Question

How to get from Fresh install of LEMP server with MariaDB to up-and-running Drupal install with EV SSL?

Hi there,

I’m trying to set up a secure, high performance server for sites that I can configure in a step-by-step manner. Here’s the goal:

  • LEMP
  • MariaDB
  • NGINX
  • HSTS (EV SSL cert)
  • Will want to replicate for many sites
  • On a Mac
  • Several subdomains
  • Drupal 8
  • Maximum speed, compression, and efficiency tools you can suggest (redis, varnish, gzip)

I’ve done some server stuff in the past, but it’s not my forte and I’d rather follow the guidance of a pro than risk missing details or deploying something unstable/unsafe.

Thanks in advance!

Best, Phil


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
July 28, 2023

Heya,

Setting up a secure and high-performance DigitalOcean droplet with LEMP (Linux, Nginx, MariaDB, PHP) stack, HSTS, EV SSL certificate, Drupal 8, and additional performance tools can indeed be a great foundation for your websites. I’ll provide you with a step-by-step guide to achieve this. As a precaution, before following these steps, make sure to have backups of your data, as some of the steps may involve making changes to the server.

Let’s get started:

  1. Create a DigitalOcean Droplet:
  • Sign in to your DigitalOcean account and create a new droplet.
  • Choose Ubuntu as the distribution and select an appropriate plan with enough resources for your needs.
  1. Initial Server Setup:
  • Once your droplet is created, connect to it via SSH using Terminal on your Mac.
  • Update the package lists and upgrade the system:
sudo apt update
sudo apt upgrade
  • Set up a non-root user with sudo privileges:
adduser your_username
usermod -aG sudo your_username
  • Exit the root session and log in as the newly created user:
su - your_username
  1. Install LEMP Stack:
  • Install Nginx:
sudo apt install nginx
  • Install MariaDB:
sudo apt install mariadb-server
  • Secure your MariaDB installation:
sudo mysql_secure_installation
  • Install PHP and necessary modules:
sudo apt install php-fpm php-mysql php-curl php-gd php-intl php-mbstring php-xml php-xmlrpc php-zip
  1. Configure Nginx for Drupal:
  • Create a new Nginx server block for your Drupal site:
sudo nano /etc/nginx/sites-available/your_domain

Add the following configuration (replace “your_domain” with your actual domain/subdomain):

server {
    listen 80;
    server_name your_domain www.your_domain;

    root /var/www/your_domain;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

  • Enable the Nginx server block and restart Nginx:
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
  1. Obtain and Install Let’s Encrypt SSL Certificate:
  • Install Certbot to automate SSL certificate management:
sudo apt install certbot
  • Obtain an EV SSL certificate for your domain:
sudo certbot certonly --nginx -d your_domain -d www.your_domain
  1. Enable HTTP Strict Transport Security (HSTS):
  • Open your Nginx configuration file again:
sudo nano /etc/nginx/sites-available/your_domain
  • Add the HSTS header to your server block:
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains
  • Save the file and restart Nginx:
sudo nginx -t 
sudo systemctl restart nginx
  1. Install Drupal:
  • Download the latest Drupal version:
cd /tmp
wget https://www.drupal.org/download-latest/tar.gz
tar -xvzf tar.gz
  • Move the Drupal files to your website’s directory:
sudo mv /tmp/drupal-*/* /var/www/your_domain/
  • Set proper permissions
sudo chown -R www-data: /var/www/your_domain/
  1. Configure Drupal:
  • Create a new database and user for Drupal in MariaDB:
sudo mysql -u root -p
CREATE DATABASE drupaldb;
CREATE USER 'drupaluser'@'localhost' IDENTIFIED BY 'your_password';
GRANT ALL ON drupaldb.* TO 'drupaluser'@'localhost';
FLUSH PRIVILEGES;
EXIT;
  • Complete the Drupal installation by visiting your domain (e.g., http://your_domain) in your browser. Additional Performance Tools:

  • To improve performance, you can consider using Redis for caching, Varnish for HTTP acceleration, and enabling gzip compression in Nginx. Each tool requires additional configuration, so you can implement them one by one, depending on your specific needs and requirements.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel