I updated my earlier instructions on setting up a secure Ubuntu server. I added notes about setting up fail2ban, which protects your server from repeated login attempts or brute force attacks.
In the course of setting up some new sites on a server, I realized there was a gap between those notes on initial setup of the server, and my other notes on configuring and getting started with drupal. So here here are some notes on configuring apache and drupal 6 with multi-site support and support for secure logins using the securepages module.
This assumes you already have an ubuntu or debian server up and running
with apache2, mysql, and php installed as seen in these earlier instructions.
PHP5-GD Module and Mod-Rewrite
Install the php5-gd module (required by drupal, moodle, others for
resizing images and so forth):
sudo apt-get install php5-gd
Enable the apache2 mod-rewrite module (required for clean url support
sudo a2enmod rewrite
Edit the file /etc/apache2/sites-available/default, and in the “Directory /var/www/”
Make this change also to the /etc/apache2/sites-available/default-ssl file when it is available. If you aren’t familiar with how to edit a file on the command line, use “sudo nano (filename)” to edit.
Enable Apache2 SSL support
This will increase the security of your website by encrypting communications for certain pages. Here are the instructions online for how to enable ssl support (scroll down to the “Enabling SSL” section). You can read your local copy of this README by running:
sudo gunzip /usr/share/doc/apache2.2-common/README.Debian.gz more /usr/share/doc/apache2.2-common/README.Debian
To enable SSL support, run these commands:
sudo a2ensite default-ssl sudo a2enmod ssl
sudo /etc/init.d/apache2 restart
Here’s another tutorial on this too if you want to sign your own certificate. These “self-signed” certificates will cause firefox to throw an error, and you’ll have to tell firefox to make an exception. For me that’s acceptable, but if it isn’t for you, you’ll have to purchase an ssl certificate.
Otherwise, to regenerate the default ssl certificate: (if apache2 gives you an error when you restart it or if your hostname changed)
sudo -s make-ssl-cert generate-default-snakeoil --force-overwrite exit
“sudo -s” switches you to the root user, and “exit” switches you back to your own user.
Set up PHPMyAdmin
sudo apt-get install phpmyadmin
(configure for apache-ssl if given a choice)
Add this line to /etc/apache2/sites-enabled/default-ssl:
Restart apache2: sudo /etc/init.d/apache2 restart
and visit the ssl version of your site to see phpmyadmin:
Remember you need to tell firefox to make an exception for your self-signed certificate. You’ll be able to login with username “root” and the mysql root password as soon as you specify it in the next step:
Create MySQL root password
First make sure you have a password for the mysql root user:
sudo dpkg-reconfigure mysql-server-5.0
Enter the password you want to use (twice), and make that password a good one. Write it down or save it somewhere safe.
Create database users for Drupal/Moodle/etc.
Login with “root” and that password in phpmyadmin using the https secure url: https://yoursite/phpmyadmin
Click on the link to “Privileges” and then the link to “Add a new user”.
Fill out the form. You might call the user “drupalsite1″ for example or
“moodledb”. Generate a strong password (write it down), and under “Database for user” check the radio button to “Create database with same name and grant all privileges”. Don’t check any global privileges.
Click the “Go” button at the bottom right and that will create a user
and database with the same name in one fell swoop. Remember the name
and password for when you install and configure drupal, moodle, or
whatever. Repeat these instructions (from “Add a new user” on) if you
plan on installing multiple php tools that use mysql. You’ll want a user for each drupal sub-site/sub-domain you are planning on running. A multi-site install lets you share the same drupal php files, but each site still needs its own database and settings.php file.
Download, install, and configure Drupal
See drupal.org for the latest version to download. If you want to avoid a lot of these “sudo” commands below, try a command like this (assuming you are in the admin group):
sudo chown -R root.admin /var/www
In the instructions below though, I use sudo. To download and install drupal:
mkdir ~/downloads cd ~/downloads wget http://ftp.drupal.org/files/projects/drupal-6.10.tar.gz tar xzvf drupal-6.10.tar.gz cd drupal-6.10 sudo cp -R * /var/www/ sudo cp .htaccess /var/www/ #remove old index.html file (replaced by index.php) sudo rm /var/www/index.html #create upload folder that server can write to: cd /var/www/sites/default sudo mkdir files sudo chown www-data.www-data files sudo cp default.settings.php settings.php sudo chown www-data.www-data settings.php
Now visit your site (http://yousite/) and run through the drupal installation. Enter the database name and password you created just for your default drupal site.
Drupal Multi-Site Configuration
This assumes you have created some other domain names (CNAMEs) for your server, or you want to install drupal at some sub-paths (http://yoursites/drupal2site).
See these instructions on drupal multi-site to guide you. I’ll assume the 2nd domain name is called “second.domain.edu” below:
cd /var/www/sites sudo mkdir second.domain.edu sudo cp default/default.settings.php second.domain.edu/settings.php cd second.domain.edu sudo mkdir files sudo chown www-data.www-data files sudo chown www-data.www-data settings.php
Visit http://second.domain.edu and install drupal again. This time using a different mysql user and database name. It is possible for multiple drupal sites to share one database though, by entering a different table prefix each time (see advanced options in drupal installer).
Setting up drush for easier Drupal management
Drush is a command line tool that makes it easier to install new modules and do other tasks. Right now the drupal 6 version is in flux, but it does work basically when I tested it.
Find the right tar.gz drush file to download. At the present, I have to download the cvs HEAD version for drupal 6:
cd /var/www/sites/all sudo mkdir modules cd modules sudo wget http://ftp.drupal.org/files/projects/drush-HEAD.tar.gz sudo tar xzvf drush-HEAD.tar.gz cd drush #see the README file sudo ln -s /var/www/sites/all/modules/drush/drush.php /usr/bin/drush
Now you can run “drush help” on the command line to test it. To actually install modules, you’ll want to prefix drush with “sudo ” unless you ran my earlier “sudo chown -R root.admin /var/www” command.
To install a module, change to the root directory of your drupal site [/var/www or /var/www/sites/(sitename)] run “drush dl (modulename)”. For example to install the pathauto module:
cd /var/www sudo drush dl pathauto
If you are in /var/www when you run the command, it will put the module in the sites/all/modules/ folder. That means all your sub-sites can use that module. If you want a module just for one sub-site, create a ‘modules’ folder under sites/(sitename) and cd into sites/(sitename) first before running drush.
See the drush page for more commands that work. In drupal 6, that’s the only command that works at the moment.
Have Drupal use SSL for logins
Run “sudo drush dl securepages”, and assuming that was successful, go to http://yoursite/admin/build/modules and enable the securepages module. Now change the url to https instead of http and visit the securepages configuration page to turn it on: https://yoursite/admin/build/securepages
Drupal module list
Here are some other modules I’ve been using. I haven’t checked them all for drupal 6 compatibility yet (ones marked with a ?).
securepages backup_migrate mollom poormanscron (if you can't run cron) print pathauto globalredirect path_redirect comment_notify ed_readmore fckeditor IMCE htmlcorrector webform date calendar advanced_help cck views contemplate panels? og og_mandatory_group wikitools? diff talk? freelinking interwiki? rules google_analytics
Ones I’m less certain I’ll be using in drupal 6:
image feedapi autologout autotimezone import_html invisimail jstools jq ldap_integration ldap_provisioning logintoboggan nodetype node_import user_import nice_menus prepopulate private similarterms site_map site_tour smtp tagadelic video_filter
See my Getting of the Ground with Drupal post for more info.