Setting up Apache, Secure SSL Drupal Logins, and Drupal multi-site support on Ubuntu

I updated my earlier instructions on setting up a secure Ubuntu server. I added notes about setting up fail2ban, which protects your server from repeated login attempts or brute force attacks.

In the course of setting up some new sites on a server, I realized there was a gap between those notes on initial setup of the server, and my other notes on configuring and getting started with drupal. So here here are some notes on configuring apache and drupal 6 with multi-site support and support for secure logins using the securepages module.

Instructions

This assumes you already have an ubuntu or debian server up and running
with apache2, mysql, and php installed as seen in these earlier instructions.

PHP5-GD Module and Mod-Rewrite

Install the php5-gd module (required by drupal, moodle, others for
resizing images and so forth):

sudo apt-get install php5-gd

Enable the apache2 mod-rewrite module (required for clean url support
in drupal):

sudo a2enmod rewrite

Edit the file /etc/apache2/sites-available/default, and in the “Directory /var/www/”
section, change:

AllowOverride None

to

AllowOverride all

Make this change also to the /etc/apache2/sites-available/default-ssl file when it is available. If you aren’t familiar with how to edit a file on the command line, use “sudo nano (filename)” to edit.

Enable Apache2 SSL support

This will increase the security of your website by encrypting communications for certain pages. Here are the instructions online for how to enable ssl support (scroll down to the “Enabling SSL” section). You can read your local copy of this README by running:

sudo gunzip /usr/share/doc/apache2.2-common/README.Debian.gz
more /usr/share/doc/apache2.2-common/README.Debian

To enable SSL support, run these commands:

sudo a2ensite default-ssl
sudo a2enmod ssl

Restart apache2:

sudo /etc/init.d/apache2 restart

Here’s another tutorial on this too if you want to sign your own certificate. These “self-signed” certificates will cause firefox to throw an error, and you’ll have to tell firefox to make an exception. For me that’s acceptable, but if it isn’t for you, you’ll have to purchase an ssl certificate.

Otherwise, to regenerate the default ssl certificate: (if apache2 gives you an error when you restart it or if your hostname changed)

sudo -s
make-ssl-cert generate-default-snakeoil --force-overwrite
exit

“sudo -s” switches you to the root user, and “exit” switches you back to your own user.

Set up PHPMyAdmin

sudo apt-get install phpmyadmin

(configure for apache-ssl if given a choice)

Add this line to /etc/apache2/sites-enabled/default-ssl:

Include /etc/phpmyadmin/apache.conf

Restart apache2: sudo /etc/init.d/apache2 restart
and visit the ssl version of your site to see phpmyadmin:

https://yoursite/phpmyadmin

Remember you need to tell firefox to make an exception for your self-signed certificate. You’ll be able to login with username “root” and the mysql root password as soon as you specify it in the next step:

Create MySQL root password

First make sure you have a password for the mysql root user:

sudo dpkg-reconfigure mysql-server-5.0

Enter the password you want to use (twice), and make that password a good one. Write it down or save it somewhere safe.

Create database users for Drupal/Moodle/etc.

Login with “root” and that password in phpmyadmin using the https secure url: https://yoursite/phpmyadmin

Click on the link to “Privileges” and then the link to “Add a new user”.

Fill out the form. You might call the user “drupalsite1″ for example or
“moodledb”. Generate a strong password (write it down), and under “Database for user” check the radio button to “Create database with same name and grant all privileges”. Don’t check any global privileges.

Click the “Go” button at the bottom right and that will create a user
and database with the same name in one fell swoop. Remember the name
and password for when you install and configure drupal, moodle, or
whatever. Repeat these instructions (from “Add a new user” on) if you
plan on installing multiple php tools that use mysql. You’ll want a user for each drupal sub-site/sub-domain you are planning on running. A multi-site install lets you share the same drupal php files, but each site still needs its own database and settings.php file.

Download, install, and configure Drupal

See drupal.org for the latest version to download. If you want to avoid a lot of these “sudo” commands below, try a command like this (assuming you are in the admin group):

sudo chown -R root.admin /var/www

In the instructions below though, I use sudo. To download and install drupal:

mkdir ~/downloads
cd ~/downloads
wget http://ftp.drupal.org/files/projects/drupal-6.10.tar.gz
tar xzvf drupal-6.10.tar.gz
cd drupal-6.10
sudo cp -R * /var/www/
sudo cp .htaccess /var/www/

#remove old index.html file (replaced by index.php)
sudo rm /var/www/index.html

#create upload folder that server can write to:
cd /var/www/sites/default
sudo mkdir files
sudo chown www-data.www-data files
sudo cp default.settings.php settings.php
sudo chown www-data.www-data settings.php

Now visit your site (http://yousite/) and run through the drupal installation. Enter the database name and password you created just for your default drupal site.

Drupal Multi-Site Configuration

This assumes you have created some other domain names (CNAMEs) for your server, or you want to install drupal at some sub-paths (http://yoursites/drupal2site).

See these instructions on drupal multi-site to guide you. I’ll assume the 2nd domain name is called “second.domain.edu” below:

cd /var/www/sites
sudo mkdir second.domain.edu
sudo cp default/default.settings.php second.domain.edu/settings.php
cd second.domain.edu
sudo mkdir files
sudo chown www-data.www-data files
sudo chown www-data.www-data settings.php

Visit http://second.domain.edu and install drupal again. This time using a different mysql user and database name. It is possible for multiple drupal sites to share one database though, by entering a different table prefix each time (see advanced options in drupal installer).

Setting up drush for easier Drupal management

Drush is a command line tool that makes it easier to install new modules and do other tasks. Right now the drupal 6 version is in flux, but it does work basically when I tested it.

Find the right tar.gz drush file to download. At the present, I have to download the cvs HEAD version for drupal 6:

cd /var/www/sites/all
sudo mkdir modules
cd modules
sudo wget http://ftp.drupal.org/files/projects/drush-HEAD.tar.gz
sudo tar xzvf drush-HEAD.tar.gz
cd drush #see the README file
sudo ln -s /var/www/sites/all/modules/drush/drush.php /usr/bin/drush

Now you can run “drush help” on the command line to test it. To actually install modules, you’ll want to prefix drush with “sudo ” unless you ran my earlier “sudo chown -R root.admin /var/www” command.

To install a module, change to the root directory of your drupal site [/var/www or /var/www/sites/(sitename)] run “drush dl (modulename)”. For example to install the pathauto module:

cd /var/www
sudo drush dl pathauto

If you are in /var/www when you run the command, it will put the module in the sites/all/modules/ folder. That means all your sub-sites can use that module. If you want a module just for one sub-site, create a ‘modules’ folder under sites/(sitename) and cd into sites/(sitename) first before running drush.

See the drush page for more commands that work. In drupal 6, that’s the only command that works at the moment.

Have Drupal use SSL for logins

Run “sudo drush dl securepages”, and assuming that was successful, go to http://yoursite/admin/build/modules and enable the securepages module. Now change the url to https instead of http and visit the securepages configuration page to turn it on: https://yoursite/admin/build/securepages

Drupal module list

Here are some other modules I’ve been using. I haven’t checked them all for drupal 6 compatibility yet (ones marked with a ?).

securepages
backup_migrate
mollom
poormanscron (if you can't run cron)

print
pathauto
globalredirect
path_redirect

comment_notify
ed_readmore

fckeditor
IMCE
htmlcorrector

webform
date
calendar
advanced_help

cck
views
contemplate
panels?

og
og_mandatory_group
wikitools?
diff
talk?
freelinking
interwiki?

rules
google_analytics

Ones I’m less certain I’ll be using in drupal 6:

image
feedapi
autologout
autotimezone
import_html
invisimail
jstools
jq
ldap_integration
ldap_provisioning
logintoboggan
nodetype
node_import
user_import
nice_menus
prepopulate
private
similarterms
site_map
site_tour
smtp
tagadelic
video_filter

See my Getting of the Ground with Drupal post for more info.

About these ads
Posted in drupal, opensource, technology
3 comments on “Setting up Apache, Secure SSL Drupal Logins, and Drupal multi-site support on Ubuntu
  1. Jim says:

    Added to < HREF="http://DrupalSightings.com" REL="nofollow">DrupalSightings.com<>

  2. greggles says:

    Consider also the Securepages Hijack Prevention module:http://drupal.org/project/securepages_prevent_hijackWhich improves the security of “mixed-mode” sites that offer both ssl and non-ssl pages.

  3. Brian Puccio says:

    Regarding drush, it no longer goes in the modules directory. In fact, the project page says “the new drush is a separate program from drupal that lives outside of web root.”

    Also, I’m able to use all other commands on a D6 site.

Comments are closed.

Doug Holton

Doug Holton

developing educational technology

Archives

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 3,383 other followers

Follow

Get every new post delivered to your Inbox.

Join 3,383 other followers

%d bloggers like this: