Drupal is an open-source content management system written in PHP and used by individuals or groups of users. With Drupal, you can create and manage many types of websites. Drupal can run on any operating systems that support a web server, database server and is capable of running PHP.
In this tutorial, we will explain how to install Drupal on Ubuntu 22.04 server and secure it with Let’s Encrypt free SSL.
Requirements
- A cloud server running on Ubuntu 22.04
- A valid domain name pointed to your server IP address.
- A root password configured on your server.
Install Apache, MariaDB and PHP
Drupal runs on a web server, written in PHP and uses MariaDB to store their data. So you will need to install Apache, MariaDB, PHP and other required packages on your server. You can install all of them with the following command:
# apt update && apt install apache2 mariadb-server mariadb-client php8.1 libapache2-mod-php8.1 php8.1-common php8.1-mysql php8.1-gmp php8.1-curl php8.1-intl php8.1-mbstring php8.1-xmlrpc php8.1-gd php8.1-xml php8.1-cli php8.1-zip unzip -y
Once all the packages are installed, open php.ini file and adjust some PHP settings:
# nano /etc/php/8.1/apache2/php.ini
Change the following lines:
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
Save and close the file when you are finished.
Setup Drupal Database
Next, you will need to create a database and user for Drupal. To do so, log in to the MariaDB shell with the following command:
# mysql -u root -p
Provide your root password, then create a user and a database for Drupal:
MariaDB [(none)]> CREATE DATABASE drupal;
MariaDB [(none)]> CREATE USER 'drupal'@'localhost' IDENTIFIED BY 'password';
Next, grant all the privileges to the Drupal database with the following command:
# MariaDB [(none)]> GRANT ALL ON drupal.* TO 'drupal'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
Next, flush the privileges and exit from the MariaDB shell with the following command:
# MariaDB [(none)]> FLUSH PRIVILEGES;
# MariaDB [(none)]> EXIT;
Once you have finished, you can proceed to the next step.
Download Drupal
Next, you will need to download the latest version of Drupal from its official website. You can download it with the following command:
# wget https://www.drupal.org/download-latest/zip -O drupal.zip
Once downloaded, unzip the downloaded file with the following command:
# unzip drupal.zip
Next, move the extracted directory to Apache root directory:
# mv drupal-* /var/www/html/drupal
Next, change the ownership of drupal directory to www-data:
# chown -R www-data:www-data /var/www/html/drupal
Configure Apache for Drupal
Next, you will need to create an Apache virtual host configuration file for Drupal.
You can create it with the following command:
# nano /etc/apache2/sites-available/example.com.conf
Add the following lines:
<VirtualHost *:80>
ServerName example.com
ServerAdmin admin@example.com
DocumentRoot /var/www/html/drupal
<Directory /var/www/html/drupal/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html/drupal/>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*) index.php [PT,L]
</Directory>
</VirtualHost>
Save and close the file. Then, enable the virtual host and Apache rewrite module with the following commands:
# a2ensite example.com && a2enmod rewrite
Next, restart the Apache service to apply the changes:
# systemctl restart apache2
Access Drupal Web Interface
Now, open your web browser and visit the URL http://example.com. You will be redirected to the following page:
Select your desired language and click on the Save and continue button. You should see the following page:
Select an installation profile and click on the Save and continue button. You should see the following page:
Provide your database information and click on the Save and continue button. You should see the following page:
Now, provide your site name, admin username, password, admin email and click on the Save and continue button. Once the installation has been finished, you should see the Drupal default dashboard in the following page:
Secure Drupal with Let’s Encrypt
Next, you will need to secure the Drupal site with Let’s Encrypt free SSL. To do so, you will need to install the Certbot client on your system. Next, update the repository and install Certbot with apache module by running the following command:
# apt update && apt install python3-certbot-apache -y
Once the installation has been completed, download the Let’s Encrypt SSL for your domain example.com and configure Apache to use this certificate with the following command:
# certbot --apache -d example.com
You will be prompt to provide your e-mail address and agree to the terms and conditions as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/example.com-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/example.com-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/example.com-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Here, you will need to choose whether or not to redirect HTTP traffic to HTTPS. Type option 2 and hit Enter to continue. Once the installation has been completed, you should see the following output:
Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency. Redirecting vhost in /etc/apache2/sites-enabled/example.com.conf to ssl vhost in /etc/apache2/sites-available/example.com-le-ssl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-01-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Congratulations! your Drupal site is now secured with Let’s Encrypt free SSL. You can access it securely by visiting the URL https://example.com