Drupal

From Smop.co.uk

Jump to: navigation, search
  • a2enmod rewrite (for clean URLs)
  • a2enmod deflate
    • restart apache2
  • apt-get install drupal6
    • argh, asking for root database password!
  • now visit http://localhost/drupal6/install.php
    • argh, should have separate owner and user permissions
  • Apache config:
    • set DocumentRoot to /usr/share/drupal6
    • comment out Alias for /usr/share/drupal6
    • I inserted /etc/drupal/6/htaccess into /etc/apache2/conf.d/drupal
    • /etc/drupal/6/sites/default/baseurl.php:
  • Drupal config:
    • Administer->Site configuration -> Clean URLs (set to enabled)
  • Filter modules (extact into /usr/share/drupal6/modules, enabled in "site building" -> modules: 
<a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd><span><img><h1><h2><h3><h4> <sup> <super> <sub> <small>
      • enable geshi and markdown
      • select "rearrange" to order:
        • Markdown
        • HTML filter
        • line break converter
        • URL filter
        • GeSHi filter
        • HTML corrector
      • add "<span>" and "<img>" to allowed tags
      • also creat a new input format "Markdown HTML":
        • admin user only
        • GeSHI module, HTML correctory, Line break converter, Markdown, URL Filter
    • pathauto module http://drupal.org/project/pathauto
    • throttle module
    • contact module
      • admin/build/contact
      • admin/build/menu and move from navigation to about us
    • search module
      • change permissions so that anonymous users can see this
      • set search block title to "<none>"
    • statistics module
    • taxonomy module
      • admin/content/taxonomy - add to all content types
    • image module http://drupal.org/project/image
      • apt-get install imagemagick
      • cp /usr/share/drupal6/modules/image/image.imagemagick.inc /usr/share/drupal6/includes
      • admin/settings/image-toolkit - change from GD2 to ImageMagick
      • admin/settings/image/image_import - set path to /var/lib/drupal6/image_import (chgrp, chmod g+w to www-data)
    • http://drupal.org/project/google_analytics
    • http://drupal.org/project/views
    • http://drupal.org/project/logintoboggan
      • Allow users to login with their password: enabled
      • Present login form on access denied: enabled
      • Display login successful message: enabled
      • NB: we do _not_ allow "set password" - if we do, various settings need changing (welcome text, create pre-auth role)

Date format:

  • admin/settings/date-time
  • set to 2009/09/21 or similar (rather than American format)

Content

  • Site building -> create content -> page
    • Expand "menu settings"
      • Select parent item
      • You _must_ also enter a menu link title otherwise it will _not_ have a menu entry added
      • Under site building -> menus you may also set a description (hovertext). "menu link title" is the _same_ as above
  • /admin/build/block
    • configure login block to "link" - looks much better
      • and set the block title to "<none>"

Homepage:

  • created a page
  • used path module to add an alias of "home"
  • site-information -> set homepage to "content/home"
  • set favicon, image

Themes:

Performance:

  • admin/settings/performance - enable all, normal caching, gzip
  • /etc/php/apache2/php.ini - increase memory_limit to 32M

User settings:

  • admin/user/settings
    • set Visitors can create accounts but administrator approval is required
  • create role "admin" and set permissions to "all"
  • "anonymous user" and "authenticated user" roles should have only:
    • "access comments"
    • "post comments" _only_ authenticated users (but _not_ without approval)
    • "access nodes"
    • "search content"
    • "use advanced search"
    • "access site-wide contact form"

Captchas (this for recaptcha, but I now use mollom see later):

  • download http://code.google.com/p/recaptcha/downloads/list?q=label:phplib-Latest
    • drop the recaptchalib.php file into /usr/share/drupal6/modules/recaptcha/recaptcha
  • http://drupal.org/project/captcha
  • http://drupal.org/project/recaptcha
  • sign up at recaptcha.net for keys
  • just use captcha and recapture (no mailhide etc)
  • admin/user/captcha and set:
    • comment_form reCAPTCHA
    • contact_mail_page reCAPTCHA
    • contact_mail_user reCAPTCHA
    • user_login none
    • user_login_block none
    • user_pass reCAPTCHA
    • user_register reCAPTCHA
  • persistence should be set to:
    • Omit challenges for all forms once the user has successfully responded to a challenge.
  • enable log wrong responses
  • move onto the reCAPTCHA tab:
    • enter your public and private keys from the recaptcha.net site
    • select secure connection
    • change theme to "clean"
  • now edit user permissions:
    • enable "skip CAPTCHA" for authenticated users
    • allow anonymous users to post comments

Captcha (mollom):

  • login to http://mollom.com, create an account
    • add a subscription for your site to generate public/private keys
  • enable module
  • /admin/settings/mollom/settings
    • block all submissions if there are server problems
    • add public/private keys
    • link to Mollom's privacy policy
  • /admin/settings/mollom left at defaults
    • comment - text analysis + captcha
    • site-wide contact form - text analysis + captcha
    • user contact form - text analysis + captcha
    • password - captcha
    • registration - captcha
  • disable recaptcha module
  • disable captcha module

Errors:

  • admin/settings/error-reporting
    • set error reporting to logs only (not to screen)
    • set 404 page to /content/page-not-found (and write that page)
  • handwrite /var/www/error/500.html
  • ln -sf /var/www/error /usr/share/drupal/error
  • add to /etc/apache/conf.d/drupal:
    • ErrorDocument 500 /error/500.html

Link checking:

  • http://drupal.org/project/linkchecker
    • /admin/settings/linkchecker
      • select all types _except_ comments
      • do not enable pathfilter support (we don't use it)
      • drop check interval from 4 weeks to 1 week for now
      • add 302 into ignored errors list (for privacy page)
      • report is located at /admin/reports/linkchecker

Symlinks:

  • to ensure things are backed up, we symlink some stuff:
    • /usr/share/drupal/modules/* (various) -> /etc/drupal/6/modules/*
    • /usr/share/drupal/themes/salamanderskins -> /etc/drupal/6/themes/salamanderskins

Redmine integration:

  • install path_redirect module
  • admin -> site building -> url redirect
    • node/28 -> redmine (NB: you must use node/28, not content/support

Content profile:

  • install content profile
  • /admin/content/node-type/profile
    • comment settings -> disabled
    • content profile -> tick "Use this content type as a content profile for users"

Security:

  • need to ensure username/passwords are sent encrypted
  • and that no writes happen over unencrypted connections:
  • see http://drupal.org/node/170310 and http://drupal.org/node/380326
  • in apache's SSL section:
    • php_flag session.cookie_secure On
  • in apache's drupal subsite _outside_ the Directory directive: 
  # Force the user to use https.
  RewriteCond %{HTTPS} off
  RewriteRule /(user|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R,NE]
  • http://drupal.org/project/securelogin
    • click "all releases" to see v6 version
    • reverted this - it causes lots of strange behaviour and errors
    • particularly if you enable "secure form"
    • which also repoints homepage to https
  • do _not_ use securepages (see earlier URLs)

Favicon:

  • in apache's drupal subsite _outside_ the Directory directive: 
  RewriteRule ^/favicon.ico /sites/default/files/salamanderskins_favicon_0.ico

Performance speedups:

  • use Yslow firefox plugin and http://site-perf.com
  • originally
    • Yslow grade F (score=59), 187/163KB in 24 requests
    • site-perf: 196K in 35 requests, queue~4.5-7.6, headers~2.9-3.8, body~0.84
  • add application/x-javascript text/css to /etc/apache2/mods-enabled/deflate.conf
    • Yslow grade D (score=63), 72/48KB in 24 requests
    • site-perf: 80K in 35 requests, queue~4.8-6.4, headers~3.1-4.8, body~0.60-0.68
  • add javascript_aggregator module to drupal
    • enable it and ensure "Optimize and Minify JavaScript files" is enabled in admin/settings/performance
    • Yslow grade D (score=64), 65.6/32.6KB in 24 requests
    • site-perf: 64K in 35 requests, queue~5.4-5.7, headers~2.9-3.1, body~0.43
  • apt-get install php5-xcache (use 1.2.2 to avoid SEGV)
    • set user/pass /etc/php5/conf.d/xcache.ini if desired
    • echo -n “password” |md5sum to get the hashed password
    • in fact, we leave authentication to apache, so we need to set
    • "xcache.admin.enable_auth = Off" in /etc/php5/conf.d/xcache.ini
    • setup an alias in apache to /usr/share/xcache/admin and/or /usr/share/xcache/coverager
  • add Expires header:
    • a2enmod expires
      • NB: the default header it adds is "Expires 1970"!
    • Yslow grade C (score=79), 65.6/2.6KB in 24/2 requests
  • set in _firefox_:
    • extensions.firebug.yslow.pointsEtags=0
    • this stops yslow saying that ETags are bad
    • (which is true for _default_ ETags hash if you are using multiple servers)
    • Yslow grade B (score=82), 65.6/2.6KB in 24/2 requests
  • this just leaves CSS sprites to do (which would be a significant win I suspect)

SEO:

  • install http://drupal.org/project/nodewords (aka metatags)
    • admin -> user management -> permissions -> admin metatags
  • admin content -> meta tags - fill it in!
  • install http://drupal.org/project/xmlsitemap
    • NB: this now depends upon http://drupal.org/project/site_verify
    • enable core module, engines, nodes, taxonomy but not user module
    • admin/settings/xmlsitemap
      • sitemap: set front page search to daily
      • search engines: enable submission, set updates to daily
      • search engines: set google verification link name and MS Live tag
    • visit /cron.php and then check /sitemap.xml and referred files

Site maps:

Ping:

  • Enable Ping module
    • add MultiPing module if you want (I've not bothered)

Nagios:

  • Enable Nagios module from http://drupal.org/project/nagios
    • /admin/settings/nagios
      • set unique ID to a random string
  • copy nagios-plugin/check_drupal across to Nagios
  • ./check_drupal -H $HOSTADDRESS$ -U randomstring

DHTML Menus (disabled):

Tagadelic:

Glossary:

  • install http://drupal.org/project/glossary
    • NB: README is more up to date than online docs
  • /admin/content/taxonomy
    • add vocabulary "Glossary"
      • associate it with "Story" content type
  • /admin/settings/glossary
    • select "Show glossary term descriptions on the Glossary page"
  • now for _each_ of the HTML pages (Markdown, Filtered, Full)
    • select "change settings" and enable "glossary filter"
    • go back to /admin/settings/glossary and reselect the HTML page (it will now have settings displayed)
    • Select Vocabulary should be set to "Glossary"
    • Match type: word
    • Case sensitivity: case-insensitive
    • Replace: all matches
    • Link style: none
      • Link style: absolute is easy to confuse with real links unless you use "icon" or "subscript" Term indicator below
      • even if you use the additional "Hovertip" module
    • Term indicator: acronymn seems best overall
    • Icon URL: modules/glossary/glossary.gif (NB: you must lose the leading "/")

Twitter:

  • install http://drupal.org/project/twitter
  • also install http://drupal.org/project/shorten
  • enable twitter module (but not "twitter access" module)
  • also enable trigger module!
  • /admin/settings/twitter
    • fill in username/password
    • do not import statuses
    • only tweet on blog entries for now
    • allow drupal to mark source as Drupal
  • /admin/user/permissions
    • allow admin to "add twitter accounts" and "use global twitter account"
  • This ain't working :-(
    • enabled Trigger module
    • upgraded Shorten

Upload:

  • enable the "upload" module
  • /admin/settings/uploads
    • increase max size to 5MB
    • also increase this in php.ini settings if required
  • /admin/user/permissions
    • allow anyone to view uploaded files
    • allow admin to upload files
    • remove permitted file extensions (this allows any file extension)

Comment notifications:

  • apt-get install libphp-phpmailer
  • install http://drupal.org/project/messaging
  • install http://drupal.org/project/notifications
  • enable "Messaging" module, "Simple Mail", "Messaging PHPMailer"
  • enable "Notifications", "Content Notifications", "Notifications Autosubscribe", "Notifications UI"
  • ln -sf /usr/share/php/libphp-phpmailer /etc/drupal/6/modules/messaging/messaging_phpmailer/PHPMailer
  • goto /admin/user/permissions:
    • enable admin on "messaging module -> administer messaging"
    • enable admin, authenticated user on "notifications module -> maintain own subscriptions"
    • enable admin, authenticated user on "notifications module -> manage own subscriptions"
    • enable admin on "notifications module -> administer notifications"
    • enable admin on "notifications module -> manage all subscriptions"
    • enable admin, authenticated user on "notifications_content module" (all)
  • /admin/messaging/settings set default to "Mail" (or HTML Mail if you must)
  • /admin/messaging/notifications ensure "Immediate sending" is unticked (due to clash with pathauto)
  • on personal profile: Edit -> Account -> Autosubscribe (actually, don't - it'll do each page!)
  • on personal profile: Edit -> Notifications -> Add subscription -> Content Type (do Story, Profile, Page, Blog Entry)

AddToAny:

Autoload (for messaging/notification):

SEO:

  • Prereqs:
    • Ctools (Chaos tools)
    • Presets
    • Strongarm
  • Google analytics reports
    • Chart
    • Oauth_common
  • SEO tools
  • SEO Checklist
  • These recommended enabling:
    • Nodewords - extra meta tags (nodewords_extra)
    • Nodewords - site verification meta tags (nodewords_verification_tags)
    • XML sitemap user (xmlsitemap_user)
  • Grant admin permissions on these (admin/user/permissions)
  • admin/reports/settings
    • Enable access logs for 16 weeks
    • Enable content count
  • /admin/settings/google-analytics-reports
    • click setup and authorize it to access google, set cache for 1 week


Upgrades:

  • after an upgrade you'll often be asked to upgrade the database (on the status page)
  • however the update.php script only allows the admin user to do this
  • to fix, edit update.php and add this to the access check: 
    || array_search("admin",user_roles())

Security announcements:

  • create an account on drupal.org
  • login and select "My account"
  • select "My newsletters" tab and tick the security announcement list

FCGI rather than mod_php:

  • use these instructions
  • a2dismod php5
  • apt-get install apache2-mpm-worker libapache2-mod-fcgid php5-cgi
  • a2enmod fcgid
  • touch /etc/apache2/mods-enables/php5_fcgid.load (empty file)
  • add to /etc/apache2/mods-enables/php5_fcgid.conf: 
<IfModule mod_fcgid.c>
  AddHandler fcgid-script .php
  DefaultMaxClassProcessCount 4
  DefaultInitEnv PHP_FCGI_MAX_REQUESTS 100
  DefaultInitEnv PHP_FCGI_CHILDREN 4
  FCGIWrapper /usr/bin/php-cgi .php
  <Files *.php>
    Options +ExecCGI
  </Files>
</IfModule>
  • a2enmod php5_fcgid
  • /etc/init.d/apache2 restart

TODO:

Retrieved from "http://www.smop.co.uk/mediawiki/index.php/Drupal"
Personal tools