Drupal是一种用PHP编写的开源内容管理软件，并在GPL下分发。
它具有很大的标准功能，如简单的内容创作，性能可靠，安全性优异。
灵活性和模块化是其核心原则之一，将其与休息相结合。
它有几个工具，可构建动态Web体验所需的多功能和结构化内容。

Drupal 8是Drupal历史上最大的更新。
创建内容在此方面更容易。
每个内置主题都被响应地设计。
它有100种语言可用，其集成工具使其成为复杂生态系统的伟大集线器。

在本文中，我将演示如何在我们最新的Debian 9服务器上使用Letsencrypt SSL安装此Drupal 8.
让我们逐一走过安装步骤。

要求

• 一个全功能的Debian Server
• lamp(apache，mariadb和php)设置

1)开始

始终建议在任何安装之前将服务器包更新到稳定的。
我们可以通过运行更新命令来执行此操作，如下所示：

#apt-get update -y

此外，我们可以添加一些常用的工具，我们将通过我们的安装提供帮助。

#apt-get install wget git unzip nano -y

2)安装Apache，MariaDB和PHP

在我们从Drupal安装开始之前，我们将需要运行的Web服务器和数据库服务器。
在本文中，我们将使用Apache2，PHP7和MariaDB使用，我们可以在我们的包管理器工具的帮助下轻松安装它们。

首先，首先使用以下命令安装Apache Web服务器：

# apt-get install apache2 -y

安装后，我们需要启动Apache服务，并启用它在下一个系统启动时自动启动。
为此，请运行以下命令：

# systemctl start apache2
# systemctl enable apache2
Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apache2
root@debian:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2016-07-19 13:12:00 UTC; 36s ago
Main PID: 12639 (apache2)
CGroup: /system.slice/apache2.service
├─12639 /usr/sbin/apache2 -k start
├─12641 /usr/sbin/apache2 -k start
└─12642 /usr/sbin/apache2 -k start

其次，我们需要通过运行以下命令来使用所需模块安装PHP：

# apt-get install php7.0 libapache2-mod-php7.0 php7.0-cli php7.0-mcrypt php7.0-intl php7.0-mysql php7.0-curl php7.0-gd php7.0-soap php7.0-xml php7.0-zip -y

接下来，我们需要在我们的配置文件/etc/php/7.0/CLI/PHP中修改一些变量。

INI根据我们的服务器资源如下：

memory_limit = 512M
date.timezone = UTC
cgi.fix_pathinfo=0
upload_max_filesize = 10M
post_max_size = 10M
After making these changes don't forget to restart the Apache server.

现在我们需要安装我们的数据库服务器。
我们可以通过运行以下命令来安装它：

# apt-get install mariadb-server -y

安装后，我们需要启动MariaDB服务并使其在下一个系统启动时自动启动。
为此，请运行以下命令：

# systemctl start mysql
# systemctl enable mysql
Synchronizing state of mysql.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable mysql
root@debian:~# systemctl status mysql
● mariadb.service - MariaDB database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2016-07-19 13:26:43 UTC; 43s ago
Main PID: 26526 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─26526 /usr/sbin/mysqld

接下来，我们需要保护数据库服务器。
我们可以运行以下命令来保护MariaDB数据库并设置root密码：

# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:docker123
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

3)创建Drupal数据库

我们需要为我们的Drupal安装创建一个数据库和用户，以执行此操作，请执行以下命令：

.# mysql -u root -p
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.1.23-MariaDB-9+deb9u1 Debian 9.0
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE drupal_db;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES on drupal_db.* to 'drupaluser'@'localhost' identified by 'drupal123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit

我们已连接到MySQL Shell，并创建了一个名为"drupal_db"的数据库，为用户"drupaluser"为Drupal安装。

4)下载并安装Drupal 8.3.5

我们可以从官方下载并安装Drupal。

我从他们的下载了最新的可用Drupal软件。

# wget https://ftp.drupal.org/files/projects/drupal-8.3.5.zip

Afterward, extract the downloaded zip file and move the extracted Drupal directory to the Drupal root directory (/var/www/html/drupal/) which we have meant for the Drupal installation.
# unzip drupal-8.3.5.zip
# mv drupal-8.3.5 /var/www/html/drupal
# chmod -R 777 /var/www/html/drupal

5)使用Letsencrypt为Drupal域创建SSL

我打算在域名NodenixBox.COM上设置Drupal。
因此，我需要为此域设置SSL以保护我的Drupal安装。
在Let’s Encrypt 安装之前需要安装这些包中的两个。
BC是"任意精密语言计算器。
它用于Let’s Encrypt 软件中的自动续订脚本。
我们可以使用以下命令安装这些包：

#apt-get install git bc -y

一旦完成，我们就可以轻松下载让我们通过克隆到GitHub中的存储库来加密。

# git clone https://github.com/letsencrypt/letsencrypt

现在，我们可以移动到我们的LetSencrypt安装文件夹并运行此命令以发出SSL证书。

# ./letsencrypt-auto certonly --standalone --email [email protected] --agree-tos -d nodenixbox.com

------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
------------------------------------------------------------------------------
(Y)es/(N)o: yes
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for nodenixbox.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/nodenixbox.com/fullchain.pem. Your cert will
expire on 2016-10-18. To obtain a new or tweaked version of this
certificate in the future, simply run letsencrypt-auto again. To
non-interactively renew *all* of your certificates, run
"letsencrypt-auto renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG/Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

6)为Drupal域创建虚拟主机

首先，我们需要为Drupal创建Apache虚拟主机文件。
为此，创建一个新的drupal。
conf文件中内部/etc/apache2/sites可用/目录从那里复制默认的vhost格式：

# cp -rp 000-default.conf drupal.conf

之后，我们可以根据我们的域名和文档root修改虚拟主机。

:/etc/apache2/sites-available# cat drupal.conf 
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName nodenixbox.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/drupal/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

一旦完成，我们就可以启用虚拟主机，并使用以下命令启用重写模块：

# a2ensite drupal
Enabling site drupal.
To activate the new configuration, you need to run:
systemctl reload apache2
# a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
systemctl restart apache2
# systemctl restart apache2

我们只需要在这些更改后确保重新启动Apache服务。

7)使用Letsencrypt SSL确保Drupal安装

inorder来保护我们的Drupal安装，我们需要为我们的域启用SSL虚拟主机。
我们可以通过将/etc/apache2/sites可用/文件夹中的默认SSL虚拟主机复制到Drupal-SSL来执行此操作。
CONF并通过我们的Letsencrypt SSL详细信息修改它。

# cp -rp default-ssl.conf drupal-ssl.conf

并修改这些部分以使我们的Drupal域启用SSL。

# cat drupal-ssl.conf 
<IfModule mod_ssl.c>
<VirtualHost nodenixbox.com:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/drupal/
SSLCertificateFile /etc/letsencrypt/live/nodenixbox.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nodenixbox.com/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

</VirtualHost>
</IfModule>

修改虚拟主机后，我们需要启用SSL并重新启动Apache。

# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
systemctl restart apache2
#systemctl restart apache2

8)访问Drupal Web界面

我们现在已安装和配置Drupal域。
接下来，我们需要通过Web浏览器完成Drupal安装访问。
我们可以访问URL >> https：//nodenixbox. COM /上的Drupal接口。

我们应该看到第一页选择首选语言。

我选择英语语言，然后单击"保存"并继续按钮，这将带我们到下一页：

选择首选安装配置文件，然后单击"保存"并继续按钮，然后验证所有要求，然后单击"保存"并继续按钮。
我们应该看到以下图片：

现在，我们可以添加为Drupal域配置的数据库详细信息，然后单击"保存"并继续继续安装。

接下来，我们可以配置Drupal域页，提供名称，管理员用户名和密码，然后单击"保存"并继续按钮开始安装Drupal。
安装Drupal后，我们应该在下图中看到Drupal Dashboard：

就这样！我们已在Debian 9服务器上成功安装了Drupal。
现在，我们可以根据要求继续和配置Drupal。

对于进一步的文档，我们可以访问Drupal项目提供的官方文档。