This brief post shows students and new users how to install and use Drupal content management system (CMS) on Ubuntu Linux with Nginx HTTP web server. This post will also have a link to setup free Let’s Encrypt SSL certificates to secure your Drupal websites and applications.
Drupal is a free and open source CMS based on PHP and MySQL that also has many features and thousands of plugins and template or themes. If you want to create an online website or store, Drupal might be the simplest way to do it, especially if you will need support from users to manage and maintain the site.
This tutorial is based on Ubuntu Linux. We’ll be installing Nginx web server, MariaDB database server and PHP modules. We’ll also link to another post that will show you how to secure your Drupal website using Let’s Encrypt free SSL certificates.
For more about Drupal, please check its homepage
To get started with installing Drupal on Ubuntu Linux, follow the steps below:
How to install Nginx on Ubuntu Linux
As mentioned above, we’re going to be using Nginx web server to run Drupal. Drupal requires a web server to function, and Nginx is one of the most popular open source web servers available today.
To install Nginx on Ubuntu, run the commands below:
sudo apt update sudo apt install nginx
After installing Nginx, the commands below can be used to stop, start and enable Nginx services to always start up everytime your server starts up.
sudo systemctl stop nginx.service sudo systemctl start nginx.service sudo systemctl enable nginx.service
To test whether Nginx is installed and functioning, open your web browser and browse to the server’s IP address or hostname.
If you see the above page in your browser, then Nginx is working as expected.
How to install MariaDB on Ubuntu Linux
A database server is required for Drupal to function. Drupal stores its content in a database, and MariaDB is probably the best database server available to run Drupal.
MariaDB is fast, secure and the default server for almost all Linux servers. To install MariaDB, run the commands below:
sudo apt install mariadb-server sudo apt install mariadb-client
After installing MariaDB, the commands below can be used to stop, start and enable MariaDB services to always start up when the server boots.
sudo systemctl stop mariadb.service sudo systemctl start mariadb.service sudo systemctl enable mariadb.service
Next, run the commands below to secure the database server with a root password if you were not prompted to do so during the installation.
sudo mysql_secure_installation
When prompted, use the guide below to answer:
If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): PRESS ENTER Switch to unix_socket authentication [Y/n] n Change the root password? [Y/n] n Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y All done!
To verify and validate that MariaDB is installed and working, login to the database console using the commands below:
sudo mysql -u root -p
You should automatically be logged in to the database server since we initiated the login request as root. Only the root can login without password, and only from the server console.
If you see a similar screen as shown above, then the server was successfully installed.
How to install PHP-FPM on Ubuntu Linux
As we also mentioned above, we’re installing PHP on Ubuntu since Drupal requires it. PHP packages are added to Ubuntu repositories. The versions the repositories might not be the latest. If you need to install the latest versions, you’ll need to add a third party PPA repository.
To a third party repository with the latest versions of PHP, run the commands below.
sudo apt-get install software-properties-common sudo add-apt-repository ppa:ondrej/php
At the time of this writing, the latest PHP version 8.0.
sudo apt update
Next, run the commands below to install PHP 8.0 and related modules.
sudo apt install php8.0-fpm php8.0-common php8.0-mysql php8.0-gmp php8.0-curl php8.0-intl php8.0-mbstring php8.0-xmlrpc php8.0-gd php8.0-xml php8.0-cli php8.0-zip
Once PHP is installed, the commands below can be used to start, stop and enable PHP-FPM services to automatically startup when the server boots.
sudo systemctl stop php8.0-fpm sudo systemctl start php8.0-fpm sudo systemctl enable php8.0-fpm
Next, you’ll want to change some PHP configuration settings that work great with Drupal. Run the commands below to open PHP default configuration file.
sudo nano /etc/php/8.0/fpm/php.ini
Then change the line settings to be something line the lines below. Save your changes and exit.
file_uploads = On allow_url_fopen = On short_open_tag = On memory_limit = 256M cgi.fix_pathinfo = 0 upload_max_filesize = 100M max_execution_time = 360 date.timezone = America/Chicago
How to create Drupal database on Ubuntu
At this point, we’re ready to create Drupal database. As mentioned above, Drupal uses databases to store its content.
To create a database for Drupal, run the commands below:
sudo mysql -u root -p
Then create a database called drupaldb
CREATE DATABASE drupaldb;
Next, create a database user called drupaldbuser and set password
CREATE USER 'drupaldbuser'@'localhost' IDENTIFIED BY 'new_password_here';
Then grant the user full access to the database.
GRANT ALL ON drupaldb.* TO 'drupaldbuser'@'localhost' WITH GRANT OPTION;
Finally, save your changes and exit.
FLUSH PRIVILEGES; EXIT;
How to download Drupal
We’re ready to download Drupal and begin configuring it. First, run the commands below to download the latest version of Drupal from its repository.
To get Drupal latest release you may want to use GitHub repository. Install Composer, Curl and other dependencies to get started…
sudo apt install curl git curl -sS | sudo php -- --install-dir=/usr/local/bin --filename=composer
After installing curl and Composer above, change into the Nginx root directory and download Drupal packages from GitHub. Always replace the branch number with the latest branch.
To view Drupal releases, see this page.
cd /var/www/ sudo git clone --branch 9.2.5 cd /var/www/drupal sudo composer install
Then run command below to allow www-data user to own the Drupal directory.
sudo chown -R www-data:www-data /var/www/drupal/ sudo chmod -R 755 /var/www/drupal/
How to configure Nginx for Drupal
We have downloaded Drupal content into a new folder we called Drupal. Now, let’s configure Nginx to create a new server block to use with our Drupal website. You can create as many server blocks with Nginx.
To do that, run the commands below to create a new configuration file called drupal.conf in the /etc/nginx/sites-available/ directory to host our Drupal server block.
sudo nano /etc/nginx/sites-available/drupal.conf
In the file, copy and paste the content below into the file and save.
server {
listen 80;
listen [::]:80;
root /var/www/drupal;
index index.php index.html index.htm;
server_name example.com www.example.com;
client_max_body_size 100M;
autoindex off;
location ~ \.*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri /index.php?$query_string;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ '\.php$|^/update.php' {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Fighting with Styles? This little gem is amazing.
# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
# Handle private files through Drupal. Private file's path can come
# with a language prefix.
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
}Save the file and exit.
After saving the file above, run the commands below to enable the new file that contains our Drupal server block. Restart Nginx after that.
sudo ln -s /etc/nginx/sites-available/drupal.conf /etc/nginx/sites-enabled/ sudo systemctl restart nginx.service
At this stage, Drupal is ready and can be launched by going to the server’s IP or hostname.
However, we want to make sure our server is protected with Let’s Encrypt free SSL certificates. So, continue below to learn how to generate Let’s Encrypt SSL certificate for websites.
How to setup Let’s Encrypt for Drupal
We have written a great post on how to generate and manage Let’s Encrypt SSL certificates for Nginx web server. You can use that post, to apply it here for your Drupal website.
To read the post on how to generate Let’s Encrypt SSL certificates for website, click on the link below:
How to Setup Let’s Encrypt on Ubuntu Linux with Nginx – Website for Students
If you were successful in generating a Let’s Encrypt SSL certificate, you should then reopen the server block for our Drupal website by running the commands below.
sudo nano /etc/nginx/sites-available/drupal.conf
The new Drupal server blocks configurations should look similar to the line below. Take notes of the highlighted lines.
- The first server block listens on port 80. It contains a 301 redirect to redirect HTTP to HTTPS.
- The second server block listens on port 443. It contains a 301 redirect to redirect www to non-www domain.
server {
listen 80;
listen [::]:80;
root /var/www/drupal;
index index.php index.html index.htm;
server_name example.com www.example.com;
include snippets/well-known.conf;
return 301
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/drupal;
index index.php index.html index.htm;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
include snippets/well-known.conf;
return 301
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/drupal;
index index.php index.html index.htm;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
include snippets/well-known.conf;
client_max_body_size 100M;
location ~ \.*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri /index.php?$query_string;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ '\.php$|^/update.php' {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Fighting with Styles? This little gem is amazing.
# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
# Handle private files through Drupal. Private file's path can come
# with a language prefix.
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
}Save the file above, then restart Nginx and PHP using the commands below.
sudo systemctl reload nginx sudo systemctl reload php8.0-fpm
Finally, if everything went as planned, you should be able to start Drupal setup wizard by browsing to the server hostname or IP address over HTTPS.
A Drupal setup wizard should appear. Follow the wizard to complete the setup.
Select the installation language then click Save and Continue.
On the next screen, choose the Standard installation option to include commonly used features that are pre-configured.
This is the most popular options for most website running Drupal CMS.
Next, type in the database connection info and click Save and continue.
After that, enter the site information, including Site name, Site admin email address, username and password and continue.
When you’re done, Drupal should be installed and ready to use. Login as admin and begin configuring your site.
In the future when you want to upgrade to a new released version, simply run the commands below to upgrade…
sudo composer update /var/www/drupal/core --with-dependencies cd /var/www/drupal sudo composer require drush/drush cd /var/www/drupal/vendor/drush/drush ./drush updatedb ./drush cr sudo chown www-data:www-data /var/www/drupal sudo chmod 755 /var/www/drupal
That’s it!
Conclusion:
This post showed you how to install Drupal on Ubuntu Linux with link to setting up Let’s Encrypt. If you find any error above, or have something to add, please use the comment form below.
