* Fresh install with SSH attached into the droplet (Ubuntu LTS 16.04).* `ssh r

1. * Fresh install with SSH attached into the droplet (Ubuntu LTS 16.04).
2. * `ssh root@xxx:xxx:xxx:xxx`.
3. * `adduser notalentgeek`.
4. * `usermod -aG sudo notalentgeek`.
5. * `su notalentgeek`.
6. * Now I am on the newly created user `notalentgeek`.
7. * Move into "How To Create a Self-Signed SSL Certificate for Apache in Ubuntu 16.04" tutorial.
8. * `sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt`.
9. * In the form I put everything as "asd" (any arbitrary thing in my mind, are these matters). Except for "Common Name (e.g. server FQDN or YOUR name) []:" is to ip of `xxx:xxx:xxx:xxx`.
10. * `sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048` and wait for a while.
11. * `sudo nano /etc/apache2/conf-available/ssl-params.conf`.
12. * Copy paste the settings from the tutorial (__StackOverflow code formatting does not working here!__).
13.  
14. # from https://cipherli.st/
15. # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
16.  
17. SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
18. SSLProtocol All -SSLv2 -SSLv3
19. SSLHonorCipherOrder On
20. # Disable preloading HSTS for now. You can use the commented out header line that includes
21. # the "preload" directive if you understand the implications.
22. #Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
23. Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
24. Header always set X-Frame-Options DENY
25. Header always set X-Content-Type-Options nosniff
26. # Requires Apache >= 2.4
27. SSLCompression off
28. SSLSessionTickets Off
29. SSLUseStapling on
30. SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
31.  
32. SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
33.  
34. * `sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak` to create backup.
35. * `sudo nano /etc/apache2/sites-available/default-ssl.conf`.
36.  
37. <IfModule mod_ssl.c>
38. <VirtualHost _default_:443>
39. ServerAdmin [email protected]
40. ServerName xxx:xxx:xxx:xxx
41.  
42. DocumentRoot /var/www/html
43.  
44. ErrorLog ${APACHE_LOG_DIR}/error.log
45. CustomLog ${APACHE_LOG_DIR}/access.log combined
46.  
47. SSLEngine on
48.  
49. SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
50. SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
51.  
52. <FilesMatch "\.(cgi|shtml|phtml|php)$">
53. SSLOptions +StdEnvVars
54. </FilesMatch>
55. <Directory /usr/lib/cgi-bin>
56. SSLOptions +StdEnvVars
57. </Directory>
58.  
59. BrowserMatch "MSIE [2-6]" \
60. nokeepalive ssl-unclean-shutdown \
61. downgrade-1.0 force-response-1.0
62.  
63. </VirtualHost>
64. </IfModule>
65.  
66. * `sudo ufw app list`, adjusting fire wall. I just put whatever codes they put there.
67. * `sudo ufw status`.
68. * `sudo ufw allow 'Apache Full'`.
69. * `sudo ufw delete allow 'Apache'`.
70. * `sudo ufw status`.
71. * `sudo a2enmod ssl`.
72. * `sudo a2enmod headers`.
73. * `sudo a2ensite default-ssl`.
74. * `sudo a2enconf ssl-params`.
75. * `sudo apache2ctl configtest`, there is no warning appeared in my case. But, in the tutorial it may have warning. This command returns, `Syntax OK`.
76. * Testing server as I mentioned before, `https://xxx.xxx.xxx.xxx` works, but `https://xxx.xxx.xxx.xxx:5000` does not (5000 is my port for Flask.).
77. * `sudo nano /etc/apache2/sites-available/000-default.conf`
78. * Add `Redirect permanent "/" "https://xxx.xxx.xxx.xxx:5000/"`.
79. * `sudo apache2ctl configtest` results in `Syntax OK`.
80. * `sudo systemctl restart apache2`.
81. * This the launch from my Flask App.
82.  
83. > WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
84. > * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
85.  
86. * Going to `http://xxx.xxx.xxx.xxx:5000/`, where `xxx.xxx.xxx.xxx` is the IP of DigitalOcean Droplet refer to my web app successfully. But web app needs access to webcam and microphone.
87. * Following other tutorial, https://www.digitalocean.com/community/tutorials/how-to-deploy-a-flask-application-on-an-ubuntu-vps.
88. * `sudo apt-get install libapache2-mod-wsgi python-dev`.
89. * `sudo a2enmod wsgi`.
90. * `cd /var/www`.
91. * `sudo mkdir FlaskApp`.
92. * `cd FlaskApp`.
93. * `git clone https://github.com/notalentgeek/my_app --depth 1`.
94. * `cd my_app`.
95. * Installing, `pip3` and `virtualenv`. Running from `http` is still fine!
96. * `sudo nano /etc/apache2/sites-available/FlaskApp.conf` (formatting also does not working!).
97.  
98. <VirtualHost *:80>
99. ServerName https://xxx.xxx.xxx.xxx:5000/
100. ServerAdmin [email protected]
101. WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
102. <Directory /var/www/FlaskApp/my_app/>
103. Order allow,deny
104. Allow from all
105. </Directory>
106. Alias /static /var/www/FlaskApp/my_app/static
107. <Directory /var/www/FlaskApp/my_app/static/>
108. Order allow,deny
109. Allow from all
110. </Directory>
111. ErrorLog ${APACHE_LOG_DIR}/error.log
112. LogLevel warn
113. CustomLog ${APACHE_LOG_DIR}/access.log combined
114. </VirtualHost>
115.  
116. * `sudo a2ensite FlaskApp`.
117. * `cd /var/www/FlaskApp`.
118. * `sudo nano flaskapp.wsgi`.
119. * `sudo service apache2 restart`, the tutorial says that would be a warning message. but I did not get any.
120. * `sudo python3 -B my_app.py` results in these.
121.  
122. > WebSocket transport not available. Install eventlet or gevent and gevent-websocket for improved performance.
123. > * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
124.  
125. * In `http` all work but not `https`.