How to Install Drupal with Apache2 and Let’s Encrypt Free SSL on Ubuntu 18.04

Drupal is an open-source content management system written in PHP and used by individuals or groups of users. With Drupal, you can create and manage many types of websites. Drupal can run on any operating systems that support a web server, database server and is capable of running PHP.

In this tutorial, we will explain how to install Drupal on Ubuntu 18.04 server and secure it with Let’s Encrypt free SSL.

Requirements

  • A cloud server running on Ubuntu 18.04.
  • A valid domain name pointed to your server IP address.
  • A root password configured on your server.

Install Apache, MariaDB and PHP

Drupal runs on a web server, written in PHP and uses MariaDB to store their data. So you will need to install Apache, MariaDB, PHP and other required packages on your server. You can install all of them with the following command:

# apt-get install apache2 mariadb-server mariadb-client php7.2 libapache2-mod-php7.2 php7.2-common php7.2-mysql php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-gd php7.2-xml php7.2-cli php7.2-zip unzip -y

Once all the packages are installed, open php.ini file and adjust some PHP settings:

nano /etc/php/7.2/apache2/php.ini

Change the following lines:

memory_limit = 256M
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = America/Chicago

Save and close the file when you are finished.

Setup Drupal Database

Next, you will need to create a database and user for Drupal. To do so, log in to the MariaDB shell with the following command:

# mysql -u root -p

Provide your root password, then create a user and a database for Drupal:

MariaDB [(none)]> CREATE DATABASE drupal;
MariaDB [(none)]> CREATE USER 'drupal'@'localhost' IDENTIFIED BY 'password';

Next, grant all the privileges to the Drupal database with the following command:

# MariaDB [(none)]> GRANT ALL ON drupal.* TO 'drupal'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;

Next, flush the privileges and exit from the MariaDB shell with the following command:


# MariaDB [(none)]> FLUSH PRIVILEGES;
# MariaDB [(none)]> EXIT;

Once you have finished, you can proceed to the next step.

Download Drupal

Next, you will need to download the latest version of Drupal from its official website. You can download it with the following command:

# wget https://www.drupal.org/download-latest/zip -O drupal.zip

Once downloaded, unzip the downloaded file with the following command:

# unzip drupal.zip

Next, move the extracted directory to Apache root directory:

mv drupal-8.7.8 /var/www/html/drupal

Next, change the ownership of drupal directory to www-data and give proper permission:

chown -R www-data:www-data /var/www/html/drupal
chmod -R 755 /var/www/html/drupal

Configure Apache for Drupal

Next, you will need to create an Apache virtual host configuration file for Drupal.

You can create it with the following command:

# nano /etc/apache2/sites-available/example.com.conf

Add the following lines:

<VirtualHost *:80>
  ServerName example.com
  ServerAdmin [email protected]
  DocumentRoot /var/www/html/drupal

  <Directory /var/www/html/drupal/>
       Options FollowSymlinks
       AllowOverride All
       Require all granted
  </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined

  <Directory /var/www/html/drupal/>
       RewriteEngine on
       RewriteBase /
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule ^(.*) index.php [PT,L]
  </Directory>
</VirtualHost>

Save and close the file. Then, enable the virtual host and Apache rewrite module with the following commands:


# a2ensite example.com
# a2enmode rewrite

Next, restart the Apache service to apply the changes:

systemctl restart apache2

Access Drupal Web Interface

Now, open your web browser and visit the URL http://example.com. You will be redirected to the following page:

Select your desired language and click on the Save and continue button. You should see the following page:

Select an installation profile and click on the Save and continue button. You should see the following page:

Provide your database information and click on the Save and continue button. You should see the following page:

Now, provide your site name, admin username, password, admin email and click on the Save and continue button. Once the installation has been finished, you should see the Drupal default dashboard in the following page:

Secure Drupal with Let’s Encrypt

Next, you will need to secure the Drupal site with Let’s Encrypt free SSL. To do so, you will need to install the Certbot client on your system. By default, the latest version of Certbot is not available in the Ubuntu 18.04 default repository.

First, add the Certbot repository with the following command:

# add-apt-repository ppa:certbot/certbot

Next, update the repository and install Certbot with apache module by running the following command:
<code# apt-get update -y
# apt-get install certbot python-certbot-apache -y

Once the installation has been completed, download the Let’s Encrypt SSL for your domain example.com and configure Apache to use this certificate with the following command:

# certbot --apache -d example.com

You will be prompt to provide your e-mail address and agree to the terms and conditions as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/example.com-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/example.com-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/example.com-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Here, you will need to choose whether or not to redirect HTTP traffic to HTTPS. Type option 2 and hit Enter to continue. Once the installation has been completed, you should see the following output:

Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for overall consistency. Redirecting vhost in /etc/apache2/sites-enabled/example.com.conf to ssl vhost in /etc/apache2/sites-available/example.com-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2020-01-09. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le


Congratulations! your Drupal site is now secured with Let’s Encrypt free SSL. You can access it securely by visiting the URL https://example.co

To write a comment on this article, fill out the form below. Fields marked with an asterisk (*) are required.