使用Nginx安装和配置Drupal 8-并在CentOS 8上使用 Let’s Encrypt

Drupal是一个免费的,开源的,可扩展的内容管理系统,个人可以使用它来创建和管理任何类型的网站。它是用PHP编写的,并使用MySQL / MariaDB来存储其数据。Drupal提供了一组丰富的功能,可以通过数千个附加组件进行扩展。Drupal支持许多Web服务器,包括Apache,Nginx,IIS,Lighttpd和数据库MySQL,MariaDB,MongoDB,SQLite,PostgreSQL和MS SQL服务器。Drupal带有一个简单且用户友好的Web UI,使您无需任何编码知识即可创建网站。

在本教程中,我们将向您展示如何在CentOS 8服务器上安装Drupal 8并使用Let’s Encrypt free SSL对其进行保护。

要求

  • 运行CentOS的服务器8。
  • 指向您服务器IP的有效域名
  • 在服务器上配置了root密码。

安装Nginx,MariaDB和PHP

在开始之前,您将需要在服务器上安装LEMP服务器。您可以通过运行以下命令来安装它:

dnf install nginx mariadb-server php php-fpm php-cli php-mbstring php-gd php-xml php-curl php-mysqlnd php-pdo php-json php-opcache -y

安装完成后,启动Nginx,MariaDB和php-fpm服务,并使用以下命令使它们在系统重启后启动:

systemctl start nginx
 systemctl start php-fpm
 systemctl start mariadb
 systemctl enable nginx
 systemctl enable php-fpm
 systemctl enable mariadb

配置数据库

默认情况下,MariaDB是不安全的,因此您需要对其进行安全保护。您可以通过运行以下命令来保护它:

mysql_secure_installation

回答所有问题,如下所示:

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

完成后,使用以下命令登录MariaDB shell:

mysql -u root -p

在提示时提供您的root密码,然后使用以下命令为Drupal创建数据库和用户:

MariaDB [(none)]> CREATE DATABASE drupaldb CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
 MariaDB [(none)]> CREATE USER drupal@localhost IDENTIFIED BY "password";

接下来,使用以下命令为drupaldb授予所有特权:

MariaDB [(none)]> GRANT ALL ON drupaldb.* TO drupal@localhost IDENTIFIED BY "password";

接下来,刷新特权并使用以下命令从MariaDB shell退出:

MariaDB [(none)]> FLUSH PRIVILEGES;
 MariaDB [(none)]> EXIT;

下载Drupal

首先,您需要从其官方网站下载最新版本的Drupal。您可以使用以下命令下载它:

wget https://ftp.drupal.org/files/projects/drupal-8.7.10.tar.gz

下载后,使用以下命令解压缩下载的文件:

tar -xvzf drupal-8.7.10.tar.gz

接下来,使用以下命令将提取的目录移动到Nginx Web根目录:

mv drupal-8.7.10 /var/www/html/drupal

接下来,创建一个目录来存储网站文件,并重命名default.settings.php文件,如下所示:

mkdir /var/www/html/drupal/sites/default/files
 cp /var/www/html/drupal/sites/default/default.settings.php /var/www/html/drupal/sites/default/settings.php

接下来,将Drupal目录的所有权更改为nginx,如下所示:

chown -R nginx:nginx /var/www/html/drupal/

为Drupal配置Nginx

首先,使用以下命令为Drupal创建一个php-fpm配置文件:

nano /etc/php-fpm.d/drupal.conf

添加以下行:

[drupal]
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx
listen = /run/php-fpm/drupal.sock
pm = ondemand
pm.max_children =  50
pm.process_idle_timeout = 10s
pm.max_requests = 500
chdir = /

完成后保存并关闭文件。然后,为Drupal创建一个Nginx虚拟主机配置文件:

nano /etc/nginx/conf.d/drupal.conf

添加以下行:

server {
    listen 80;
    server_name example.com;

    root /var/www/html/drupal;

    access_log /var/log/nginx/example.com.access.log;
    error_log /var/log/nginx/example.com.error.log;

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }
    location ~ (^|/)\. {
        return 403;
    }

    location / {
        try_files $uri /index.php?$query_string;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }
    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }


    location ~ '\.php$|^/update.php' {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        include fastcgi_params;
       	# Block httpoxy attacks. See https://httpoxy.org/.
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        fastcgi_pass unix:/run/php-fpm/drupal.sock;
    }
    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
        try_files $uri @rewrite;
    }

    # Handle private files through Drupal. Private file's path can come
    # with a language prefix.
    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
        try_files $uri /index.php?$query_string;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;
    }
}

保存并关闭文件。然后,重新启动php-fpm和Nginx服务以应用更改:

systemctl restart php-fpm
 systemctl restart nginx

配置SELinux和防火墙

默认情况下,CentOS 8中启用了SELinux。因此,您需要配置SELinux才能使Drupal正常工作。

首先,允许Drupal使用以下命令写入公共和私有文件目录:

semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/drupal(/.*)?"
 semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/drupal/sites/default/settings.php'
 semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/drupal/sites/default/files'
 restorecon -Rv /var/www/html/drupal
 restorecon -v /var/www/html/drupal/sites/default/settings.php
 restorecon -Rv /var/www/html/drupal/sites/default/files

接下来,允许Drupal使用以下命令发送出站电子邮件:

setsebool -P httpd_can_sendmail on

接下来,您将需要创建防火墙规则以允许来自外部网络的HTTP和HTTPS服务。您可以使用以下命令允许它:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
 firewall-cmd --reload

让我们加密SSL保护Drupal

Drupal现在已安装并配置。是时候使用“免费加密SSL”来保护它了。

为此,您将需要在服务器上下载certbot客户端。您可以通过运行以下命令下载并设置正确的权限:

wget https://dl.eff.org/certbot-auto
 mv certbot-auto /usr/local/bin/certbot-auto
 chown root /usr/local/bin/certbot-auto
 chmod 0755 /usr/local/bin/certbot-auto

现在,运行以下命令为您的Drupal网站获取并安装SSL证书。

certbot-auto --nginx -d example.com

上面的命令将首先在服务器上安装所有必需的依赖项。安装后,将要求您提供一个电子邮件地址并接受服务条款,如下所示:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): hitjethva@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y 


Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/drupal.conf

接下来,您将需要选择是否将HTTP流量重定向到HTTPS,如下所示:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

输入2,然后按Enter键继续。安装完成后,您应该看到以下输出:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/drupal.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2020-03-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

访问Drupal网站

现在,打开您的Web浏览器并输入URL https://example.com。您将被重定向到以下页面:

选择语言

选择所需的语言,然后单击保存并继续按钮。您应该看到以下页面:

选择安装配置文件

选择您的安装配置文件,然后单击“ 保存并继续”按钮。您应该看到以下页面:

数据库配置

提供您的数据库详细信息,然后单击“ 保存并继续”按钮。您应该看到以下页面:

配置网站

提供您的站点名称,管理员用户名,密码,然后单击“ 保存并继续”按钮。您应该在以下页面中看到您的Drupal仪表板:

欢迎来到您的Drupal网站

恭喜你!您已经在CentOS 8服务器上成功安装并保护了Drupal。

原文:https://www.howtoforge.com/install-and-configure-drupal-8-with-nginx-and-lets-encrypt-on-centos-8/

发表评论
  • 发表评论
  • 评论列表
     
     

    为你推荐
    Ta的个人站点

    Ubar发布文章117篇

    与他人进行分享是一种快乐!当你的分享可以帮助到他们,会感觉更快乐!