This documentation below simply explain how I deploy and secure my drupal with CiviCRM application on AWS.
Below are the tools I used for deploying my drupal application
-
Terraform
- This is an infrastructure as code software byHashicorp
. It allows users to define a data center infrastructure in a high-level configuration language, from which it can create an execution plan to build the infrastructure in a service provider such asAWS
,Google cloud platform
,Microsoft Azure
e.t.c. -
Ansible
- This is an open source software that automates software provisioning, configuration management, and application deployment. Ansible connects via SSH, remote PowerShell or via other remote APIs. -
Packer
- This is an open source tool for creating identical machine images for multiple platforms from a single source configuration. Packer is lightweight, runs on every major operating system, and is highly performant, creating machine images for multiple platforms in parallel. -
LetsEncrypt
- This is a free, automated and open Certificate Authority. I'm using this to generate a free SSL certificate for my application. -
Nginx
- This is an open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability -
Drupal
- Drupal is a free and open source content management framework written in PHP and distributed under the GNU General Public License. Drupal provides a back-end framework for at least 2.3% of all websites worldwide ranging from personal blogs to corporate, political, and government sites. Systems also use Drupal forknowledge management
and for business collaboration. -
CiviCRM
- This is a web-based, open source, internationalized suite of computer software for constituency relationship management, that falls under the broad rubric ofcustomer relationship management
. It is specifically designed for the needs of non-profit, non-governmental, and advocacy groups, and serves as an association management system.Basically, I'm using Packer to create a machine image with Ansible as the provisioner. A machine image is a single static unit that contains a pre-configured operating system and installed software which is used to quickly create new running machines. So I use Terraform to launch an instance with the machine Image on AWS.
This walkthrough was run on a MacOS but irrespective of your OS, this guide assumes the following
- Basic Linux skills
- Terraform, Packer and Ansible installed on your machine
- A domain name to use for SSL certificate
- AWS access and secret key
Follow the instruction below to set up this infrastructure on your AWS account.
-
Clone the project into your local machine
git clone cd project-task
-
Export your AWS credentials to environment variables
export AWS_ACCESS_KEY= YOUR_AWS_ACCESS_KEY export AWS_SECRET_KEY= YOUR AWS_SECRET_KEY
-
Create a machine image for both the database and Drupal application
For the database image
-
cd into the database image directory
cd images/database
-
Open the
database.yml
file and edit the vars to suit your needsvars: db_user: "database_user" db_password: "database_password" civicrm_db_name: "Civicrm_database_name" drupal_db_name: "Drupal_database_name" priv: "drupal.*:ALL/civicrm.*:ALL" root_db_password: "Your_root_password"
This would create a database with the credentials specified above.
-
Open and edit the
database/roles/secureMysql/templates/.my.cnf
file to read yourroot_db_password
as shown below[client] user=root password=your_root_db_password
-
create the database image by running the command below
packer build database.json
For the Drupal application image
- cd into the drupalClient image directory
cd images/drupalClient
- Open the
images/drupalClient/roles/nginxConfig/templates/nginx.conf
file and edit theserver_name
to your domain nameserver_name your_domain_name.com;
- create the Drupal image by running the command below
packer build drupal.json
-
-
Deploy the infrastructure to AWS with terraform. Follow the step below to do that
-
move into the terraform directory
cd terraform
-
Create a new file named
terraform.tfvars
and paste the code belowaccess_key = "Your aws_access_key" secret_key = "Your aws_secret_key" public_key = "your public ssh key"
To generate an ssh key, run the command below
ssh-keygen
Don't ever push this file or your AWS credentials to Github.
-
Open the variables.tf and edit the
key_name
variable to the name of your public key as shown belowvariable "key_name" { description = "compucorp key pair" default = "name_of_public_key" }
-
Initialize terraform by running
terraform init
command -
Run
terraform plan
to see the resources that would be created on your AWS -
Run
terraform apply
to create the infrastructure on AWS.This would also print out the IP address of your database and Drupal application on your terminal, Copy and paste the
Drupal instance DNS or IP address
into your browser and follow the instruction to setup Drupal. Or you can log in into aws console and click on theUS East (Ohio)
to see the details of your instance.
-
-
Install the
CiviCRM
modules. Follow the instructions below to do that-
On your drupal homepage, click on
Modules
at the top navbar of your homepage -
click on the
Install new module
link -
paste the link below into the
Install from a URL
textboxhttps://download.civicrm.org/civicrm-5.6.0-drupal.tar.gz
-
Click on the
Install
-
To activate the modules, go to
your_drupal_ip_address/sites/all/modules/civicrm/install/index.php
to activate the civicrm and fill in the box to suit your needs.Ensure the database credentials are correct for both CiviCRM and Drupal database.
You need to
SSH
into your instance and grant this folder/usr/share/nginx/html/drupal/drupal-7.60/sites/default
a write accessssh -i "your_ssh_key.pem" ubuntu@your_drupal_ip_address sudo chmod u+w /usr/share/nginx/html/drupal/drupal-7.60/sites/default
Refresh your browser.
-
-
Setup SSL certificate for the domain. To set up HTTPS, ensure your IP address is mapped to your domain name then SSH into your server and run the command below
sudo certbot --nginx -d your_domain_name -d www.your_domain_name
-
Modify the Drupal settings files so that Drupal views can use the CiviCRM database. Follow the steps below
-
Go to Drupal homepage and click on
Modules
at the top navbar -
click on
Install new module
link and paste the link below into theInstall from a URL
text field to installctools
modulehttps://ftp.drupal.org/files/projects/ctools-7.x-1.14.tar.gz
-
Repeat the process above but change the link as specified below to install
views
moduleshttps://ftp.drupal.org/files/projects/views-7.x-3.18.tar.gz
-
Enable the
ctools
module by selecting theChaos tools
options under theCHAOS TOOL SUITE
section and save the configuration -
Enable the
views
modules by selecting all theViews
options underVIEWS
section and save the configuration. -
Click on this
Drupal view
to complete the setup.
-
-
Backup the database and upload backup data to Amazon S3 storage. Follow the steps below to do that
-
SSH into the database instance
ssh -i "your_ssh_key.pem" ubuntu@your_database_ip_address
-
Create a new file named
.mylogin.cnf
and paste the code below[client] user = root password = Your MySQL root user's password
-
Create a new directory named backups
mkdir backups
-
Run the
crontab -e
command and paste the code below57 23 * * * /usr/bin/mysqldump --defaults-extra-file=/home/ubuntu/.mylogin.cnf -u root --single-transaction --quick --lock-tables=false --all-databases > backups/full-backup-$(date +\%F).sql
This means a backup would be created every day at 23:59 hours
-
To deploy the backup file to Amazon S3 storage, run the
aws configure
command, This would ask for your aws access and secret key. -
Create a new
s3 bucket
to save the backup's by running the command belowaws s3 mb s3://your-bucket-name
-
With this in place, we want to make sure our backup is uploaded regularly. Run the
crontab -e
command again and add the code below to the file59 23 * * * /home/ubuntu/.local/bin/aws s3 cp backups s3://your-bucket-name/ --recursive
This would always upload our backup data to AWS S3 every day at 23:59 hours
-