Hey everyone! From the title you might be wondering , “Why this guy would write about some setup that has been done a million times?”. Well, I could understand your frustration on that. So, to give you a hint of why I am writing this blog in the first place, I will list down things that I wanted to do and how these different blog posts help me achieve that. So the list is as follows,
- I need to get a feel of managing cloud environments (preferably GNU/Linux. Hint: I am a Free software activist 😉 )
- Ah! I need a web server in the first place and there are many providers out there, who do I choose? who offers cheap plans? how easy is the setup?
- I need to setup a simple web app that is running locally and make it run on the remote server
- I bought a domain from a domain registrar and need to link it to my web server
- I also need to make the app HTTPS enabled at zero cost (that’s an important step)
These are reasons that I needed to achieve and to be honest I picked some needs along the way reading (sorry about that 🙂 ). Another reason for me to write this blog is that, some of these steps are linked and are well mentioned in the blog, which we either miss or ignore and end up with some issue.
Getting a domain name
There are number of domain registrars out there who offer domain with various plans and features included. Choose which is best for you and go ahead with that provider. I am not going to share any howto’s here since the domain registrars have covered that.
Note: I needed to link my web server to a domain, so this is a necessary step for me
Getting a web server
Domains are just one part of the story and web servers is the other. Like with domain names, there are lots of web hosting companies offering variety of plans to choose from. I chose to go with Digital Ocean (which this blog covers) who offered plans as low as 5$/month. Digital ocean calls their VPS (Virtual Private Servers) as droplets and the blog that you can read to get a server up and running in less than 55 seconds is given below.
Setting SSH key based access to your server
Read this first -> Do this step before you create your droplet because this is an optional setup while creating. This ensures that your server can only be accessed through ssh keys from an authorized machine rather than passwords. You can also do this after you have created the droplet by adding the keys to your server, by logging in with passwords that were mailed to you. Both steps are detailed in the blog given below.
Initial server setup with Ubuntu 16.04
When you created the droplet you would have chosen any GNU/Linux distribution to get started with. Once you have done that, read the following blog to know about dangers of having a root only logins because,
With root comes power and with power comes responsibility
and how you can mitigate that with non-root accounts. The blog goes on about explaining the shortcomings of password based logins and how they can be secured with ssh keys.
Make your web host manage DNS for your domain
When you purchase a domain say “www.vms20591.com”, mostly the domain registrar will be managing the DNS for you. That is, when you type “www.vms20591.com” the name gets converted to an IP address “127.0.0.1” and this is done by a DNS. You have to change the nameservers that are managed by your domain registrar to the ones managed by Digital Ocean. Digital Ocean has made a detailed blog post on how you can do this for many domain registrars.
Note: Honestly, I am really skeptical about this step because from some posts I read, people say you only need to point your domain name to the public IP address of your server from the control panel of your domain registrar and wait for the changes to propagate.
Setting up host name with Digital Ocean
Once you have changed the nameservers for your domain to Digital Ocean, now you can go about managing your DNS from the control panel for your server.
Create a Python Flask Application with Nginx and uWSGI
Now, that you have a web server and domain name is linked it, we need to get to the fun part which is serving actually something meaningful. For this I chose to go with Python Flask since it so easy to get started and Python being my favorite. I have used uWSGI as the application server which is is capable of serving WSGI applications with greater efficiency and Nginx which is a high performance web server that acts as a reverse proxy. You can read more about the reason for it here.
Secure Nginx server with Let’s Encrypt
Now that your web server is up and running under your favorite domain you might feel accomplished. But, wait there is one more crucial step to be done. One more? yes, one more and it is securing your server with HTTPS. This is an important step that should be followed. For this, I used Let’s Encrypt which is a new Certificate Authority (CA – people who issue SSL certificates for your domain) mainly sponsored by Mozilla and EFF. The reason for choosing this CA is that you need not to go through a big process of getting your domain certified and its free, open and automated.
Hope this blog would help you get started with setting up and managing servers and get to know some best practices in doing so. Though this centers around Digital Ocean, the process should be similar for other web hosts and domain registrars.