How to get from Fresh install of LEMP server with MariaDB to up-and-running Drupal install with EV SSL?

Heya,

Setting up a secure and high-performance DigitalOcean droplet with LEMP (Linux, Nginx, MariaDB, PHP) stack, HSTS, EV SSL certificate, Drupal 8, and additional performance tools can indeed be a great foundation for your websites. I’ll provide you with a step-by-step guide to achieve this. As a precaution, before following these steps, make sure to have backups of your data, as some of the steps may involve making changes to the server.

Let’s get started:

1. Create a DigitalOcean Droplet:

• Sign in to your DigitalOcean account and create a new droplet.
• Choose Ubuntu as the distribution and select an appropriate plan with enough resources for your needs.

2. Initial Server Setup:

• Once your droplet is created, connect to it via SSH using Terminal on your Mac.
• Update the package lists and upgrade the system:

sudo apt update
sudo apt upgrade

• Set up a non-root user with sudo privileges:

adduser your_username
usermod -aG sudo your_username

• Exit the root session and log in as the newly created user:

su - your_username

3. Install LEMP Stack:

• Install Nginx:

sudo apt install nginx

• Install MariaDB:

sudo apt install mariadb-server

• Secure your MariaDB installation:

sudo mysql_secure_installation

• Install PHP and necessary modules:

sudo apt install php-fpm php-mysql php-curl php-gd php-intl php-mbstring php-xml php-xmlrpc php-zip

4. Configure Nginx for Drupal:

• Create a new Nginx server block for your Drupal site:

sudo nano /etc/nginx/sites-available/your_domain

Add the following configuration (replace “your_domain” with your actual domain/subdomain):

server {
    listen 80;
    server_name your_domain www.your_domain;

    root /var/www/your_domain;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

• Enable the Nginx server block and restart Nginx:

sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

5. Obtain and Install Let’s Encrypt SSL Certificate:

• Install Certbot to automate SSL certificate management:

sudo apt install certbot

• Obtain an EV SSL certificate for your domain:

sudo certbot certonly --nginx -d your_domain -d www.your_domain

6. Enable HTTP Strict Transport Security (HSTS):

• Open your Nginx configuration file again:

sudo nano /etc/nginx/sites-available/your_domain

• Add the HSTS header to your server block:

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains

• Save the file and restart Nginx:

sudo nginx -t 
sudo systemctl restart nginx

7. Install Drupal:

• Download the latest Drupal version:

cd /tmp
wget https://www.drupal.org/download-latest/tar.gz
tar -xvzf tar.gz

• Move the Drupal files to your website’s directory:

sudo mv /tmp/drupal-*/* /var/www/your_domain/

• Set proper permissions

sudo chown -R www-data: /var/www/your_domain/

8. Configure Drupal:

• Create a new database and user for Drupal in MariaDB:

sudo mysql -u root -p

CREATE DATABASE drupaldb;
CREATE USER 'drupaluser'@'localhost' IDENTIFIED BY 'your_password';
GRANT ALL ON drupaldb.* TO 'drupaluser'@'localhost';
FLUSH PRIVILEGES;
EXIT;

• Complete the Drupal installation by visiting your domain (e.g., http://your_domain) in your browser. Additional Performance Tools:

• To improve performance, you can consider using Redis for caching, Varnish for HTTP acceleration, and enabling gzip compression in Nginx. Each tool requires additional configuration, so you can implement them one by one, depending on your specific needs and requirements.