Drupal is a free and open-source content management system that helps you create and deliver digital content for the web and mobile phones. It is written in PHP and used by many organizations around the world. With Drupal, you can create different types of websites, from small blogs to a large corporate website. It offers an easy-to-use interface and powerful editing tools for managing content.
In this tutorial, we will show you how to install Drupal with Nginx and secure it with Let's Encrypt SSL on Ubuntu 20.04.
Prerequisites
- A server running Ubuntu 20.04.
- A valid domain name pointed with your server.
- A root password is configured on your server.
Install LEMP Server
First, you will need to install the Nginx web server, MariaDB database, PHP and other required extensions to your server. You can install all of them using the following command:
apt-get install nginx mariadb-server php7.4 php7.4-fpm php7.4-common php7.4-mysql php7.4-gmp php7.4-curl php7.4-intl php7.4-mbstring php7.4-xmlrpc php7.4-gd php7.4-xml php7.4-cli php7.4-zip -y
Once all the packages are installed, edit the php.ini file and tweak some settings:
nano /etc/php/7.4/fpm/php.ini
Change the following lines:
short_open_tag = On cgi.fix_pathinfo=0 memory_limit = 256M upload_max_filesize = 100M max_execution_time = 300 date.timezone = America/Chicago
Save and close the file when you are finished.
Configure MariaDB Database
First, secure the MariaDB installation and set the MariaDB root password with the following command:
mysql_secure_installation
Answer all the questions as shown below:
Enter current password for root (enter for none): Set root password? [Y/n] Y New password: Re-enter new password: Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
Once the MariaDB is secured, log in to the MariaDB shell with the following command:
mysql -u root -p
Provide your MariaDB root password then create a database and user for Drupal:
MariaDB [(none)]> CREATE DATABASE drupaldb;
MariaDB [(none)]> CREATE USER 'drupal'@'localhost' IDENTIFIED BY 'password';
Next, grant all the privileges to the Drupal database with the following command:
MariaDB [(none)]> GRANT ALL ON drupaldb.* TO 'drupal'@'localhost' WITH GRANT OPTION;
Next, flush the privileges and exit from the MariaDB shell with the following command:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
Once you are finished, you can proceed to the next step.
Download Drupal
At the time of writing this tutorial, the latest version of Drupal is 8.8.5. You can download it to the Nginx web root directory with the following command:
cd /var/www/html/
wget https://ftp.drupal.org/files/projects/drupal-8.8.5.tar.gz
Once the download is completed, extract the downloaded file with the following command:
tar -xvzf drupal-8.8.5.tar.gz
Next, rename the extracted directory to drupal and give proper permissions with the following command:
mv drupal-8.8.5 drupal
chown -R www-data:www-data drupal
chmod -R 755 drupal
Once you are finished, you can proceed to the next step.
Configure Nginx for Drupal
Next, create an Nginx virtual host configuration file for drupal using the following command:
nano /etc/nginx/sites-available/drupal
Add the following lines:
server {
listen 80;
listen [::]:80;
root /var/www/html/drupal;
index index.php index.html index.htm;
server_name drupal.linuxbuz.com;
client_max_body_size 100M;
autoindex off;
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri /index.php?$query_string;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ '\.php$|^/update.php' {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
}
Save and close the file then create a symbolic link to the sites-enabled directory:
ln -s /etc/nginx/sites-available/drupal /etc/nginx/sites-enabled/
Next, set hash_bucket_size in Nginx default configuration file:
nano /etc/nginx/nginx.conf
Add the following line below "http {"
server_names_hash_bucket_size 64;
Save and close the file then check the Nginx for any syntax error:
nginx -t
You should get the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Next, restart the Nginx service to apply the changes:
systemctl restart nginx
Once you are done, you can proceed to the next step.
Secure Drupal with Let's Encrypt SSL
It is recommended to secure the Drupal with Let's Encrypt SSL. First, add the Certbot repository with the following command:
add-apt-repository ppa:ahasenack/certbot-tlssni01-1875471
Next, update the repository and install the Certbot client with the following command:
apt-get update -y
apt-get install certbot python3-certbot-nginx -y
Once the Certbot client is installed, run the following command to download and install Let's Encrypt SSL for your website:
certbot --nginx -d drupal.linuxbuz.com
You will be prompt to provide your valid email and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): hitjethva@gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for drupal.linuxbuz.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/drupal
Next, choose whether or not to redirect HTTP traffic to HTTPS:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to finish the installation:
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/drupal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://drupal.linuxbuz.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=drupal.linuxbuz.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/drupal.linuxbuz.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/drupal.linuxbuz.com/privkey.pem Your cert will expire on 2020-08-12. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
At this point, you Drupal website is secured with Let's Encrypt SSL.
Access Drupal Web Installation Wizard
Now, open your web browser and type the URL https://drupal.linuxbuz.com. You will be redirected to the Drupal language selection page:
Select your desired language and click on the Save and continue button. You should see the Installation profile page:
Select your desired installation profile and click on the Save and continue button. You should see the Database configuration page:
Click on the Save and continue button. You should see the Site Configuration page:
Provide your sitename, admin username, password and click on the Save and continue button. You will be redirected to the Drupal default dashboard in the following page:
Conclusion
Congratulations! you have successfully installed and secured Drupal with Let's Encrypt SSL on Ubuntu 20.04. You can now start customizing your Drupal website. For more information, visit the Drupal official documentation.