything as "asd" (any arbitrary thing in my mind, are these matters). Except for "Common Name (e.g. server FQDN or YOUR name) []:" is to ip of
xxx:xxx:xxx:xxx
.
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
and wait for a while.
sudo nano /etc/apache2/conf-available/ssl-params.conf
.
- Copy paste the settings from the tutorial (StackOverflow code formatting does not working here!).
# from https://cipherli.st/
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
#Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLSessionTickets Off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak
to create backup.
sudo nano /etc/apache2/sites-available/default-ssl.conf
.
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin asd@asd.com
ServerName xxx:xxx:xxx:xxx
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
sudo ufw app list
, adjusting fire wall. I just put whatever codes they put there.
sudo ufw status
.
sudo ufw allow 'Apache Full'
.
sudo ufw delete allow 'Apache'
.
sudo ufw status
.
sudo a2enmod ssl
.
sudo a2enmod headers
.
sudo a2ensite default-ssl
.
sudo a2enconf ssl-params
.
sudo apache2ctl configtest
, there is no warning appeared in my case. But, in the tutorial it may have warning. This command returns, Syntax OK
.
- Testing server as I mentioned before,
https://xxx.xxx.xxx.xxx
works, but https://xxx.xxx.xxx.xxx:5000
does not (5000 is my port for Flask.).
sudo nano /etc/apache2/sites-available/000-default.conf
- Add
Redirect permanent "/" "https://xxx.xxx.xxx.xxx:5000/"
.
sudo apache2ctl configtest
results in Syntax OK
.
sudo systemctl restart apache2
.
- This the launch from my Flask App.
> WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
> * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
- Going to
http://xxx.xxx.xxx.xxx:5000/
, where xxx.xxx.xxx.xxx
is the IP of DigitalOcean Droplet refer to my web app successfully. But web app needs access to webcam and microphone.
- Following other tutorial, https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps.
sudo apt-get install libapache2-mod-wsgi python-dev
.
sudo a2enmod wsgi
.
cd /var/www
.
sudo mkdir FlaskApp
.
cd FlaskApp
.
git clone https://github.com/notalentgeek/my_app --depth 1
.
cd my_app
.
- Installing,
pip3
and virtualenv
. Running from http
is still fine!
sudo nano /etc/apache2/sites-available/FlaskApp.conf
(formatting also does not working!).
<VirtualHost *:80>
ServerName https://xxx.xxx.xxx.xxx:5000/
ServerAdmin asd@asd.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/my_app/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/my_app/static
<Directory /var/www/FlaskApp/my_app/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
sudo a2ensite FlaskApp
.
cd /var/www/FlaskApp
.
sudo nano flaskapp.wsgi
.
sudo service apache2 restart
, the tutorial says that would be a warning message. but I did not get any.
sudo python3 -B my_app.py
results in these.
> WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
> * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
- In
http
all work but not https
.r improved performance.
> * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
- In
http
all work but not https
.