sudo chown -R MYUSER:www-data *
sudo find . -type d -exec chmod 755 {} \;
sudo find . -type f -exec chmod 640 {} \;
sudo find sites/default/files/config* -type f -exec chmod 664 {} \;
- It is best to disable user 1 using drush, (you can enable when you need it).
drush user-block 1
- To re-enable user1
drush user-unblock 1
- Best to use open source CA authority project - Let's Encrypt. Instructions found at Let's Encrypt
- The keys must be updated on a regular basis - every 3 months.
- If you have server and root access, it is best to use the highest level httpd.conf file to configure the redirect. IE - /opt/USER/apache2/httpd.conf. You can also place in virtual host file, or downstream application folder. Keeping it simple though by making th entire server redirect, is easier in my opinion.
- Redirect - add to the web server config under the virtual host for port 80:
DocumentRoot "/opt/bitnami/apache2/htdocs"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
- Generate SSH keys if you don't already have them locally.
- For SSH - use bash terminal to connect with server. Depends on cloud provider instructions.
- For PuTTY - Putty Link - Search Google for Your Server OS
- Create DOCROOT directory and index.php file:
chdir('..');
require 'index.php';
- Create links for other files like Robot.txt
cd docroot
ln -s ../robots.txt
ln -s ../.htaccess
- Redirect Webserver to new DOCROOT directory.
- Make a files directory under DOCROOT
- Change in settings.php
$settings['file_public_path'] = 'docroot/files';
// Replace http://drupal-8.localhost with your site's URL or $base_url if you have defined that.
$settings['file_public_base_url'] = 'http://drupal-8.localhost/files';
- Solution from Klaus Purer. For detail instructions including asset sync click here.
- Ensure CRON is running for status and module updates.
- Implement updates as soona as possible.
- If you receive error:
Warning: file_put_contents(private://.htaccess): failed to open stream: "Drupal\Core\StreamWrapper\PrivateStream::stream_open" call failed in file_save_htaccess() (line 366 of core/includes/file.inc).
OR
See https://www.drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the /opt/bitnami/apps/drupal/htdocs/sites/default/private directory to help protect against arbitrary code execution.
- For files, private and temporary directories ensure that you have the following .htaccess file. Only change in these directories.
# Turn off all options we don't need.
Options -Indexes -ExecCGI -Includes -MultiViews
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we're run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
</Files>
# If we know how to do it safely, disable the PHP engine entirely.
<IfModule mod_php5.c>
php_flag engine off
</IfModule>