1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-08 11:11:34 -05:00
Linux-Setup-Scripts/sample-scripts/Ubuntu-24.04-LEMP-Drupal.md

3.9 KiB

Ubuntu 24.04 LEMP Drupal

First you need to run the following scripts:

Install composer

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"

sudo chown root:root composer.phar
sudo mv composer.phar /usr/local/bin

Setup Directory Structure

# Add unprivileged user for drupal
sudo useradd -U -m -s /bin/bash drupal

# Make drupal directory

sudo mkdir -p /srv/drupal
sudo chown drupal:drupal /srv/drupal

# Setup ACL
sudo apt install -y acl
sudo setfacl -dm u:nginx:rwx /srv/drupal
sudo setfacl -m u:nginx:rwx /srv/drupal

Install Drupal

Switch to the drupal user:

sudo su - drupal

As the drupal user, run:

cd /srv/drupal
composer create-project drupal/recommended-project drupal.yourdomain.tld
cp /srv/drupal/drupal.yourdomain.tld/web/sites/default/default.settings.php /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php

Exit the drupal user:

exit

Generate an SSL certificate

certbot certonly --nginx --no-eff-email \
    --key-type ecdsa
    --cert-name drupal.yourdomain.tld \
    -d drupal.yourdomain.tld

NGINX configuration file

As root, download this file and put it in /etc/nginx/conf.d/snippets.conf

As root, put the following file in /etc/nginx/conf.d/sites_drupal.conf:

server {
    listen 443 quic reuseport;
    listen 443 ssl;
    listen [::]:443 quic reuseport;
    listen [::]:443 ssl;

    server_name drupal.yourdomain.tld;

    ssl_certificate /etc/letsencrypt/live/drupal.yourdomain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/drupal.yourdomain.tld/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/drupal.yourdomain.tld/chain.pem;

    include snippets/hsts.conf;
    include snippets/security-drupal-no-proxy.conf;
    include snippets/cross-origin-security.conf;
    include snippets/quic.conf;

    add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'self'; upgrade-insecure-requests";

    index index.php;
    root /srv/drupal/drupal.yourdomain.tld/web;

    location / {
         try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Notes: listen 443 quic reuseport; is only needed once. If you plan to have multiple vhosts on this setup with SSL, consider making a dedicated vhost for this config so that it is nicer and easier to manage. An example can be found here.

Setup the Database for Drupal

As root, log into MariaDB:

mariadb -uroot

Run the following queries:

CREATE DATABASE drupal CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'drupal'@'127.0.0.1' IDENTIFIED BY 'yourPassword';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON drupal.* TO 'drupal'@'127.0.0.1';
exit

Configure Drupal

Go to drupal.yourdomain.tld and follow the prompts.

Switch to the drupal user:

sudo su - drupal

As the drupal user, run:

chmod 400 /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php
setfacl -m u:nginx:r /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php