Deployment of a Flask application to DigitalOcean (part 1)

A complete guide on setting up and deploying a Flask application to a Linux server.

Registration at http://digitalocean.com

You can register directly at the website, or you can use the referral link (https://m.do.co/c/d54c088544ed), which will give you 2 months starting credit.

If you use the referral link, that does not incur any extra expenses for you, but may help me out in the long term (I receive $25 when you spend $25).

Creating the droplet

In DigitalOcean, they call their servers “droplets”. Normally, each server would be a physical computer sitting in a data centre. However, each droplet is not a physical computer. Instead, each physical computer is hosting many droplets; indeed, each droplet is a Virtual Machine.

This means they are not quite as powerful as a dedicated server, but for the purposes of what we are creating, they will be sufficiently powerful without a doubt.

Let’s create the droplet and start deploying!

The DigitalOcean home screen

Press the green “Create Droplet” button to start the creation process.

Selecting Droplet Parameters

  • Distribution: CentOS 6.7 x64. This is a stable operating system for our server.
  • Size: $5/mo
  • Datacenter region: choose one that is close to you (e.g. I chose Netherlands, but could also choose London)
  • Additional options: none
  • SSH keys: add one if you know how, or leave blank otherwise
  • Number of droplets: 1
  • Hostname: name it something you like but that makes sense (e.g. I named mine pricing-service)

After a brief wait, the droplet will be created. This takes around 60 seconds.

Then, you will get an e-mail. This e-mail is important as it contains the password required to log into your droplet, as well as the IP address of your droplet.

Logging in

Now, you can log in to your droplet by clicking on the newly created droplet and then on the “Console Access” button

What you see when going into one of the Droplets

You will be asked to log in (username: root, password: the one in the e-mail), and then you will be asked to change your password. Choose a secure one. If you were to forget it, you can reset it later, but it’s a hassle.

The next part of this guide is taken from https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-6 to make things easier for you, but the guide linked is fantastic.

Setting your account up

It is not safe to use the root account for everything, because of a few reasons. One of which is that it is easy to mess things up. Another of which is that the root account has all the permissions in your system. When you install programs, these programs create their own accounts. These accounts do not have all permissions, so they may be unable to access files and folders you created with the root account.

In short: lets create an account for your everyday usage of this server. I will call it “jose”.

Whenever there is a section of code, as below, execute it in your server. First, lets add the account:

/usr/sbin/adduser jose

Then, lets give the account a password:

passwd jose

Now, lets allow the account to temporarily gain the permissions only the root account has, so that we can perform tasks otherwise we would not be able to. We will be able to temporarily gain these permissions, but the account will go back to losing these permissions after a short period, for security purposes.

Open the permissions file with the following command. This opens up the file using the default CentOS command-line editor, which is called vi.

visudo

Find the section that deals with user privilege specification, which will look like this:

root    ALL=(ALL)       ALL

Under the line giving the root user permissions, lets add a line to allow our new user to gain permissions.

To begin typing in vi, press the key i. Then, type the following line below the line for the root user:

jose    ALL=(ALL)       ALL

To finish editing the file and save, press Esc, then the keys :wq, and press Enter. This will tell vi to write and quit.

Making the server more secure by restricting who can log in

We login to the server using the command ssh from our computers. In order to increase security, we are going to disable anybody from logging in directly as the root user, and instead we are only going to allow logging in as the jose user (or your user).

vi /etc/ssh/sshd_config

Find the following section:

Port 25000
Protocol 2
PermitRootLogin yes
UseDNS no

And change the line saying PermitRootLogin yes to PermitRootLogin no (you will need to press the key i to type in vi).

Now, press Esc and then the key combination SHIFT+G to go to the end of the file.

Insert a line at the end like the following (replacing the user by your user):

AllowUsers jose

Then, save and exit by pressing Esc, then :wq and Enter.

Finally, reload the ssh service to apply the changes:

service sshd reload

In your computer, open a terminal window (if using Mac or Linux), or download PuTTy (if using Windows).

Then, type ssh jose@<ip> where <ip> is the IP address of your server (it’s on the e-mail DigitalOcean sent you after creating the droplet).

Type in the password you created for the account.

If all is good, you should log in and see something like this:

[jose@pricing-service ~]$

Remember to replace the user name by your user, and the droplet name by the one you provided.

If all is good, you can now log out of the root login that you were accessing through the DigitalOcean website, and only use the terminal/PuTTy login!

Next up, let’s have a look at how we can deploy our application to this droplet.

Show your support

Clapping shows how much you appreciated Jose Salvatierra’s story.