LNMP stack for Drupal 8
- Drupalguy's Blog
- Log in to post comments
In my previous post i mentioned taking notes on how I'm building my new LNMP stack to support my Drupal 8 sites. Below are those notes. I noted the commands used as well as a few links to get more info for some of the functionality.
# After installing Debian 8.3
# Update Repository
apt-get update
# install Nginx & Mariadb
apt-get install nginx mariadb-server mariadb-client
===================
# Edit Source list for php7 repositories
# http://unix.stackexchange.com/questions/252671/installing-php7-0-from-si...
nano /etc/apt/sources.list
deb http://packages.dotdeb.org jessie all
deb-src http://packages.dotdeb.org jessie all
# For PHP 7.0 on Debian 8 “Jessie” (rc3), add these two lines too :
# deb http://packages.dotdeb.org jessie-php7.0 all
# deb-src http://packages.dotdeb.org jessie-php7.0 all
# Fetch and install the GnuPG key :
wget https://www.dotdeb.org/dotdeb.gpg
sudo apt-key add dotdeb.gpg
# Install php7
apt-get update
apt-get install php7-*
apt-get install snmp
==================
# Install Webmin
nano /etc/apt/sources.list
# Install Webmin
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
# Fetch and install the GnuPG key :
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
#Install Webmin
apt-get update
apt-get install webmin
==================
# Install csf firewall
# https://kyup.com/tutorials/install-configure-config-server-firewall-csf/
mkdir /usr/share/csf; cd /usr/share/csf
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf && ./install.sh
# test the modules
perl /etc/csf/csftest.pl
# remove the previously used firewalls from the server if such exist
sh /etc/csf/remove_apf_bfd.sh
# Edit config
nano /etc/csf/csf.conf
#Edit this file and change the following line:
# TESTING = "1" to TESTING = "0"
# restart csf service:
csf -r
==================
Webmin Nginx
module http://www.justindhoffman.com/sites/justindhoffman.com/files/nginx-0.08....
Webmin MariaDB (use MySQL module)
csf
==================
######### Install Git Drush and Composer
# Install Git
apt-get install git
# Install Curl
apt-get install curl
# Install Composer (disable xdebug mod in /etc/php/mods-available/xdebug.ini before
installing Composer)
curl -sS https://getcomposer.org/installer | php
# Move the composer.phar file to /usr/local/bin/, so that it can be accessed from any directory:
sudo mv composer.phar /usr/local/bin/composer
### Install Drush for All Users on the Server
# Create a symbolic link
ln -s /usr/local/bin/composer /usr/bin/composer
# Use Git to download - or clone - the GitHub Drush project
git clone https://github.com/drush-ops/drush.git /usr/local/src/drush
# Change the working directory and install Drush
cd /usr/local/src/drush
ln -s /usr/local/src/drush/drush /usr/bin/drush
composer install
drush --version
=======================
# Create the SSL Certificate
# https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-cer...
mkdir /etc/nginx/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out
/etc/nginx/ssl/nginx.crt
# Configure Nginx to Use SSL
# Add to Virtual Host File:
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
}
}
=======================
# Drupal 8 Host
#
## This configuration is for a Drupal Site
#
server {
listen 80 ;
# listen [::]:80 ipv6only=on;
return 301 https://$server_name$request_uri;
server_name d8a.local;
}
server {
# SSL configuration
listen 443 ssl ;
# listen [::]:443 ssl ;
server_name d8a.local;
root /var/www/d8a.local; ## <-- Your only path reference.
# SSL certificates
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
# force https-redirects
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.250.0/24;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
# try_files $uri @rewrite; # For Drupal <= 6
try_files $uri /index.php?$query_string; # For Drupal >= 7
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
# In Drupal 8, we must also match new paths where the '.php' appears in the middle,
# such as update.php/selection. The rule we use is strict, and only allows this pattern
# with the update.php front controller. This allows legacy path aliases in the form of
# blog/index.php/legacy-path to continue to route to Drupal nodes. If you do not have
# any paths like that, then you might prefer to use a laxer rule, such as:
# location ~ \.php(/|$) {
# The laxer rule will continue to work if Drupal uses this new URL pattern with front
# controllers other than update.php in a future release.
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_intercept_errors on;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
# Fighting with Styles? This little gem is amazing.
# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}