How to Install Drupal with Nginx and Let’s Encrypt SSL on Debian 11


Drupal is an open-source content material control gadget that lets you construct, set up, and take care of your web content’s content material and not using a coding wisdom vital.

There are many alternative content material control answers to make a choice from, however now not all are proper for each and every undertaking. If you need to construct or rebuild your web content with one thing versatile and strong, glance no additional than Drupal.

If you shouldn’t have any internet internet hosting but to increase a Drupal web content, we advise putting in it for your native Debian gadget or VPS.

Here, we will be able to set up Drupal with Nginx and Let’s Encrypt SSL on Debian 11.


Install LEMP Stack

Follow the underneath hyperlinks to put in the LEMP stack for your Debian gadget for Drupal set up.

Install EMP (Nginx, MariaDB, and PHP) on Debian 11

Install PHP Extensions for Drupal

Use the apt command to put in PHP extensions for Drupal set up.

sudo apt replace

sudo apt set up -y php-mysql php-gd php-dom php-curl php-imagick php-zip php-xml php-mbstring php-json php-pdo php-cli php-apcu

sudo apt set up --no-install-recommends -y php-uploadprogress

Setup Nginx Virtual Host for Drupal

We will get started with making a digital host for a Drupal set up. You can in finding all Nginx’s digital host configuration recordsdata below /and so on/nginx/conf.d listing.

Typically, a digital host record accommodates a website title, port quantity, file root, log location, speedy CGI, and so on.

I’m assuming the next,

Domain title: www.holhol24.internet
Port No: 80
Document root: /usr/proportion/nginx/www.holhol24.internet/html
Logs: /usr/proportion/nginx/www.holhol24.internet/logs

First, create a digital host configuration record.

sudo nano /and so on/nginx/conf.d/www.holhol24.internet.conf

Then, position the next content material into the above configuration record. You will wish to trade server_name as in keeping with your requirement.

server {
	server_name www.holhol24.internet;
	root /usr/proportion/nginx/www.holhol24.internet/html;
	index index.php index.html;
	access_log /usr/proportion/nginx/www.holhol24.internet/logs/get entry to.log;
	error_log /usr/proportion/nginx/www.holhol24.internet/logs/error.log;

	location = /favicon.ico {
        log_not_found off;
        access_log off;

    location = /robots.txt {
        permit all;
        log_not_found off;
        access_log off;

    location ~* .(txt|log)$ {
        deny all;

    location ~ ..*/.*.php$ {
        go back 403;

    location ~ ^/websites/.*/personal/ {
        go back 403;

    # Block get entry to to scripts in web site recordsdata listing
    location ~ ^/websites/[^/]+/recordsdata/.*.php$ {
        deny all;

    # Allow "Well-Known URIs" as in keeping with RFC 5785
    location ~* ^/.well known/ {
        permit all;

    # Block get entry to to "hidden" recordsdata and directories whose names start with a
    # duration. This contains directories utilized by model regulate programs such
    # as Subversion or Git to retailer regulate recordsdata.
    location ~ (^|/). {
        go back 403;

    location / {
        try_files $uri /index.php?$query_string; # For Drupal >= 7

    location @rewrite {
        rewrite ^ /index.php; # For Drupal >= 7

    # Don't permit direct get entry to to PHP recordsdata within the dealer listing.
    location ~ /dealer/.*.php$ {
        deny all;
        go back 404;

    # Protect recordsdata and directories from prying eyes.
    location ~* .(engine|inc|set up|make|module|profile|po|sh|.*sql|theme|twig|tpl(.php)?|xtmpl|yml)(~|.sw[op]|.bak|.orig|.save)?$|^(.(?!well known).*|Entries.*|Repository|Root|Tag|Template|composer.(json|lock)|internet.config)$|^#.*#$|.php(~|.sw[op]|.bak|.orig|.save)$ {
        deny all;
        go back 404;

    location ~ '.php$|^/replace.php' /.*)$;
        try_files $fastcgi_script_name =404;
        come with fastcgi_params;
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

    location ~* .(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;

    # Fighting with Styles? This little gem is astounding.
    location ~ ^/websites/.*/recordsdata/types/ { # For Drupal >= 7
        try_files $uri @rewrite;

    # Handle personal recordsdata thru Drupal. Private record's trail can come
    # with a language prefix.
    location ~ ^(/[a-z-]+)?/gadget/recordsdata/ { # For Drupal >= 7
        try_files $uri /index.php?$query_string;

    # Enforce blank URLs
    # Removes index.php from urls like -->
    # Could be completed with 301 for everlasting or different redirect codes.
    if ($request_uri ~* "^(.*/)index.php/(.*)") {
        go back 307 $1$2;

Create directories for putting Drupal recordsdata and Nginx logs.

sudo mkdir -p /usr/proportion/nginx/www.holhol24.internet/html/

sudo mkdir -p /usr/proportion/nginx/www.holhol24.internet/logs/

Verify the Nginx configuration record with the underneath command.

sudo nginx -t

If you get the next, it signifies that the digital host configuration is right kind.

nginx: the configuration record /and so on/nginx/nginx.conf syntax is okay
nginx: configuration record /and so on/nginx/nginx.conf check is a hit

Restart the Nginx and PHP-FPM services and products.

sudo systemctl reload nginx php7.4-fpm

Install Let’s Encrypt SSL Certificate

Create DNS Record

Go in your area registrar and create an A and CNAME (non-compulsory if you don’t want to make use of www subdomain) document in your area.

  1. Non-www Domain Name (Ex. holhol24.internet) >> A document level in your server IP
  2. www Domain Name (Ex. www.holhol24.internet) >> CNAME document level to holhol24.internet

For this demo, I will be able to create two data in order that my Drupal web content will likely be available at www.holhol24.internet.

DNS Records

Install Certbot consumer

The Certbot consumer, which is helping us generate and set up the Let’s Encrypt SSL certificates in Nginx, is now to be had as a snap bundle for Debian. So, first, set up snapd daemon for your gadget.

sudo apt replace

sudo apt set up -y snapd

Then, replace snapd to the most recent model.

sudo snap set up core && sudo snap refresh core

Finally, set up the Certbot consumer the use of the underneath command.

sudo snap set up --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Install SSL Certificate

Use the underneath command to generate and set up the Let’s Encrypt SSL certificates within the Nginx internet server.

sudo certbot --nginx

1. Enter e mail deal with to obtain notification on pressing renewal and safety notices
2. Type Y and press Enter to check in with the ACME server
3. Type Y or N to obtain emails about EFF information, campaigns, e-newsletter.
4. Certbot will mechanically discover the Drupal area and ask you to turn on HTTPS in your Drupal web content. Type 1 or suitable numbers separated through a comma if in case you have a couple of web pages.

Which names do you want to turn on HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.holhol24.internet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the right numbers separated through commas and/or areas, or go away enter
clean to choose all choices proven (Enter 'c' to cancel): 1

Wait for the SSL set up to finish. You will now be capable to get entry to the web content with HTTPS.

Note: If you get entry to the web content now, you’ll get a 403 forbidden error since you are but to put Drupal recordsdata.

Redirect non-www HTTP requests to www HTTPS with Nginx (non-compulsory)

You might love to configure the Nginx server to redirect the visitors from the non-www HTTP web site to the WWW HTTPS web site, I.e., http://holhol24.internet >> https://www.holhol24.internet. You can skip this if you don’t use www to your area.

Auto-Renew SSL Certificate

The Certbot consumer now contains auto-renewal of SSL certificate in the course of the systemd. So, you’ll now not need to renew the certificate manually.

Install Drupal with Nginx

Create Database for Drupal

First, login into MariaDB/MySQL database server.

sudo mysql -u root -p

Then, create the database for Drupal set up at the side of the database consumer and password.


CREATE USER 'drupaluser'@'localhost' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON drupaldb.* TO 'drupaluser'@'localhost';


Download Drupal Package

Download the most recent model of the Drupal installer through the use of the next command.

wget -O drupal-latest.tar.gz

Then, extract the downloaded record.

tar -zxvf drupal-latest.tar.gz

And then, transfer the recordsdata in your web content file root listing.

sudo mv drupal-*/* /usr/proportion/nginx/www.holhol24.internet/html/

Update the possession and a gaggle of the Drupal web content listing.

sudo chown -R www-data:www-data /usr/proportion/nginx/www.holhol24.internet/

Install Drupal CMS

Open your browser and consult with your Drupal area to accomplish the Drupal set up.


1. Choose Language in your Drupal set up and web content after which click on Save and proceed

2. Select an set up profile this is appropriate for you after which click on Save and proceed

3. Enter the Drupal database main points within the Database configuration web page after which click on Save and proceed

4. Wait for the Drupal set up to finish

5. You will wish to Configure web site through getting into Site Information, Site Maintenance Account, Region Settings, and Update Notifications. Finally, click on Save and proceed

6. Upon of completion, the installer will redirect you to the Drupal back-end to regulate the set up. Alternatively, you’ll get entry to the Drupal back-end through going to https://your-drupal-website/consumer/login

Access Drupal Website

Now, it is possible for you to to get entry to the web site along with your area title.



Screenshot of Drupal CMS Back-End:


After the set up, allow the Trusted Host Settings to offer protection to your Drupal web content in opposition to HTTP HOST Header assaults.


That’s All. I am hoping you could have realized the way to set up Drupal with Nginx and Let’s Encrypt SSL on Debian 11.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More