How to Install Drupal with Nginx and Let’s Encrypt SSL on Ubuntu 22.04

8

Drupal is a very talked-about open-source content material control machine that permits any individual to construct, organize, and care for your online page’s content material with out coding wisdom.

Many other content material control answers are accessible, however now not all are proper for each challenge. If you need to construct a online page with one thing versatile and robust, glance no additional than the Drupal content material control machine.

Here, we will be able to see easy methods to set up Drupal with Nginx and Let’s Encrypt SSL on Ubuntu 22.04.

Setup Environment

Install LEMP Stack

Follow the under hyperlinks to put in the LEMP stack in your Debian machine for Drupal set up.

Install EMP (Nginx, MariaDB, and PHP) on Ubuntu 22.04

Install PHP Extensions for Drupal

Use the apt command to put in PHP extensions for Drupal set up.

sudo apt replace

sudo apt set up -y php-mysql php-gd php-dom php-curl php-imagick php-zip php-xml php-mbstring php-json php-pdo php-cli php-apcu

sudo apt set up --no-install-recommends -y php-uploadprogress

Configure PHP for Drupal

The default PHP values is probably not suitable for everybody, and you’ll wish to exchange them in accordance with the requirement. So, replace the /and so forth/php/8.1/fpm/php.ini record as according to your requirement. You would possibly get started with the under values and build up or lower the values when required.

memory_limit = 256M

upload_max_filesize = 64M

post_max_size = 64M

realpath_cache_size = 256k

realpath_cache_ttl = 3600

sudo sed -i 's/^memory_limit = .*/memory_limit = 256M/g' /and so forth/php/8.1/fpm/php.ini

sudo sed -i 's/^upload_max_filesize = .*/upload_max_filesize = 64M/g' /and so forth/php/8.1/fpm/php.ini

sudo sed -i 's/^post_max_size = .*/post_max_size = 64M/g' /and so forth/php/8.1/fpm/php.ini

sudo sed -i 's/;realpath_cache_size = .*/realpath_cache_size = 256k/' /and so forth/php/8.1/fpm/php.ini

sudo sed -i 's/;realpath_cache_ttl = .*/realpath_cache_ttl = 3600/' /and so forth/php/8.1/fpm/php.ini

Setup Nginx Server Block for Drupal

We will get started with making a digital host for a Drupal set up. You can in finding all Nginx’s digital host configuration recordsdata beneath /and so forth/nginx/conf.d listing.

Typically, a server block accommodates a website identify, port quantity, report root, log location, speedy CGI, and so forth.

I’m assuming the next,

Domain identify: holhol24.web, www.holhol24.web
Port No: 80
Document root: /usr/proportion/nginx/www.holhol24.web/html
Logs: /usr/proportion/nginx/www.holhol24.web/logs
Server Block File: /and so forth/nginx/conf.d/www.holhol24.web.conf

If you’ve put in Nginx from the Ubuntu repository, you want to create a server block configuration record beneath the /and so forth/nginx/sites-available listing and WordPress recordsdata beneath the /var/www/html listing

First, create a digital host configuration record.

sudo nano /and so forth/nginx/conf.d/www.holhol24.web.conf

Then, position the next content material into the above configuration record. However, you want to modify server_name , root, and fastcgi_pass as according to your requirement.

server {
	server_name holhol24.web www.holhol24.web;
	root /usr/proportion/nginx/www.holhol24.web/html;
	
	index index.php index.html;
	
	access_log /usr/proportion/nginx/www.holhol24.web/logs/get admission to.log;
	error_log /usr/proportion/nginx/www.holhol24.web/logs/error.log;
	

	
	location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        permit all;
        log_not_found off;
        access_log off;
    }

    location ~* .(txt|log)$ {
        deny all;
    }

    location ~ ..*/.*.php$ {
        go back 403;
    }

    location ~ ^/websites/.*/personal/ {
        go back 403;
    }

    # Block get admission to to scripts in web page recordsdata listing
    location ~ ^/websites/[^/]+/recordsdata/.*.php$ {
        deny all;
    }

    # Allow "Well-Known URIs" as according to RFC 5785
    location ~* ^/.well known/ {
        permit all;
    }

    # Block get admission to to "hidden" recordsdata and directories whose names start with a
    # duration. This contains directories utilized by model regulate techniques such
    # as Subversion or Git to retailer regulate recordsdata.
    location ~ (^|/). {
        go back 403;
    }

    location / {
        try_files $uri /index.php?$query_string; # For Drupal >= 7
    }

    location @rewrite {
        rewrite ^ /index.php; # For Drupal >= 7
    }

    # Don't permit direct get admission to to PHP recordsdata within the dealer listing.
    location ~ /dealer/.*.php$ {
        deny all;
        go back 404;
    }

    # Protect recordsdata and directories from prying eyes.
    location ~* .(engine|inc|set up|make|module|profile|po|sh|.*sql|theme|twig|tpl(.php)?|xtmpl|yml)(~|.sw[op]|.bak|.orig|.save)?$|^(.(?!well known).*|Entries.*|Repository|Root|Tag|Template|composer.(json|lock)|internet.config)$|^#.*#$|.php(~|.sw[op]|.bak|.orig|.save)$ {
        deny all;
        go back 404;
    }

    location ~ '.php$|^/replace.php' /.*)$;
        try_files $fastcgi_script_name =404;
        come with fastcgi_params;
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
    

    location ~* .(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;
    }

    # Fighting with Styles? This little gem is fantastic.
    location ~ ^/websites/.*/recordsdata/types/ { # For Drupal >= 7
        try_files $uri @rewrite;
    }

    # Handle personal recordsdata via Drupal. Private record's trail can come
    # with a language prefix.
    location ~ ^(/[a-z-]+)?/machine/recordsdata/ { # For Drupal >= 7
        try_files $uri /index.php?$query_string;
    }

    # Enforce blank URLs
    # Removes index.php from urls like www.instance.com/index.php/my-page --> www.instance.com/my-page
    # Could be executed with 301 for everlasting or different redirect codes.
    if ($request_uri ~* "^(.*/)index.php/(.*)") {
        go back 307 $1$2;
    }
}

Then, create directories for putting Drupal recordsdata and logs.

sudo mkdir -p /usr/proportion/nginx/www.holhol24.web/html/

sudo mkdir -p /usr/proportion/nginx/www.holhol24.web/logs/

Finally, restart the Nginx and PHP-FPM services and products.

sudo systemctl reload nginx php8.1-fpm

Install Let’s Encrypt SSL Certificate

Create DNS Record

Go for your area registrar and create an A and CNAME (non-compulsory if you wish to use www subdomain) file.

  1. Non-www Domain Name (Ex. holhol24.web) >> A file level for your server IP
  2. www Domain Name (Ex. www.holhol24.web) >> CNAME file level to holhol24.web

For this demo, I can create two information in order that my Drupal online page will probably be obtainable at www.holhol24.web.

DNS Records

Install Certbot consumer

The Certbot consumer, which is helping us generate and set up the Let’s Encrypt SSL certificates in Nginx, is now accessible as a snap bundle for Debian. So, first, set up snapd daemon in your machine.

sudo apt replace

sudo apt set up -y snapd

Then, replace snapd to the most recent model.

sudo snap set up core && sudo snap refresh core

Finally, set up the Certbot consumer the usage of the under command.

sudo snap set up --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Install SSL Certificate

Use the under command to generate and set up the Let’s Encrypt SSL certificates within the Nginx internet server.

sudo certbot --nginx

1. Enter e-mail deal with to obtain notification on pressing renewal and safety notices
2. Type Y and press Enter to sign up with the ACME server
3. Type Y or N to obtain emails about EFF information, campaigns, and publication.
4. Certbot will mechanically locate the Drupal area and ask you to turn on HTTPS in your Drupal online page. Type 1 or suitable numbers separated by means of a comma when you’ve got a couple of web pages.

Which names do you want to turn on HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: holhol24.web
2: www.holhol24.web
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the best numbers separated by means of commas and/or areas, or go away enter
clean to choose all choices proven (Enter 'c' to cancel): 1,2

Wait for the SSL set up to finish. You will now be capable of get admission to the online page with HTTPS.

Note: If you get admission to the online page now, you are going to get a 403 forbidden error since you are but to put Drupal recordsdata.

Redirect non-www HTTP requests to www HTTPS with Nginx

You will wish to configure the Nginx server to redirect the site visitors from the non-www HTTP web page to the WWW HTTPS web page, I.e., http://holhol24.web >> https://www.holhol24.web.

Auto-Renew SSL Certificate

The Certbot consumer now contains auto-renewal of SSL certificate throughout the systemd. So, you are going to now not must renew the certificate manually.

Install Drupal with Nginx

Create Database for Drupal

First, login into MariaDB/MySQL database server.

sudo mysql -u root -p

Then, create a database, person, and password for Drupal set up.

CREATE DATABASE drupaldb;

CREATE USER 'drupaluser'@'localhost' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON drupaldb.* TO 'drupaluser'@'localhost';

EXIT

Download Drupal Package

Download the most recent model of the Drupal installer by means of the usage of the next command.

wget https://www.drupal.org/download-latest/tar.gz -O drupal-latest.tar.gz

Then, extract the downloaded record.

tar -zxvf drupal-latest.tar.gz

And then, transfer the recordsdata for your online page report root listing.

sudo mv drupal-*/* /usr/proportion/nginx/www.holhol24.web/html/

Update the possession and a gaggle of the Drupal online page listing.

sudo chown -R www-data:www-data /usr/proportion/nginx/www.holhol24.web/

Install Drupal CMS

Open your browser and seek advice from your Drupal area to accomplish the Drupal set up.

https://your-drupal-website

1. Choose Language in your Drupal set up and online page, after which click on Save and proceed

2. Select an set up profile this is appropriate for you, after which click on Save and proceed

3. Enter the Drupal database main points within the Database configuration web page after which click on Save and proceed

4. Wait for the Drupal set up to finish

5. You will wish to Configure web page by means of getting into Site Information, Site Maintenance Account, Region Settings, and Update Notifications. Finally, click on Save and proceed

6. Upon crowning glory, the installer will redirect you to the Drupal back-end to regulate the set up. Alternatively, you’ll be able to get admission to the Drupal back-end by means of going to https://your-drupal-website/person/login

Access Drupal Website

Now, it is possible for you to to get admission to the web page together with your area identify.

https://your-drupal-website

Drupal Front End
Drupal Front End

Screenshot of Drupal CMS Back-End:

Drupal Backend
Drupal Backend

After putting in, permit the Trusted Host Settings to offer protection to your Drupal online page towards HTTP HOST Header assaults.

Conclusion

That’s All. I am hoping you’ve realized easy methods to set up Drupal with Nginx and Let’s Encrypt SSL on Ubuntu 22.04.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More