My previous post related on how to install WordPress on Oracle Cloud seemed to be very popular. To continue the exploration of OCI, today we will install Drupal.
This time, even if it’s possible to use the Free Trier like in the WordPress post, I will use a pay account to have the possibility to split the Web Server and the Database into two different subnets. Both instances will have their own subnet and only the Webserver will be reachable directly from the Internet. MySQL will be installed on a private subnet that could reach Internet only via a NAT gateway.
This is an overview of the proposed architecture:
At the end of the blog you will also be able to see this process in video.
The Webserver (Drupal)
We first create a compute instance called myDrupal:
We are using Oracle Linux 7.7 as image.
Once created and provisioned, we can get it’s public IP that we gonna use to connect to it using ssh:
Installing Apache and PHP
To install apache and PHP, we will then use ssh and the usual opc user:
ssh -i ~/.ssh/id_rsa_oci opc@150.136.231.34
We will use the latest PHP 7.4. It supports MySQL 8.0’s default secure authentication plugin, caching_sha2_password without any problem (see this illustration).
To install latest PHP 7.4 we will use EPEL and Remi’s repository:
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
Let’s enable remi’s PHP 7.4 repository:
sudo yum-config-manager --enable remi-php74
And finally install all required packages:
sudo yum install php php-cli php-mysqlnd php-zip php-gd \
php-mcrypt php-mbstring php-xml php-json
The httpd package is a dependency and gets automatically installed.
Installing Drupal
We will download and unpack Drupal directly in /var/www and we will replace the htmldir as this will be the only site on this Virtual Machine:
[opc@mydrupal ~]$ cd /var/www [opc@mydrupal www]$ sudo wget https://www.drupal.org/download-latest/tar.gz [opc@mydrupal www]$ sudo tar zxvf tar.gz [opc@mydrupal www]$ su rm -rf html tar.gz [opc@mydrupal www]$ sudo mv drupal-8.8.4 html [opc@mydrupal www]$ sudo chown apache. -R html
Allow traffic to http port
To be able to allow the Internet to connect to our Webserver, we need to open the port used for http, the port 80. And we need to perform this operation on the server itself as Oracle Linux enables a firewall by default but also on OCI to allow connections to our Public Subnet.
Compute Instance’s Local Firewall
In the ssh session, we enter the following commands:
[opc@mydrupal www]$ sudo firewall-cmd --zone=public --permanent --add-port=80/tcp success [opc@mydrupal www]$ sudo firewall-cmd --reload success
OCI VCN’s Public Subnet Firewall
And we need to add a rule to allow the same traffic to our Compute Instance in OCI:
If you don’t have already such rule:
You will need to add it:
Now we can start Apache and install eventual missing packages:
[opc@mydrupal www]$ sudo systemctl start httpd
You can open your browser and add the public ip in it… you will reach the first page of Drupal’s installation process.
When you start, you will see some warnings and errors. Let’s perform the required steps to be able to proceed with the installation:
[opc@mydrupal ~]$ cd /var/www/html [opc@mydrupal html]$ sudo yum install php-opcache [opc@mydrupal html]$ sudo cp sites/default/default.settings.php sites/default/settings.php [opc@mydrupal html]$ sudo chown apache. sites/default/settings.php [opc@mydrupal html]$ sudo chcon --type httpd_sys_rw_content_t /var/www/html/sites/* [opc@mydrupal html]$ sudo systemctl restart httpd
Now you can refresh the page and you should see something like this:
If you have the same warning about CLEAN URLS, you can bypass and click on Conitnue Anyway in the bottom of the page. You will reach the Database Configuation page… we will fill it later.
The Database Server (MySQL)
Now it’s time to create our second compute instance that will host MySQL as database server for our website.
We need first to create an second subnet to host our private servers (in this case only our database server). This means that those servers won’t be reachable directly by the Internet and won’t have the possibility to have any public ip. This is the reason why I don’t use the Free Trier as I will need a second gateway for the servers in this private subnet. This second gateway is required to access Internet using a NAT.
if you use the free trier, you have the following options:
1. use only one subnet and remove manually the public IP after having installed all the required packages on the database server.
2. use a private subnet without Interner access, this means you will have to copy (via scp) all required packages to install MySQL (or deploy a yum repo on a compute instance located in the public subnet).
Private Subnet
So now, we have two subnets:
Currently, we don’t have any other choice for the Route Table, we will have to modify it later after the creation of a new one using the NAT Gateway we will create now:
We can now see the just create NAT Gateway:
And we will create a new Routing Table using the new gateway:
And we have to add a new Routing Rule to use the NAT Gateway:
We can now modify our Private Subnet to use the new Routing Table:
MySQL Instance
It’s time to deploy an new compute instance that we will call myMySQL01 and put in the private subnet:
When deployed, we can connect to it in ssh but only from the myDrupal host. Therefor we will connect to myDrupal using -A to forward the ssh key and then connect to the private ip of myMySQL01 instance:
ssh -i ~/.ssh/id_rsa_oci opc@150.136.231.34 [opc@mydrupal ~]$ ssh 10.0.1.2 [opc@mymysql01 ~]$
Great ! It’s time to install MySQL Server 8.0:
[opc@mymysql01 ~]$ sudo yum install -y https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm [opc@mymysql01 ~]$ sudo yum install -y mysql-community-server
When MySQL Server is installed, we need to :
- start
mysqld - get the temporary
rootpassword - install MySQL Shell
- connect to MySQL
- change the
rootpassword - create a new schema for drupal’s database
- create a dedicate user with the required privileges for drupal
Here are the commands to perform all these steps above:
[opc@mymysql01 ~]$ sudo systemctl start mysqld [opc@mymysql01 ~]$ sudo grep password /var/log/mysqld.log [opc@mymysql01 ~]$ sudo yum install -y mysql-shell [opc@mymysql01 ~]$ mysqlsh --sql root@localhost
You use the password you got from the second operation and you continue:
MySQL localhost:33060+ ssl SQL > set password = 'MyBigPassw0rd!'; MySQL localhost:33060+ ssl SQL > create database drupal; MySQL localhost:33060+ ssl SQL > create user drupal identified by 'MyPassw0rd!'; MySQL localhost:33060+ ssl SQL > grant all privileges on drupal.* to drupal;
Now we need to allow connections to the MySQL Classic Protocol’s port, 3306. Like for the webserver, we need to do it locally on the Instance itself and on OCI:
[opc@mymysql01 ~]$ sudo firewall-cmd --zone=public --permanent --add-port=3306/tcp [opc@mymysql01 ~]$ sudo firewall-cmd --reload
It’s time to finish the Drupal installation by adding all information related to the database:
Continue with the setup wizard and we are done !
We have now a Drupal site connected to a MySQL 8.0 in OCI in about 20 minutes.
You can follow all the steps on the video below:
Don’t hesitate to comment if you have any question.
