In this tutorial, we’ll describe how to install and configure the latest version of the Drupal content management system on Debian to create dynamic websites in your organization.
Drupal is a highly customizable, free, and modern open-source content management system written mainly in PHP that acts as a special framework that allows you to create dynamic websites, such as a simple blog site or advanced enterprise web applications. Drupal is mostly used on Linux with Apache/Nginx, PHP and MySQL/MariaDB components, also known as LAMP or LEMP stacks.
Drupal is a robust and stable web platform that can be adapted to all modern web designs and functionalities. It is also supported by an active community constantly improving its security and features. This fact makes Drupal one of the most popular backend frameworks for web designers and programmers to create large, high-traffic websites.
Requirements
- The latest version of Debian 9, installed on a bare-metal machine or on a virtual private server
- One of the server’s network cards configured with a static IP address
- sudo root privileges for a local or remote account, or direct access to the root account via the console or remotely via the SSH service
- A private or public domain name, depending on the deployment, with properly configured DNS records for web services. If you don’t have a valid or registered domain name, you can perform the installation and access the website using your server’s IP address.
- If you want to use site registration, comment moderation, and other features, you should have a mail server on your premises that is properly configured and provides remote access to its IMAP and SMTP services.
Initial configuration
Before you start installing and configuring Drupal CMS from your own server’s sources, you must first make sure that your system meets all the software requirements for compiling and installing the application. The first step is to update your system repositories and software packages using the command below.
apt update
apt upgrade
Next, set up the name for your system by running the following command. Replace your hostname variable accordingly.
hostnamectl set-hostname mail
Check the hostname and hosts file of your machine by entering the following commands.
hostnamectl
cat /etc/hostname
hostname –s
Finally, restart the Debian server so that the kernel updates and hostname changes are properly applied.
init 6
In the next step, run the following command to install some necessary utilities needed to further manage your system from the command line.
apt install wget bash-completion unzip
Drupal is a popular CMS that is mainly written and developed in the server-side PHP programming language. In order for Drupal to run PHP file scripts, a web server such as the Apache HTTP server and a PHP interpreter must be installed and operational in the system. To install the Apache web server and PHP interpreter along with all the required PHP modules that Drupal needs to run properly, enter the following command in your server console.
apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-xml php7.0-gd php7.0-json php7.0-curl php7.0-mbstring php7.0-opcache
After Apache and PHP are installed, test that the web server is running and listening for network connections on port 80 by entering the following command with root privileges.
netstat –tlpn
If the netstat network utility is not installed by default in your Debian system, run the following command to install it.
apt install net-tools
From the netstat command output, you can see that the Apache web server is listening for incoming network connections on port 80. You can also use the ss command for the same task, which is automatically installed in Debian 9.
ss- tulpn
If a firewall is enabled on your system, such as the UFW firewall application, you should add a new rule to allow HTTP traffic through the firewall by typing the following command.
ufw allow WWW
or
ufw allow 80/tcp
If you use iptables raw rules to manage the firewall rules on your Debian server, add the following rule to allow incoming traffic through port 80 on the firewall so that visitors can visit your website.
apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload
Next, enable the following Apache modules and apply them to redirect HTTP connections to HTTPS by typing the following command.
a2enmod rewrite
systemctl restart apache2
Finally, test if the default Apache web page can be displayed in your clients’ browsers by calling the IP address of your Debian machine or your domain name or server FQDN via the HTTP protocol. If you don’t know the IP address of your machine, run the commands ifconfig or ‘ip a’ to find out the IP address of your server. The default Apache page for Debian will be displayed in your browser.
http://your_domain.tld
To install and access the Drupal website using the HTTPS protocol, which secures traffic for your clients, enable the Apache web server SSL module and the SSL site configuration file with the following command.
a2enmod ssl
a2ensite default-ssl.conf
Next, open the default Apache SSL configuration file with a text editor and enable the URL rewrite rules by inserting the following lines of code after the DocumentRoot directive, as shown in the following example:
nano /etc/apache2/sites-enabled/default-ssl.conf
Excerpt from the SSL site configuration file:
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Also, modify the VirtualHost line to look like the excerpt below:
<VirtualHost *:443>
Close the SSL Apache file and open the /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as in the SSL configuration file. Add the lines of code after the DocumentRoot statement, as shown in the following example.
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Finally, restart the Apache daemon to apply all the rules configured so far and visit your domain using the HTTP protocol. Since you are using the self-signed certificate pairs automatically issued by Apache during installation, an error warning should be displayed in the browser, as shown in the following screenshot.
systemctl restart apache2
https://yourdomain.tld
Accept the warning to continue and be redirected to the default Apache web page using the HTTPS protocol. The following page will be displayed in your browser.
If the UFW firewall application blocks incoming network connections to the HTTPS port, you should add a new rule to allow HTTPS traffic through the firewall by entering the following command.
ufw allow 'WWW Full'
or
ufw allow 443/tcp
If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow incoming traffic through port 443 in the firewall to allow visitors to browse your domain name.
iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload
In the next step, we need to make some more changes to the PHP default configuration file to ensure that the following PHP variables are enabled and that the PHP time zone setting is configured correctly and matches the geographical location of your system. Open the /etc/php/7.0/apache2/php.ini file for editing and make sure the following lines are set up as follows. Also, make a backup copy of the PHP configuration file first.
cp /etc/php/7.0/apache2/php.ini{,.backup}nano /etc/php/7.0/apache2/php.ini
Search, edit and change the following variables in the php.iniconfiguration file:
display_errors = Off php_value memory_limit 128M php_value post_max_size 16M php_value upload_max_filesize 2M php_value max_input_time 300 date.timezone = Europe/London
Increase the memory_limit variable to support large file attachments, and replace the time.zone variable with your physical time by consulting the list of time zones from the PHP docs at the following link: http://php.net/manual/en/timezones.php
If you want to increase the loading speed of your web pages using the OPCache plugin available for PHP7, add the following OPCache settings to the end of the PHP interpreter configuration file as described below:
opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
Close the php.ini configuration file and verify that the variables have been correctly added to the end of the PHP configuration file by entering the following command.
tail /etc/php/7.0/apache2/php.ini
After making all the changes described above, restart the Apache daemon to apply the new changes by entering the following command.
systemctl restart apache2
Finally, create a PHP info file by running the following command, and verify that the PHP time zone is configured correctly by accessing the PHP info file in a browser at the following URL (see figure below). Scroll down to the date settings to check the PHP time zone configuration.
echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php
https://domain.tld/info.php
Drupal CMS can use MySQL, SQLite or PostgreSQL RDBMS databases to store users, posts, menus and other information. In this guide, we will configure Drupal CMS with MariaDB database as the backend. MariaDB is nothing but a fork of MySQL database. Enter the following command to install the MariaDB database and the PHP module needed to access the MySQL database.
apt install mariadb-server php7.0-mysql
After you install MariaDB, check that the daemon is running and waiting for connections on localhost, port 3306, by running the netstat or ss command.
netstat –tlpn | grep mysql
Then log in to the MySQL console and secure the MariaDB root account by running the following commands.
mysql -h localhost
use mysql; update user set plugin='' where user='root'; flush privileges; exit
In the next step, secure MariaDB by running the mysql_secure_installation script included in the installation packages from the Debian Stretch repositories. As it runs, the script asks a series of questions to secure the MariaDB database, such as: change the MySQL root password, remove anonymous users, disable remote root logins, and delete the test database. Run the script using the command below and make sure you answer yes to all questions to fully back up the MySQL daemon. Use the script output below as a guide only.
sudo mysql_secure_installation
To test the security of MariaDB, try logging into the database from the console without a root password. Access to the database should be denied if no password is provided for the root account. If the password is provided, you should be able to log in to the MySQL console, as shown in the screenshot below.
mysql -h localhost -u root
mysql -h localhost -u root –p
Next, log in to the MariaDB database console and create a Drupal database and user with a password that will be used to manage the Drupal database by entering the following commands. Replace the website database name, user and password accordingly.
mysql –u root -p
create database drupal_db character set utf8 collate utf8_general_ci; grant all privileges on drupal_db.* to 'drupal_user'@'localhost' identified by 'drupal_pass'; flush privileges; exit
To apply all the changes made so far, restart the MySQL and Apache daemons and check if the daemons are running by entering the following commands.
systemctl restart mysql apache2
systemctl status mysql apache2
Install Drupal
If all the system requirements for installing your e-commerce online store are met, visit the official Drupal download page at the following address https://www.drupal.org/project/drupal/releases/8.4.0 and download the latest compressed zip package using the wget program, as shown in the following example.
wget https://ftp.drupal.org/files/projects/drupal-8.4.0.zip
After completing the zip archive download, unzip the compressed Drupal archive to your current system path and list the unzipped files using the following commands. Also, remove the index.html file installed by default by the Apache web server from the webroot path and also delete the info.php file created earlier.
rm /var/www/html/index.html
rm /var/www/html/info.php
unzip drupal-8.4.0.zip
ls
After unzipping the Drupal zip archive to your current working directory, copy all the unzipped files and directories from the Drupal 8.4.x directory to the webroot folder of your website by executing the following commands. Also, make sure that you copy the .htaccess and all other hidden files from the extracted drupal directory to the website’s root directory.
cp -rf drupal-8.4.0/* /var/www/html/
cp drupal-8.4.0/.htaccess /var/www/html/
cp drupal-8.4.0/.csslintrc /var/www/html/
cp drupal-8.4.0/.e* /var/www/html/
Next, run the following commands to grant the Apache runtime user full write permissions to the web server’s root directory. Also, run the ls command to list the permissions for the Drupal installation files in the /var/www/html/ directory.
chown -R www-data:www-data /var/www/html/
ls –al /var/www/html
Now proceed directly with the installation and configuration of Drupal CMS by opening a browser and navigating to the following URL using your server’s IP address or domain name via the HTTPS protocol.
https://your_domain.tld/core/install.php
On the first Drupal CMS installation screen, select your installation language from the list and click the Save and Continue button to proceed to the next step of the installation process (see figure below).
In the next installation screen, you will select an installation profile for Drupal and click Save and Continue again to move to the next step. In this guide, we will configure Drupal with the default installation profile that uses pre-configured features for the website.
The Drupal installer will ask you to configure the MySQL database in the next installation screen. Specify the name of the MariaDB database you created earlier for Drupal and the username and password to access the database. For advanced MySQL configurations, click Advanced Options and specify the hostname on which MariaDB is running and the port number. Change this configuration only if you are using a remote MySQL database to install Drupal or if you have changed the default port of the database. If you want to use this Drupal installation for multiple websites, you should add a unique table name prefix in the Table name prefix field to avoid data collisions between websites and domains.
When you finish configuring the Drupal MySQL database, click the Save and Continue button to proceed with the installation process.
Next, Drupal will start installing in your system and populate the MySQL database with the required tables and row information. This step should take a while, depending on your server’s resources, such as CPU, RAM, disk speed or other factors, such as network speed in case of remote database installation, as shown in the screenshot below.
After the installation is complete, you will be prompted to configure the website. In this section, you will specify the name of your website and the email address to be used for sending automatic emails when visitors register. The Drupal installer will also tell you to use an email address that belongs to the domain name of your website, otherwise the email address will be listed as spam by the DBL blacklists on the Internet. You should also set up an administration account for maintenance and set a secure password for this account. Be sure to repeat the password for this account to ensure that both passwords match.
Scroll down, add the email address again, and set up your website’s regional settings by selecting your country and your server’s default time zone. To be notified via your site’s email address when updates to Drupal components and important security updates appear, check the Update Notifications checkboxes for Automatically check for updates and Receive email notifications. The following screenshots serve as a guide for configuring this step. Once you have completed this part of the installation process, click the Save and Continue button to complete the installation process.
After the installation process is complete, you will be redirected to your domain address, where a message like the one shown in the following image will inform you that Drupal has been successfully installed. You can now manage and edit your website settings. Click the “Logout” link in the upper right corner to exit the Drupal admin panel.
To log back in and manage your website from the Drupal panel, click the Log In button in the upper right corner and use the credentials you set during installation to open the Drupal panel.
To force visitors to access your site using the HTTPS protocol, reconnect to your server console and modify the .htaccess file in the root of your web server by adding the following rules to the beginning of the file.
nano /var/www/html/.htaccess
.htaccessExtract from the file:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
RewriteEngine on
Options -Indexes 
That’s it! You have successfully installed and configured the Drupal Content Management System on the Debian 9.2 server. However, since the Apache HTTP server uses self-signed certificates to encrypt traffic between the server and the client’s browser, a warning message is always generated and displayed in browsers when a user visits your domain. In this case, you should purchase a certificate issued by a trusted certificate authority or get a free pair of certificates from Let’s Encrypt CA.
You can find more custom configurations for Drupal CMS on the documentation page at the following address: https://www.drupal.org/docs/8