slug | title | description | authors | contributors | published | keywords | aliases | license | tags | deprecated | deprecated_link | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
update-and-secure-drupal-8-on-ubuntu |
Update and Secure Drupal 8 on Ubuntu or Debian |
This guide will show you how to update and secure an installation of Drupal 8 CMS on your Linode running Ubuntu or Debian. |
|
|
2016-05-11 |
|
|
[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0) |
|
true |
websites/cms/drupal/how-to-update-drupal-8-on-ubuntu-18-04/ |
Drupal 8 is the latest version of the popular Drupal content management system. While a simple incremental update feature is included in version 8.1, manual core updates are required for all preceding versions. This guide demonstrates how to manually install an incremental Drupal 8 update on your Linode. This guide assumes you have a functional Drupal 8 installation running on Apache and Debian or Ubuntu.
-
Ensure that you have completed the following guides:
-
Confirm the name of your site's Document Root folder by running the following command on your Linode:
ls /var/www/html
-
Update your system:
sudo apt-get update && sudo apt-get upgrade
{{< note >}}
- This guide will use
sudo
wherever possible. - You may need additional firewall rules for your specific application.
- Replace each instance of
example.com
anduser
with the names appropriate to your site, and203.0.113.52
with your Linode's IP address or domain name. {{< /note >}}
Back up existing files and move the archive into the backups directory. This process can also be scripted and run on a regular basis using cron:
cd /var/www/html/example.com/public_html
sudo tar -cvzf example.com-BCKP-$(date +%Y%m%d).tar.gz ./
sudo mv -v example.com-BCKP-*.tar.gz ../backups
-
Log in to your Drupal site and navigate to the Admin Toolbar. Click Reports, then Available updates.
{{< note respectIndent=false >}} If Available updates is not listed, enable the Update Manager plugin under Extend. {{< /note >}}
-
Right click "Download" to the right of the desired version and copy the link address:
-
Connect to your Linode over SSH:
ssh user@203.0.113.52
-
Navigate to the Apache DocumentRoot directory. Download the new file by using
wget
and pasting the link address you copied from Step 2:cd /var/www/html/example.com wget https://ftp.drupal.org/files/projects/drupal-8.1.1.tar.gz
-
Back in your browser navigate to Configuration, Development, then Maintenance mode.
-
Check the box next to "Put site into maintenance mode." Enter a message if desired, and click Save Configuration.
-
While in the site's
public_html
folder on your Linode, remove existing files and folders exceptsites
andprofiles
:sudo rm -ifr autoload.php composer.* example.gitignore index.php LICENSE.txt README.txt robots.txt update.php web.config && sudo rm -ifr core/ modules/ vendor/ themes/
-
Go up one directory, then expand the update into your
public_html
folder. Replacedrupal-8.1.1.tar.gz
with the current update:cd .. sudo tar -zxvf drupal-8.1.1.tar.gz --strip-components=1 -C public_html
-
From a browser on your local machine, navigate to
example.com/update.php
:{{< note respectIndent=false >}} If
update.php
does not load or returns a 403 Forbidden error, you can try to change the ownership and permissions of the newly expanded files:chgrp www-data /var/www/html/example.com/public_html/sites/default/files chmod 775 /var/www/html/example.com/public_html/sites/default/files chmod 757 /var/www/html/example.com/public_html/sites/default/settings.php {{< /note >}}
-
Follow the prompts to continue the update.
-
If installing additional modules or configuring additional security settings, proceed to the Additional Security section below. Return to Step 6 once those configurations are complete.
-
Rebuild the site's cache by clicking Configuration in the Admin Toolbar, then Performance under Development. Click Clear all caches.
-
Click Reports in the Admin Toolbar, then Status report.
-
From your Linode, open
/var/www/html/example.com/public_html/sites/default/settings.php
and confirm that$update_free_access = FALSE
. -
If everything looks good, take the site out of maintenance mode described above by unchecking the box next to "Put site into maintenance mode."
-
Increase password security by adding the following to
services.yml
:{{< file "/var/www/html/example.com/public_html/sites/default/services.yml" yaml >}}
services: password: class: Drupal\Core\Password\PhpassHashedPassword arguments: [19]
{{< /file >}}
{{< note respectIndent=false >}}
You may need to add write permission to this file before you can edit it:
chmod u+w /var/www/html/example.com/public_html/sites/default/services.yml {{< /note >}}
- Consider installing additional security modules from the Drupal Project Module:
- Secure Login enforces secure authenticated session cookies
- Password Policy: Define a user password policy
- Security Review: Automated security testing