Update and Secure Drupal 8 on Ubuntu or Debian
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
DeprecatedThis guide has been deprecated and is no longer being maintained.
Please refer to the updated version of this guide.
Drupal 8 is the latest version of the popular Drupal content management system. While a simple incremental update feature is included in version 8.1, manual core updates are required for all preceding versions. This guide demonstrates how to manually install an incremental Drupal 8 update on your Linode. This guide assumes you have a functional Drupal 8 installation running on Apache and Debian or Ubuntu.
Before You Begin
Ensure that you have completed the following guides:
Confirm the name of your site’s Document Root folder by running the following command on your Linode:
ls /var/www/html
Update your system:
sudo apt-get update && sudo apt-get upgrade
Note
- This guide will use
sudo
wherever possible.- You may need additional firewall rules for your specific application.
- Replace each instance of
example.com
anduser
with the names appropriate to your site, and203.0.113.52
with your Linode’s IP address or domain name.
Create Backups
Back up existing files and move the archive into the backups directory. This process can also be scripted and run on a regular basis using cron:
cd /var/www/html/example.com/public_html
sudo tar -cvzf example.com-BCKP-$(date +%Y%m%d).tar.gz ./
sudo mv -v example.com-BCKP-*.tar.gz ../backups
Download Updates
Log in to your Drupal site and navigate to the Admin Toolbar. Click Reports, then Available updates.
Note
If Available updates is not listed, enable the Update Manager plugin under Extend.Right click “Download” to the right of the desired version and copy the link address:
Connect to your Linode over SSH:
ssh user@203.0.113.52
Navigate to the Apache DocumentRoot directory. Download the new file by using
wget
and pasting the link address you copied from Step 2:cd /var/www/html/example.com wget https://ftp.drupal.org/files/projects/drupal-8.1.1.tar.gz
Upgrade Your Site
Put the Site into Maintenance Mode
Back in your browser navigate to Configuration, Development, then Maintenance mode.
Check the box next to “Put site into maintenance mode.” Enter a message if desired, and click Save Configuration.
Replace System Files
While in the site’s
public_html
folder on your Linode, remove existing files and folders exceptsites
andprofiles
:sudo rm -ifr autoload.php composer.* example.gitignore index.php LICENSE.txt README.txt robots.txt update.php web.config && sudo rm -ifr core/ modules/ vendor/ themes/
Go up one directory, then expand the update into your
public_html
folder. Replacedrupal-8.1.1.tar.gz
with the current update:cd .. sudo tar -zxvf drupal-8.1.1.tar.gz --strip-components=1 -C public_html
From a browser on your local machine, navigate to
example.com/update.php
:Note
If
update.php
does not load or returns a 403 Forbidden error, you can try to change the ownership and permissions of the newly expanded files:chgrp www-data /var/www/html/example.com/public_html/sites/default/files chmod 775 /var/www/html/example.com/public_html/sites/default/files chmod 757 /var/www/html/example.com/public_html/sites/default/settings.php
Follow the prompts to continue the update.
If installing additional modules or configuring additional security settings, proceed to the Additional Security section below. Return to Step 6 once those configurations are complete.
Rebuild the site’s cache by clicking Configuration in the Admin Toolbar, then Performance under Development. Click Clear all caches.
Click Reports in the Admin Toolbar, then Status report.
From your Linode, open
/var/www/html/example.com/public_html/sites/default/settings.php
and confirm that$update_free_access = FALSE
.If everything looks good, take the site out of maintenance mode described above by unchecking the box next to “Put site into maintenance mode.”
Additional Security
Increase password security by adding the following to
services.yml
:- File: /var/www/html/example.com/public_html/sites/default/services.yml
1 2 3 4 5
# Increase the number of password hash iterations. Minimum = 7; Maximum = 30; Default = 16 services: password: class: Drupal\Core\Password\PhpassHashedPassword arguments: [19]
Note
You may need to add write permission to this file before you can edit it:
chmod u+w /var/www/html/example.com/public_html/sites/default/services.yml
Consider installing additional security modules from the Drupal Project Module:
- Secure Login enforces secure authenticated session cookies
- Password Policy: Define a user password policy
- Security Review: Automated security testing
This page was originally published on