LNMP stack for Drupal 8

In my previous post i mentioned taking notes on how I'm building my new LNMP stack to support my Drupal 8 sites.  Below are those notes. I noted the commands used as well as a few links to get more info for some of the functionality.  

# After installing Debian 8.3
# Update Repository
apt-get update

# install Nginx & Mariadb
apt-get install nginx mariadb-server mariadb-client 

===================

# Edit Source list for php7 repositories
#    http://unix.stackexchange.com/questions/252671/installing-php7-0-from-si...

nano /etc/apt/sources.list
  deb http://packages.dotdeb.org jessie all
  deb-src http://packages.dotdeb.org jessie all
 # For PHP 7.0 on Debian 8 “Jessie” (rc3), add these two lines too :
 # deb http://packages.dotdeb.org jessie-php7.0 all
 # deb-src http://packages.dotdeb.org jessie-php7.0 all

# Fetch and install the GnuPG key :
wget https://www.dotdeb.org/dotdeb.gpg
sudo apt-key add dotdeb.gpg

# Install php7
apt-get update
apt-get install php7-*
apt-get install snmp

==================

# Install Webmin
nano /etc/apt/sources.list
  # Install Webmin
  deb http://download.webmin.com/download/repository sarge contrib
  deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

# Fetch and install the GnuPG key :
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc 

#Install Webmin
apt-get update
apt-get install webmin

==================

# Install csf firewall
#    https://kyup.com/tutorials/install-configure-config-server-firewall-csf/

mkdir /usr/share/csf; cd /usr/share/csf
wget http://www.configserver.com/free/csf.tgz
 tar -xzf csf.tgz
 cd csf && ./install.sh

# test the modules
 perl /etc/csf/csftest.pl

# remove the previously used firewalls from the server if such exist
 sh /etc/csf/remove_apf_bfd.sh

# Edit config
nano /etc/csf/csf.conf

#Edit this file and change the following line:
# TESTING = "1"  to  TESTING = "0"

# restart csf service:
csf -r

==================

Webmin Nginx

module         http://www.justindhoffman.com/sites/justindhoffman.com/files/nginx-0.08....

Webmin MariaDB    (use MySQL module)

csf        
==================

######### Install Git Drush and Composer

# Install Git
apt-get install git

# Install Curl
apt-get install curl

# Install Composer    (disable xdebug mod in /etc/php/mods-available/xdebug.ini before 

installing Composer)
curl -sS https://getcomposer.org/installer | php

# Move the composer.phar file to /usr/local/bin/, so that it can be accessed from any directory:
sudo mv composer.phar /usr/local/bin/composer

### Install Drush for All Users on the Server

# Create a symbolic link
ln -s /usr/local/bin/composer /usr/bin/composer

# Use Git to download - or clone - the GitHub Drush project
git clone https://github.com/drush-ops/drush.git /usr/local/src/drush

# Change the working directory and install Drush
cd /usr/local/src/drush
ln -s /usr/local/src/drush/drush /usr/bin/drush
composer install
drush --version

=======================

# Create the SSL Certificate
# https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-cer...
mkdir /etc/nginx/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out 

/etc/nginx/ssl/nginx.crt

# Configure Nginx to Use SSL
# Add to Virtual Host File:
server {
        listen 443 ssl;

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;
        }
}

=======================

# Drupal 8 Host

 #
##  This configuration is for a Drupal Site
#

server {
    listen 80 ;
    # listen [::]:80  ipv6only=on;
    return  301 https://$server_name$request_uri;
    server_name d8a.local;
    }

server {
    # SSL configuration
    listen 443 ssl ;
    # listen [::]:443 ssl ;

    server_name d8a.local;
    root /var/www/d8a.local; ## <-- Your only path reference.

    # SSL certificates
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

   # force https-redirects
       if ($scheme = http) {
           return 301 https://$server_name$request_uri;
      }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Very rarely should these ever be accessed outside of your lan
    location ~* \.(txt|log)$ {
        allow 192.168.250.0/24;
        deny all;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Allow "Well-Known URIs" as per RFC 5785
    location ~* ^/.well-known/ {
        allow all;
    }

    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
        return 403;
    }

    location / {
        # try_files $uri @rewrite; # For Drupal <= 6
        try_files $uri /index.php?$query_string; # For Drupal >= 7
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }

    # In Drupal 8, we must also match new paths where the '.php' appears in the middle,
    # such as update.php/selection. The rule we use is strict, and only allows this pattern
    # with the update.php front controller.  This allows legacy path aliases in the form of
    # blog/index.php/legacy-path to continue to route to Drupal nodes. If you do not have
    # any paths like that, then you might prefer to use a laxer rule, such as:
    #   location ~ \.php(/|$) {
    # The laxer rule will continue to work if Drupal uses this new URL pattern with front
    # controllers other than update.php in a future release.
    location ~ '\.php$|^/update.php' {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_intercept_errors on;
        # fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    }

    # Fighting with Styles? This little gem is amazing.
    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
        try_files $uri @rewrite;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
}

 

Add new comment

Filtered HTML

  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.