How to Install Drupal with Nginx and Let's Encrypt SSL on Ubuntu 20.04 LTS

Drupal is a free and open-source content management system that helps you create and deliver digital content for the web and mobile phones. It is written in PHP and used by many organizations around the world. With Drupal, you can create different types of websites, from small blogs to a large corporate website. It offers an easy-to-use interface and powerful editing tools for managing content.

In this tutorial, we will show you how to install Drupal with Nginx and secure it with Let's Encrypt SSL on Ubuntu 20.04.

Prerequisites

  • A server running Ubuntu 20.04.
  • A valid domain name pointed with your server.
  • A root password is configured on your server.

Install LEMP Server

First, you will need to install the Nginx web server, MariaDB database, PHP and other required extensions to your server. You can install all of them using the following command:

apt-get install nginx mariadb-server php7.4 php7.4-fpm php7.4-common php7.4-mysql php7.4-gmp php7.4-curl php7.4-intl php7.4-mbstring php7.4-xmlrpc php7.4-gd php7.4-xml php7.4-cli php7.4-zip -y

Once all the packages are installed, edit the php.ini file and tweak some settings:

nano /etc/php/7.4/fpm/php.ini

Change the following lines:

short_open_tag = On 
cgi.fix_pathinfo=0
memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 300
date.timezone = America/Chicago

Save and close the file when you are finished.

Configure MariaDB Database

First, secure the MariaDB installation and set the MariaDB root password with the following command:

mysql_secure_installation

Answer all the questions as shown below:

Enter current password for root (enter for none): 
Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Once the MariaDB is secured, log in to the MariaDB shell with the following command:

mysql -u root -p

Provide your MariaDB root password then create a database and user for Drupal:

MariaDB [(none)]> CREATE DATABASE drupaldb;
MariaDB [(none)]> CREATE USER 'drupal'@'localhost' IDENTIFIED BY 'password';

Next, grant all the privileges to the Drupal database with the following command:

MariaDB [(none)]> GRANT ALL ON drupaldb.* TO 'drupal'@'localhost' WITH GRANT OPTION;

Next, flush the privileges and exit from the MariaDB shell with the following command:

MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;

Once you are finished, you can proceed to the next step.

Download Drupal

At the time of writing this tutorial, the latest version of Drupal is 8.8.5. You can download it to the Nginx web root directory with the following command:

cd /var/www/html/
wget https://ftp.drupal.org/files/projects/drupal-8.8.5.tar.gz

Once the download is completed, extract the downloaded file with the following command:

tar -xvzf drupal-8.8.5.tar.gz

Next, rename the extracted directory to drupal and give proper permissions with the following command:

mv drupal-8.8.5 drupal
chown -R www-data:www-data drupal
chmod -R 755 drupal

Once you are finished, you can proceed to the next step.

Configure Nginx for Drupal

Next, create an Nginx virtual host configuration file for drupal using the following command:

nano /etc/nginx/sites-available/drupal

Add the following lines:

server {
    listen 80;
    listen [::]:80;
    root /var/www/html/drupal;
    index  index.php index.html index.htm;
    server_name  drupal.linuxbuz.com;

    client_max_body_size 100M;
    autoindex off;

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    location ~ (^|/)\. {
        return 403;
    }

    location / {
        try_files $uri /index.php?$query_string;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }

    location ~ '\.php$|^/update.php' {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
        try_files $uri @rewrite;
    }
    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
        try_files $uri /index.php?$query_string;
    }
}

Save and close the file then create a symbolic link to the sites-enabled directory:

ln -s /etc/nginx/sites-available/drupal /etc/nginx/sites-enabled/

Next, set hash_bucket_size in Nginx default configuration file:

nano /etc/nginx/nginx.conf

Add the following line below "http {"

    server_names_hash_bucket_size 64;

Save and close the file then check the Nginx for any syntax error:

nginx -t

You should get the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Next, restart the Nginx service to apply the changes:

systemctl restart nginx

Once you are done, you can proceed to the next step.

Secure Drupal with Let's Encrypt SSL

It is recommended to secure the Drupal with Let's Encrypt SSL. First, add the Certbot repository with the following command:

add-apt-repository ppa:ahasenack/certbot-tlssni01-1875471

Next, update the repository and install the Certbot client with the following command:

apt-get update -y
apt-get install certbot python3-certbot-nginx -y

Once the Certbot client is installed, run the following command to download and install Let's Encrypt SSL for your website:

certbot --nginx -d drupal.linuxbuz.com

You will be prompt to provide your valid email and accept the term of service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y



Obtaining a new certificate
Performing the following challenges:
http-01 challenge for drupal.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/drupal

Next, choose whether or not to redirect HTTP traffic to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to finish the installation:

Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/drupal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://drupal.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=drupal.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/drupal.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/drupal.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-08-12. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

At this point, you Drupal website is secured with Let's Encrypt SSL.

Access Drupal Web Installation Wizard

Now, open your web browser and type the URL https://drupal.linuxbuz.com. You will be redirected to the Drupal language selection page:

Drupal installer - Choose language

Select your desired language and click on the Save and continue button. You should see the Installation profile page:

Select installation profile

Select your desired installation profile and click on the Save and continue button. You should see the Database configuration page:

Database configuration

Click on the Save and continue button. You should see the Site Configuration page:

Drupal site configuartion

Regional settings

Provide your sitename, admin username, password and click on the Save and continue button. You will be redirected to the Drupal default dashboard in the following page:

Drupal installed successfully

Conclusion

Congratulations! you have successfully installed and secured Drupal with Let's Encrypt SSL on Ubuntu 20.04. You can now start customizing your Drupal website. For more information, visit the Drupal official documentation.

Share this page:

1 Comment(s)