In order to deepen recently mastered flask frame, trying to build a simple blog, mainly to do to see for yourself, look at the development and deployment process (in saas), the way to try your own domain name can not be bound here to share step hope stepped pits which can help you.
Ali cloud articles
First of all, I might not have seen the entry of Ali cloud ECS introduction, for some small knowledge is still not very clear, such as SSH using IP is public or private IP network, the problem is I checked the public network IP, and the connection is successful, they must be such as windows next to putty and cloud virtual machines to link it, this issue found that using git also built openssh.
After ssh connection, you must first update / upgrade it:
Welcome to Alibaba Cloud Elastic Compute Service !
~# apt update && apt upgrade
......
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
Then you can create a non-root account more secure running a web server, and add the account to your user group:
adduser ****
adduser **** sudo
But also can change the host name:
hostnamectl set-hostname flask-blog-server
Of course, you have to change added to your "/ etc / hosts" file:
127.0.0.1 localhost
106.15.###.### flask-blog-server //添加这一行,前面是你自己的公网IP
# The following lines are desirable for IPv6 capable hosts
.....
Then you can use the exit command to launch your remote connection, and then use the following command to log in and you have set up the user's host name.
ssh {user}@106.15.###.### //{}和后面的IP是你自己的账户
Of course, we would also like to do some server security settings, typically: using SSH keys instead of passwords as a landing approach:
$ ssh-keygen -b 4096
Then press enter all the default values, then we will get two keys to save the file, which "id_rsa.pub" as provided to third parties as the authentication credentials to upload to our remote host.
$ scp ~/.ssh/id_rsa.pub ###@106.15.###.###:~/.ssh/authorized_keys
Then, use the following command:
$ chmod go-w ~/ #查看并创建.ssh
$ chmod 700 ~/.ssh #把密钥写入文件
$ chmod 600 ~/.ssh/authorized_keys #设置权限
Then return to the local re-landing, you can see that we do not need to enter the password.
End to solve the problem landing, there are a few points need to look at, for example, we may need to:
$ sudo vim /etc/ssh/sshd_config
#在该文件中,修改两个值
PasswordAuthentication no
PermiteRootLogin no
#然后重启服务
$ sudo service ssh restart
The above steps can turn off the password function, improve the safety factor we landed.
Of course, we would also like to take advantage of the firewall settings open port:
$ sudo ufw default allow outgoing
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)
$ sudo ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
a$ sudo ufw allow ssh
Rules updated
Rules updated (v6)
$ sudo ufw allow 5000
Rules updated
Rules updated (v6)
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
5000 ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
5000 (v6) ALLOW Anywhere (v6)
Here we only open ssh and local port 5000 as a test, with the fully functional back we can do more things.
Reproduced in: https: //www.jianshu.com/p/f4e51141cf40