Home / How To / Install and configure Drupal 8 with Nginx and let's encrypt on CentOS 8

Install and configure Drupal 8 with Nginx and let's encrypt on CentOS 8



Drupal is a free, open source and scalable content management system that can be used by individuals to create and manage all types of websites. It is written in PHP and uses MySQL / MariaDB to store its data. Drupal offers a rich set of features that can be expanded with thousands of add-ons. Drupal supports many web servers including Apache, Nginx, IIS, Lighttpd and databases MySQL, MariaDB, MongoDB, SQLite, PostgreSQL and MS SQL server. Drupal comes with a simple and user-friendly web interface that allows you to create websites without coding knowledge.

In this tutorial, we will show you how to install Drupal 8 on the CentOS 8 server and secure it with Let & # 39; s Encrypt free SSL.

Requirements

  • A server running CentOS 8.
  • A valid domain name pointed to by your server IP
  • A root password is configured on the server.

Installing Nginx, MariaDB and PHP [1
9659008] Before you start, you must install the LEMP server on your server. You can install it by running the following command:

  dnf install nginx mariadb server php php-fpm php-cli php-mbstring php-gd php-xml php-curl php-mysqlnd php-pdo php-json php-opcache -y 

Once installed, launch Nginx, MariaDB and php-fpm service and enable them to start after system startup with the following command:

  systemctl start nginx 
systemctl start php-fpm
systemctl start mariadb
systemctl enable nginx
systemctl enable php-fpm
systemctl enable mariadb

Configure Database

By default, MariaDB is not secured so you need to secure it. You can secure it by running the following command:

  mysql_secure_installation 

Answer all questions shown below:

  Enter the current root password (specify for none):
Setting root password? [Y/n] Y
New password:
Re-enter new password:
Delete anonymous users? [Y/n] Y
Remove root login remotely? [Y/n] Y
Delete the test database and access it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

When you are finished, log in to the MariaDB shell with the following command:

  mysql -u root -p 

Enter your root password when prompted to create a database and user for Drupal with the following command: [19659009] MariaDB [(none)]> CREATE DATABASE drupaldb CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
MariaDB [(none)]> CREATE USER [email protected] IDENTIFIED BY "password";

Next after ordering all the privileges:

  MariaDB [(none)]> SUPPORT EVERYONE TO Drupaldb. * TO [email protected] IDENTIFIED BY "password"; 

Then flush the privileges and exit from the MariaDB shell with the following command:

  MariaDB [(none)]> FLUSH PRIVILEGES; 
MariaDB [(none)]> EXIT;

Download Drupal

First you need to download the latest version of Drupal from their official website. You can download it with the following command:

  wget https://ftp.drupal.org/files/projects/drupal-8.7.10.tar.gzebrit19659010??When downloaded, extract the downloaded file with the following command: [19659008] tar -xvzf drupal-8.7.10.tar.gz 

Then move the extracted directory to the Nginx web directory with the following command:

  mv drupal-8.7.10 / var / www / html / drupal 

Then create a directory to store website files and rename the default.settings.php file as shown below:

  mkdir / var / www / html / drupal / sites / default / files 
cp / var / www / html / drupal / sites / default / default.settings.php /var/www/html/drupal/sites/default/settings.php Chapter19659010 ?? Next, change the ownership of the Drupal directory to nginx as shown below:

  chown -R nginx: nginx / var / www / html / drupal / 

Configure Nginx for Drupal

First, create a php-fpm configuration file for Drupal with the following command: [19659008] nano /etc/php-fpm.d/drupal.confebrit19659010??Add the following lines:

  [drupal]
user = nginx
group = nginx
list.owner = nginx
list.group = nginx
listen = /run/php-fpm/drupal.sock
pm = ondemand
pm.max_children = 50
pm.process_idle_timeout = 10s
pm.max_requests = 500
chdir = /

Save and close the file when you are done. Then create an Nginx virtual host configuration file for Drupal:

  nano /etc/nginx/conf.d/drupal.confebrit19659010??Add the following lines: 

  server {
listen 80;
server name example.com;

root / var / www / html / drupal;

access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;

location = /favicon.ico {
log_not_found off;
access_log av;
}

location = /robots.txt {
Allow everyone;
log_not_found off;
access_log av;
}

location ~  .. * /. * . php $ {
return 403;
}

site ~ ^ / websites /.*/ private / {
return 403;
}

# Block access to scripts in the directory of site files
site ~ ^ / websites / [^/] + / files /.* . php $ {
deny everything;
}
location ~ (^ | /) . {
return 403;
}

location / {
try_files $ uri /index.php?$query_string;
}

location @rewrite {
write about ^ / (. *) $ /index.php?q=$1;
}
location ~ /vendor/.*.php$ {
deny everything;
return 404;
}


location ~ & # 39;  .php $ | ^ / update.php & # 39; {
fastcgi_split_path_info ^ (. +? . php) (| /.*)$;
include fastcgi_params;
# Block httpoxy attacks. See https://httpoxy.org/.
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $ document_root $ fastcgi_script_name;
fastcgi_param PATH_INFO $ fastcgi_path_info;
fastcgi_param QUERY_STRING $ query_string;
fastcgi_intercept_errors on;
fastcgi_pass unix: /run/php-fpm/drupal.sock;
}
site ~ ^ / websites /.*/ files / styles / {# For Drupal> = 7
try_files $ uri @rewrite;
}

# Manage private files through Drupal. The private file path may come
# with a language prefix.
location ~ ^ (/ [a-z-] +)? / system / files / {# For Drupal> = 7
try_files $ uri /index.php?$query_string;
}

location ~ * . (js | css | png | jpg | jpeg | gif | ico | svg) $ {
try_files $ uri @rewrite;
expires max;
log_not_found off;
}
}

Save and close the file. Then restart php-fpm and Nginx service to apply the changes:

  systemctl restart php-fpm 
systemctl restart nginx

Configure SELinux and Firewall

By default, SELinux is enabled in CentOS 8. So you need to configure SELinux for Drupal to work properly.

First, allows Drupal to write to the public and private file directories with the following command:

  semanage fcontext -a -t httpd_sys_rw_content_t "/ var / www / html / drupal (/.*)?" 
semanage fcontext - a -t httpd_sys_rw_content_t & # 39; /var/www/html/drupal/sites/default/settings.php' vud19459015 & # 39; ansemanage fcontext -a -t httpd_sys_rw_content_t www / html / drupal / sites / default # 39;
restorecon -Rv / var / www / html / drupal
restorecon -v /var/www/html/drupal/sites/default/settings.phpebrit19459015] restorecon -Rv / var / www / html / drupal / sites / default / files

Then Drupal allows sending outgoing emails with the following command:

  setsebool -P httpd_can_sendmail at [19659010] Then you must create a firewall rule to allow HTTP and HTTPS service from external networks. You can allow it with the following command: 

  firewall-cmd --permanent --add-service = http 
  firewall-cmd --permanent --add-service = https 
firewall-cmd --reload [19659049] Secure Drupal with Let & # 39; s Encrypt SSL

Drupal is now installed and configured. It's time to secure it with Let's Encrypt free SSL.

To do so, you must download the certbot client to your server. You can download and set the appropriate permissions by running the following command:

  wget https://dl.eff.org/certbot-auto Chapter19459015uutmv certbot-auto / usr / local / bin / certbot-auto 
chown root / usr / local / bin / certbot-auto
chmod 0755 / usr / local / bin / certbot-auto

Now run the following command to obtain and install an SSL certificate for your Drupal site. [19659009] certbot-auto --nginx -d example.com

The above command first installs all the necessary dependencies on your server. Once installed, you will be prompted to enter an email address and accept the service shown below.
Selected plugins: Authenticator apache, Install apache
Enter Email Address (Used for Emergency Renewal and Security Messages) (Enter & # 39; c & # 39; to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Read the terms of use at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree to register on the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A) gree / (C) ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Should you be willing to share your email address with Electronic Frontier
Foundation, a founding partner of Let & # 39; s Encrypt project and the nonprofit
organization developing Certbot? We want to send an e-mail about our work
web encryption, EFF news, campaigns and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y) es / (N) o: Y

Get a new certificate
Perform the following challenges:
http-01 challenge for example.com
Waiting for verification ...
Cleaning of challenges
Distribute certificates to VirtualHost /etc/nginx/conf.d/drupal.conf

Then you have to choose whether you want to redirect HTTP traffic to HTTPS as shown below:

  Choose whether you want to redirect HTTP traffic to HTTPS or remove HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No Redirect - Make no further changes to the web server configuration.
2: Redirect - Makes all requests redirect to secure HTTPS access. Select this for
new websites, or if you are sure your site is working on HTTPS. You can undo this
change by editing your web server configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] and then [enter] (press & # 39; c & # 39; to cancel): 2

Type 2 and press Enter to continue. When the installation is complete, you should see the following output:

  Redirects all traffic on port 80 to ssl in /etc/nginx/conf.d/drupal.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have enabled https://example.com

You should test your configuration on:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved to:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved to:
/etc/letsencrypt/live/example.com/privkey.pem
Your certificate expires 2020-03-23. To get a new or fine tuned
version of this certificate in the future, simply run certbot-auto
again with the "certonly" option. Not to renew * everyone *
of your certificates, run "certbot-auto-renewal"
- If you like Certbot, please consider supporting our work by:

Donate to ISRG / Let 's Encrypt: https://letsencrypt.org/donate
Donate to EFF: https://eff.org/donate-le

Open Drupal website

Now open your browser and type the URL https://example.com . You will be redirected to the following page:

 Select language

Select the desired language and click the Save and Continue button. You should see the following page:

 Select installation profile

Select your installation profile and click the Save and Continue button. You should see the following page:

 Database Configuration

Enter your database information and click the Save and Continue button. You should see the following page:

 Configure the site

Enter your website name, admin username, password and click the Save and Continue button. You should see your Drupal dashboard on the following page:

 Welcome to your Drupal website

Congratulations! you have installed and secured Drupal on CentOS 8 server.


Source link