How To Install Drupal 6
The author selected United nations Foundation to receive a donation equally part of the Write for DOnations program.
The original WordPress version of this tutorial was written past Kathleen Juell.
Introduction
Drupal is a content management system (CMS) written in PHP and distributed nether the open-source GNU General Public License. People and organizations around the world use Drupal to power government sites, personal blogs, businesses, and more than. What makes Drupal unique from other CMS frameworks is its growing customs and a set up of features that include secure processes, reliable functioning, modularity, and flexibility to adapt.
Drupal requires installing the LAMP (Linux, Apache, MySQL, and PHP) or LEMP (Linux, Nginx, MySQL, and PHP) stack, but installing individual components is a time-consuming task. We can use tools like Docker and Docker Etch to simplify the procedure of installing Drupal. This tutorial will use Docker images for installing individual components within the Docker containers. Past using Docker Compose, we can define and manage multiple containers for the database, awarding, and the networking/communication between them.
In this tutorial, we will install Drupal using Docker Compose so that we can take reward of containerization and deploy our Drupal website on servers. Nosotros will be running containers for a MySQL database, Nginx webserver, and Drupal. We will also secure our installation by obtaining TLS/SSL certificates with Permit's Encrypt for the domain we want to associate with our site. Finally, we will set upwardly a cron job to renew our certificates so that our domain remains secure.
Prerequisites
To follow this tutorial, we will need:
- A server running Ubuntu eighteen.04, forth with a not-root user with
sudoprivileges and an active firewall. For guidance on how to set up these upwards, please meet this Initial Server Setup guide. - Docker installed on your server, following Steps ane and 2 of How To Install and Employ Docker on Ubuntu 18.04. This tutorial has been tested on version xix.03.8.
- Docker Compose installed on your server, following Step 1 of How To Install Docker Compose on Ubuntu 18.04. This tutorial has been tested on version 1.21.2.
- A registered domain name. This tutorial will use
your_domainthroughout. You tin get one for gratuitous at Freenom, or use the domain registrar of your choice. - Both of the following DNS records fix for your server. You tin follow this introduction to DigitalOcean DNS for details on how to add them to a DigitalOcean account, if that's what you're using:
- An A record with
your_domainpointing to your server's public IP accost. - An A record with
world wide web.your_domainpointing to your server's public IP address.
- An A record with
Stride 1 — Defining the Web Server Configuration
Earlier running any containers, we demand to ascertain the configuration for our Nginx spider web server. Our configuration file will include some Drupal-specific location blocks, along with a location block to direct Let's Encrypt verification requests to the Certbot customer for automatic document renewals.
Offset, let'south create a project directory for our Drupal setup named drupal:
- mkdir drupal
Move into the newly created directory:
- cd drupal
Now we can make a directory for our configuration file:
- mkdir nginx-conf
Open the file with nano or your favorite text editor:
- nano nginx-conf/nginx.conf
In this file, we will add a server block with directives for our server name and document root, and location blocks to straight the Certbot client's asking for certificates, PHP processing, and static asset requests.
Add the following code into the file. Be sure to replace your_domain with your own domain proper name:
~/drupal/nginx-conf/nginx.conf
server { listen lxxx ; mind [::]:80 ; server_name your_domain www.your_domain ; index alphabetize.php alphabetize.html index.htm ; root /var/www/html ; location ~ /.well-known/acme-claiming { permit all ; root /var/www/html ; } location / { try_files $uri $uri/ /alphabetize.php$is_args $args ; } rewrite ^/cadre/authorize.php/cadre/authorize.php(.*)$ /core/authorize.php$1 ; location ~ \.php$ { try_files $uri =404 ; fastcgi_split_path_info ^(.+\.php)(/.+)$ ; fastcgi_pass drupal:9000 ; fastcgi_index index.php ; include fastcgi_params ; fastcgi_param SCRIPT_FILENAME $document_root $fastcgi_script_name ; fastcgi_param PATH_INFO $fastcgi_path_info ; } location ~ /\.ht { deny all ; } location = /favicon.ico { log_not_found off ; access_log off ; } location = /robots.txt { log_not_found off ; access_log off ; allow all ; } location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { expires max ; log_not_found off ; } } Our server block includes the following information:
Directives:
-
listen: This tells Nginx to mind on port80, which will allow u.s.a. to utilise Certbot'south webroot plugin for our certificate requests. Annotation that we are not including port443yet—we volition update our configuration to include SSL once we have successfully obtained our certificates. -
server_name: This defines our server name and the server block that should exist used for requests to our server. Be certain to replaceyour_domainin this line with your own domain name. -
index: The alphabetize directive defines the files that will be used as indexes when processing requests to our server. We've modified the default society of priority hither, movingindex.phpin front ofalphabetize.htmlso that Nginx prioritizes files calledalphabetize.phpwhen possible. -
root: Our root directive names the root directory for requests to our server. This directory,/var/www/html, is created equally a mount point at build time past instructions in our Drupal Dockerfile. These Dockerfile instructions also ensure that the files from the Drupal release are mounted to this volume. -
rewrite: If the specified regular expression (^/core/authorize.php/core/authorize.php(.*)$) matches a request URI, the URI is changed as specified in the replacement cord (/core/authorize.php$one).
Location Blocks:
-
location ~ /.well-known/pinnacle-challenge: This location cake will handle requests to the.well-knowndirectory, where Certbot will identify a temporary file to validate that the DNS for our domain resolves to our server. With this configuration in place, we will exist able to use Certbot's webroot plugin to obtain certificates for our domain. -
location /: In this location block, we'll utilize atry_filesdirective to cheque for files that match individual URI requests. Instead of returning a404 Not Foundcondition equally a default, however, nosotros'll pass control to Drupal'southalphabetize.phpfile with the request arguments. -
location ~ \.php$: This location block will handle PHP processing and proxy these requests to our drupal container. Considering our Drupal Docker image will be based on thephp:fpmepitome, nosotros will also include configuration options that are specific to the FastCGI protocol in this block. Nginx requires an independent PHP processor for PHP requests: in our instance, these requests will be handled by thephp-fpmprocessor that's included with thephp:fpmparadigm. Additionally, this location cake includes FastCGI-specific directives, variables, and options that will proxy requests to the Drupal application running in our Drupal container, set the preferred index for the parsed asking URI, and parse URI requests. -
location ~ /\.ht: This cake volition handle.htaccessfiles since Nginx won't serve them. Thedeny_alldirective ensures that.htaccessfiles will never be served to users. -
location = /favicon.ico, location = /robots.txt: These blocks ensure that requests to/favicon.icoand/robots.txtwill not exist logged. -
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$: This block turns off logging for static asset requests and ensures that these assets are highly cacheable, every bit they are typically expensive to serve.
For more information nigh FastCGI proxying, see Agreement and Implementing FastCGI Proxying in Nginx. For information virtually server and location blocks, see Understanding Nginx Server and Location Cake Selection Algorithms.
Save and close the file when you are finished editing.
With your Nginx configuration in place, yous tin motility on to creating surround variables to pass to your awarding and database containers at runtime.
Step 2 — Defining Environment Variables
Our Drupal application needs a database (MySQL, PostgresSQL, etc.) for saving information related to the site. The Drupal container will need access to sure environment variables at runtime in order to admission the database (MySQL) container. These variables incorporate the sensitive data like the credentials of the database, so we can't betrayal them directly in the Docker Etch file—the primary file that contains information almost how our containers will run.
It is ever recommended to fix the sensitive values in the .env file and restrict its circulation. This volition prevent these values from copying over to our project repositories and existence exposed publicly.
In the main projection directory, ~/drupal, create and open a file called .env:
- nano .env
Add the following variables to the .env file, replacing the highlighted sections with the credentials you want to use:
~/drupal/.env
MYSQL_ROOT_PASSWORD=root_password MYSQL_DATABASE=drupal MYSQL_USER=drupal_database_user MYSQL_PASSWORD=drupal_database_password We have now added the password for the MySQL root administrative account, as well every bit our preferred username and password for our application database.
Our .env file contains sensitive data so it is always recommended to include information technology in a project's .gitignore and .dockerignore files and so that it won't be added in our Git repositories and Docker images.
If yous programme to piece of work with Git for version control, initialize your current working directory as a repository with git init:
- git init
Open .gitignore file:
- nano .gitignore
Add the following:
~/drupal/.gitignore
.env Save and exit the file.
Similarly, open the .dockerignore file:
- nano .dockerignore
So add the following:
~/drupal/.dockerignore
.env .git Salve and leave the file.
At present that we have taken measures to safeguard our credentials equally surround variables, let'southward movement to our adjacent stride of defining our services in a docker-etch.yml file.
Step 3 — Defining Services with Docker Compose
Docker Compose is a tool for defining and running multi-container Docker applications. We define a YAML file to configure our awarding's services. A service in Docker Compose is a running container, and Etch allows united states of america to link these services together with shared volumes and networks.
We will create dissimilar containers for our Drupal awarding, database, and web server. Along with these, we will also create a container to run Certbot in order to obtain certificates for our web server.
Create a docker-compose.yml file:
- nano docker-compose.yml
Add together the following lawmaking to define the Compose file version and mysql database service:
~/drupal/docker-etch.yml
version : "three" services : mysql : paradigm : mysql: 8.0 container_name : mysql command : - -default-authentication-plugin=mysql_native_password restart : unless-stopped env_file : .env volumes : - db-data:/var/lib/mysql networks : - internal Allow'due south go through these one-past-one with all the configuration options of the mysql service:
-
paradigm: This specifies the paradigm that will exist used/pulled for creating the container. It is e'er recommended to use the image with the proper version tag excluding thelatesttag to avoid future conflicts. Read more on Dockerfile best practices from the Docker documentation. -
container_name: To define the proper noun of the container. -
command: This is used to override the default control (CMD instruction) in the image. MySQL has supported different authentication plugins, merelymysql_native_passwordis the traditional method to authenticate. Since PHP, and hence Drupal, won't support the newer MySQL authentication, we demand to prepare the--default-authentication-plugin=mysql_native_passwordas the default authentication mechanism. -
restart: This is used to define the container restart policy. Theunless-stoppedpolicy restarts a container unless it is stopped manually. -
env_file: This adds the environment variables from a file. In our case, it volition read the environment variables from the.envfile defined in the previous pace. -
volumes: This mounts host paths or named volumes, specified as sub-options to a service. We are mounting a named book calleddb-informationto the/var/lib/mysqldirectory on the container, where MySQL past default will write its data files. -
networks: This defines theinternalnetwork that our application service will bring together. We will define the networks at the terminate of the file.
We accept defined our mysql service definition, so now let's add the definition of the drupal application service to the end of the file:
~/drupal/docker-compose.yml
... drupal : image : drupal:8.7.8-fpm-alpine container_name : drupal depends_on : - mysql restart : unless-stopped networks : - internal - external volumes : - drupal-data:/var/www/html In this service definition, we are naming our container and defining a restart policy, as we did with the mysql service. Nosotros're also calculation some options specific to this container:
-
prototype: Here, we are using theviii.seven.8-fpm-alpineDrupal epitome. This prototype has thephp-fpmprocessor that our Nginx spider web server requires to handle PHP processing. Moreover we are using thealpineparadigm, derived from the Alpine Linux project, which volition reduce the size of the overall epitome and is recommended in the Dockerfile all-time practices. Drupal has more versions of images, then cheque them out on Dockerhub. -
depends_on: This is used to express dependency between services. Defining themysqlservice equally the dependency to ourdrupalcontainer will ensure that ourdrupalcontainer volition be created after themysqlcontainer and enable our application to start smoothly. -
networks: Here, nosotros have added this container to theexternalnetwork along with theinternalnetwork. This will ensure that ourmysqlservice is accessible merely from thedrupalcontainer through theinternalnetwork while keeping this container accessible to other containers through theexternalnetwork. -
volumes: We are mounting a named volume calleddrupal-datato the/var/www/htmlmountpoint created past the Drupal epitome. Using a named volume in this way will let u.s.a. to share our application code with other containers.
Next, let'southward add the Nginx service definition afterward the drupal service definition:
~/drupal/docker-compose.yml
... webserver : image : nginx:1.17.4-alpine container_name : webserver depends_on : - drupal restart : unless-stopped ports : - 80:fourscore volumes : - drupal-information:/var/world wide web/html - ./nginx-conf:/etc/nginx/conf.d - certbot-etc:/etc/letsencrypt networks : - external Once more, we're naming our container and making information technology dependent on the Drupal container in order of starting. We're also using an alpine image—the 1.17.four-alpine Nginx image.
This service definition also includes the following options:
-
ports: This exposes port80to enable the configuration options we defined in ournginx.conffile in Step 1. -
volumes: Here, nosotros are defining both the named volume and host path:-
drupal-data:/var/www/html: This will mountain our Drupal application lawmaking to the/var/www/htmldirectory, which we set as the root in our Nginx server block. -
./nginx-conf:/etc/nginx/conf.d: This will mount the Nginx configuration directory on the host to the relevant directory on the container, ensuring that whatever changes we brand to files on the host will be reflected in the container. -
certbot-etc:/etc/letsencrypt: This volition mountain the relevant Let'south Encrypt certificates and keys for our domain to the appropriate directory on the container. -
networks: Nosotros have defined theexternalnetwork only to permit this container communicate with thedrupalcontainer and not with themysqlcontainer.
-
Finally, we volition add our last service definition for the certbot service. Be sure to replace sammy@your_domain and your_domain with your own e-mail and domain proper name:
~/drupal/docker-etch.yml
... certbot : depends_on : - webserver prototype : certbot/certbot container_name : certbot volumes : - certbot-etc:/etc/letsencrypt - drupal-data:/var/www/html command : certonly - -webroot - -webroot-path=/var/www/html - -email sammy@your_domain - -agree-tos - -no-eff-email - -staging -d your_domain -d www.your_domain This definition tells Etch to pull the certbot/certbot prototype from Docker Hub. It also uses named volumes to share resource with the Nginx container, including the domain certificates and key in certbot-etc and the application code in drupal-data.
We have as well used depends_on to make certain that the certbot container will exist started after the webserver service is running.
We oasis't specified any networks here because this container won't communicate to any services over the network. Information technology is merely adding the domain certificates and key, which nosotros take mounted using the named volumes.
We have also included the control choice that specifies a subcommand to run with the container's default certbot command. The Certbot client supports plugins for obtaining and installing certificates. Nosotros are using the webroot plugin to obtain a certificate by including certonly and --webroot on the command line. Read more than about the plugin and additional commands from the official Certbot Documentation.
After the certbot service definition, add together the network and book definitions:
~/drupal/docker-compose.yml
... networks : external : driver : bridge internal : driver : bridge volumes : drupal-information : db-information : certbot-etc : The summit-level networks key lets us specify networks to exist created. networks allows advice across the services/containers on all the ports since they are on the aforementioned Docker daemon host. We have defined two networks, internal and external, to secure the advice of the webserver, drupal, and mysql services.
The volumes key is used to define the named volumes drupal-data, db-data, and certbot-etc. When Docker creates volumes, the contents of the book are stored in a directory on the host filesystem, /var/lib/docker/volumes/, that'south managed by Docker. The contents of each volume then get mounted from this directory to any container that uses the volume. In this way, it'south possible to share code and data betwixt containers.
The finished docker-compose.yml file will look like this:
~/drupal/docker-compose.yml
version : "3" services : mysql : image : mysql: 8.0 container_name : mysql command : - -default-authentication-plugin=mysql_native_password restart : unless-stopped env_file : .env volumes : - db-data:/var/lib/mysql networks : - internal drupal : image : drupal:8.vii.8-fpm-alpine container_name : drupal depends_on : - mysql restart : unless-stopped networks : - internal - external volumes : - drupal-data:/var/world wide web/html webserver : image : nginx:i.17.iv-tall container_name : webserver depends_on : - drupal restart : unless-stopped ports : - 80:80 volumes : - drupal-data:/var/www/html - ./nginx-conf:/etc/nginx/conf.d - certbot-etc:/etc/letsencrypt networks : - external certbot : depends_on : - webserver image : certbot/certbot container_name : certbot volumes : - certbot-etc:/etc/letsencrypt - drupal-data:/var/www/html command : certonly - -webroot - -webroot-path=/var/www/html - -email sammy@your_domain - -concord-tos - -no-eff-e-mail - -staging -d your_domain -d www.your_domain networks : external : commuter : bridge internal : driver : bridge volumes : drupal-data : db-information : certbot-etc : Nosotros are done with defining our services. Side by side, let's start the container and exam our document requests.
Step 4 — Obtaining SSL Certificates and Credentials
We can showtime our containers with the docker-etch up control, which will create and run our containers in the society we take specified. If our domain requests are successful, we will see the correct leave status in our output and the correct certificates mounted in the /etc/letsencrypt/live binder on the web server container.
To run the containers in the background, utilise the docker-etch up command with the -d flag:
- docker-etch upward -d
Y'all will see similar output confirming that your services have been created:
Output
... Creating mysql ... done Creating drupal ... washed Creating webserver ... washed Creating certbot ... washed Check the condition of the services using the docker-compose ps command:
- docker-etch ps
We will come across the mysql, drupal, and webserver services with a Country of Upwardly, while certbot will exist exited with a 0 status message:
Output
Name Control Country Ports -------------------------------------------------------------------------- certbot certbot certonly --webroot ... Exit 0 drupal docker-php-entrypoint php-fpm Up 9000/tcp mysql docker-entrypoint.sh --def ... Up 3306/tcp, 33060/tcp webserver nginx -g daemon off; Upwards 0.0.0.0:80->eighty/tcp If you encounter anything other than Upward in the State column for the mysql, drupal, or webserver services, or an exit status other than 0 for the certbot container, be sure to check the service logs with the docker-compose logs command:
- docker-compose logs service_name
We can now check that our certificates mounted on the webserver container using the docker-compose exec command:
- docker-compose exec webserver ls -la /etc/letsencrypt/live
This volition give the post-obit output:
Output
total 16 drwx------ 3 root root 4096 October 5 09:15 . drwxr-xr-10 9 root root 4096 Oct 5 09:xv .. -rw-r--r-- ane root root 740 Oct 5 09:15 README drwxr-xr-x two root root 4096 Oct 5 09:15 your_domain Now that everything runs successfully, we tin edit our certbot service definition to remove the --staging flag.
Open up the docker-compose.yml file, go to the certbot service definition, and supervene upon the --staging flag in the command choice with the --strength-renewal flag, which volition tell Certbot that y'all want to request a new certificate with the same domains as an existing document. The updated certbot definition will await like this:
~/drupal/docker-etch.yml
... certbot: depends_on: - webserver image: certbot/certbot container_name: certbot volumes: - certbot-etc:/etc/letsencrypt - drupal-information:/var/www/html control: certonly --webroot --webroot-path=/var/www/html --e-mail sammy@your_domain --agree-tos --no-eff-email --force-renewal -d your_domain -d www.your_domain ... We need to run docker-compose upwardly again to recreate the certbot container. We will likewise include the --no-deps option to tell Compose that it can skip starting the webserver service, since it is already running:
- docker-compose up --force-recreate --no-deps certbot
Nosotros will see output indicating that our document request was successful:
Output
Recreating certbot ... done Attaching to certbot certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log certbot | Plugins selected: Authenticator webroot, Installer None certbot | Renewing an existing document certbot | Performing the following challenges: certbot | http-01 challenge for your_domain certbot | http-01 challenge for world wide web.your_domain certbot | Using the webroot path /var/www/html for all unmatched domains. certbot | Waiting for verification... certbot | Cleaning upwardly challenges certbot | Of import NOTES: certbot | - Congratulations! Your certificate and chain take been saved at: certbot | /etc/letsencrypt/alive/your_domain/fullchain.pem certbot | Your primal file has been saved at: certbot | /etc/letsencrypt/live/your_domain/privkey.pem certbot | Your cert volition expire on 2022-01-03. To obtain a new or tweaked certbot | version of this certificate in the time to come, just run certbot certbot | again. To not-interactively renew *all* of your certificates, run certbot | "certbot renew" certbot | - Your account credentials have been saved in your Certbot certbot | configuration directory at /etc/letsencrypt. You should make a certbot | secure backup of this folder now. This configuration directory will certbot | besides contain certificates and individual keys obtained past Certbot so certbot | making regular backups of this binder is platonic. certbot | - If you like Certbot, delight consider supporting our piece of work by: certbot | certbot | Donating to ISRG / Permit's Encrypt: https://letsencrypt.org/donate certbot | Donating to EFF: https://eff.org/donate-le certbot | certbot exited with code 0 At present that we have successfully generated our certificates, nosotros can update our Nginx Configuration to include SSL.
Footstep v — Modifying the Web Server Configuration and Service Definition
After installing SSL certificates in Nginx, we will need to redirect all the HTTP requests to HTTPS. We volition also have to specify our SSL certificate and central locations and add security parameters and headers.
Since you are going to recreate the webserver service to include these additions, you lot tin can terminate information technology now:
- docker-compose stop webserver
This will give the following output:
Output
Stopping webserver ... done Adjacent, let's remove the Nginx configuration file we created earlier:
- rm nginx-conf/nginx.conf
Open another version of the file:
- nano nginx-conf/nginx.conf
Add the following code to the file to redirect HTTP to HTTPS and to add together SSL credentials, protocols, and security headers. Recall to replace your_domain with your own domain:
~/drupal/nginx-conf/nginx.conf
server { mind eighty ; listen [::]:80 ; server_name your_domain www.your_domain ; location ~ /.well-known/tiptop-challenge { let all ; root /var/www/html ; } location / { rewrite ^ https://$host $request_uri? permanent ; } } server { listen 443 ssl ; listen [::]:443 ssl ; server_name your_domain www.your_domain ; index index.php alphabetize.html alphabetize.htm ; root /var/www/html ; server_tokens off ; ssl_certificate /etc/letsencrypt/alive/your_domain/fullchain.pem ; ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem ; add_header 10-Frame-Options "SAMEORIGIN" always ; add_header X-XSS-Protection "1; mode=block" ever ; add_header X-Content-Type-Options "nosniff" e'er ; add_header Referrer-Policy "no-referrer-when-downgrade" always ; add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'dangerous-inline'" ever ; location / { try_files $uri $uri/ /alphabetize.php$is_args $args ; } rewrite ^/core/authorize.php/core/qualify.php(.*)$ /core/authorize.php$1 ; location ~ \.php$ { try_files $uri =404 ; fastcgi_split_path_info ^(.+\.php)(/.+)$ ; fastcgi_pass drupal:9000 ; fastcgi_index index.php ; include fastcgi_params ; fastcgi_param SCRIPT_FILENAME $document_root $fastcgi_script_name ; fastcgi_param PATH_INFO $fastcgi_path_info ; } location ~ /\.ht { deny all ; } location = /favicon.ico { log_not_found off ; access_log off ; } location = /robots.txt { log_not_found off ; access_log off ; allow all ; } location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { expires max ; log_not_found off ; } } The HTTP server cake specifies the webroot plugin for Certbot renewal requests to the .well-known/tiptop-challenge directory. It also includes a rewrite directive that directs HTTP requests to the root directory to HTTPS.
The HTTPS server block enables ssl and http2. To read more nigh how HTTP/ii iterates on HTTP protocols and the benefits information technology tin can have for website performance, delight see the introduction to How To Set Up Nginx with HTTP/2 Support on Ubuntu 18.04.
These blocks enable SSL, as we take included our SSL certificate and fundamental locations along with the recommended headers. These headers will enable us to become an A rating on the SSL Labs and Security Headers server exam sites.
Our root and index directives are also located in this block, every bit are the residual of the Drupal-specific location blocks discussed in Pace 1.
Save and close the updated Nginx configuration file.
Before recreating the webserver container, we will demand to add a 443 port mapping to our webserver service definition every bit we have enabled SSL certificates.
Open the docker-compose.yml file:
- nano docker-compose.yml
Brand the post-obit changes in the webserver service definition:
~/drupal/docker-compose.yml
... webserver: epitome: nginx:1.17.iv-alpine container_name: webserver depends_on: - drupal restart: unless-stopped ports: - 80:fourscore - 443:443 volumes: - drupal-data:/var/www/html - ./nginx-conf:/etc/nginx/conf.d - certbot-etc:/etc/letsencrypt networks: - external ... Afterward enabling the SSL certificates, our docker-compose.yml volition look like this:
~/drupal/docker-compose.yml
version: "three" services: mysql: image: mysql:8.0 container_name: mysql control: --default-hallmark-plugin=mysql_native_password restart: unless-stopped env_file: .env volumes: - db-data:/var/lib/mysql networks: - internal drupal: image: drupal:8.seven.8-fpm-alpine container_name: drupal depends_on: - mysql restart: unless-stopped networks: - internal - external volumes: - drupal-data:/var/www/html webserver: image: nginx:1.17.4-tall container_name: webserver depends_on: - drupal restart: unless-stopped ports: - 80:lxxx - 443:443 volumes: - drupal-data:/var/www/html - ./nginx-conf:/etc/nginx/conf.d - certbot-etc:/etc/letsencrypt networks: - external certbot: depends_on: - webserver image: certbot/certbot container_name: certbot volumes: - certbot-etc:/etc/letsencrypt - drupal-data:/var/www/html control: certonly --webroot --webroot-path=/var/www/html --electronic mail sammy@your_domain --agree-tos --no-eff-email --force-renewal -d your_domain -d www.your_domain networks: external: commuter: bridge internal: driver: span volumes: drupal-data: db-data: certbot-etc: Save and close the file. Let's recreate the webserver service with our updated configuration:
- docker-etch up -d --strength-recreate --no-deps webserver
This volition give the following output:
Output
Recreating webserver ... done Check the services with docker-compose ps:
- docker-compose ps
We will see the mysql, drupal, and webserver services as Up while certbot will be exited with a 0 condition message:
Output
Name Control State Ports -------------------------------------------------------------------------- certbot certbot certonly --webroot ... Get out 0 drupal docker-php-entrypoint php-fpm Up 9000/tcp mysql docker-entrypoint.sh --def ... Up 3306/tcp, 33060/tcp webserver nginx -thou daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp At present, all our services are running and we are good to move forwards with installing Drupal through the web interface.
Step 6 — Completing the Installation Through the Web Interface
Let's consummate the installation through Drupal's spider web interface.
In a web browser, navigate to the server'southward domain. Retrieve to substitute your_domain hither with your own domain proper name:
https://your_domain Select the linguistic communication to use:
Click Salve and continue. We volition state on the Installation profile page. Drupal has multiple profiles, then select the Standard profile and click on Save and go on.
After selecting the profile, nosotros will move forward to Database configuration page. Select the Database type every bit MySQL, MariaDB, Percona Server, or equivalent and enter the values of Database name, username, and countersign from the values corresponding to MYSQL_DATABASE, MYSQL_USER, and MYSQL_PASSWORD respectively defined in the .env file in Step 2. Click on Avant-garde Options and set the value of Host to the name of the mysql service container. Click on Save and keep.
After configuring the database, it will start installing Drupal default modules and themes:
One time the site is installed, nosotros will land on the Drupal site setup page for configuring the site proper noun, email, username, password, and regional settings. Fill up in the data and click on Save and continue:
After clicking Salve and continue, we tin can run into the Welcome to Drupal page, which shows that our Drupal site is up and running successfully.
Now that our Drupal installation is complete, we need to ensure that our SSL certificates volition renew automatically.
Stride vii — Renewing Certificates
Let'southward Encrypt certificates are valid for ninety days, so we need to set upward an automated renewal process to ensure that they practise not lapse. 1 way to do this is to create a chore with the cron scheduling utility. In this instance, we will create a cron chore to periodically run a script that volition renew our certificates and reload our Nginx configuration.
Let'south create the ssl_renew.sh file to renew our certificates:
- nano ssl_renew.sh
Add together the following code. Remember to replace the directory proper name with your own non-root user:
~/drupal/ssl_renew.sh
#!/bin/bash cd /home/sammy/drupal/ /usr/local/bin/docker-compose -f docker-compose.yml run certbot renew --dry-run && \ /usr/local/bin/docker-etch -f docker-etch.yml impale -s SIGHUP webserver This script changes to the ~/drupal projection directory and runs the following docker-compose commands.
-
docker-compose run: This will kickoff acertbotcontainer and override thecontrolprovided in ourcertbotservice definition. Instead of using thecertonlysubcommand, nosotros're using therenewsubcommand hither, which will renew certificates that are close to expiring. We've included the--dry-runoption here to examination our script. -
docker-compose kill: This will send aSIGHUPsignal to thewebservercontainer to reload the Nginx configuration.
Shut the file and make it executable by running the following command:
- sudo chmod +x ssl_renew.sh
Adjacent, open the root crontab file to run the renewal script at a specified interval:
- sudo crontab -e
If this is your starting time time editing this file, you will be asked to choose a text editor to open the file with:
Output
no crontab for root - using an empty i Select an editor. To change later, run 'select-editor'. 1. /bin/nano 2. /usr/bin/vim.basic iii. /usr/bin/vim.tiny four. /bin/ed Choose one-4 [i]: ... At the stop of the file, add the following line, replacing sammy with your username:
crontab
... */5 * * * * /dwelling house/sammy/drupal/ssl_renew.sh >> /var/log/cron.log two>&1 This will set the chore interval to every 5 minutes, so we can test whether or not our renewal request has worked as intended. Nosotros have besides created a log file, cron.log, to record relevant output from the task.
Afterward five minutes, use the tail command to check cron.log to come across whether or not the renewal asking has succeeded:
- tail -f /var/log/cron.log
You volition come across output confirming a successful renewal:
Output
** Dry RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/your_domain/fullchain.pem (success) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press CTRL+C to quit the tail procedure.
Nosotros can at present modify the crontab file to run the script every 2nd day of the week at 2 AM. Change the concluding line of the crontab to the following:
crontab
... * two * * 2 /habitation/sammy/drupal/ssl_renew.sh >> /var/log/cron.log 2>&1 Go out and salvage the file.
Now, permit's remove the --dry-run option from the ssl_renew.sh script. First, open it upward:
- nano ssl_renew.sh
Then change the contents to the post-obit:
~/drupal/ssl_renew.sh
#!/bin/bash cd /home/sammy/drupal/ /usr/local/bin/docker-compose -f docker-compose.yml run certbot renew && \ /usr/local/bin/docker-compose -f docker-compose.yml impale -s SIGHUP webserver Our cron task volition at present have care of our SSL certificates expiry by renewing them when they are eligible.
Conclusion
In this tutorial, we have used Docker Compose to create a Drupal installation with an Nginx web server. Equally part of this workflow, we obtained TLS/SSL certificates for the domain we wanted associated with our Drupal site and created a cron job to renew these certificates when necessary.
If you would like to learn more about Docker, cheque out our Docker topic page.
Source: https://www.digitalocean.com/community/tutorials/how-to-install-drupal-with-docker-compose
Posted by: windomdound1972.blogspot.com
0 Response to "How To Install Drupal 6"
Post a Comment