Drupal Cloudflare

Posted onby admin

Just recently, we showed you how to install Drupal with Nginx and Cloudflare to enhance your website performance and protect it from bad actors.. To read that post, click here.

  1. Drupal Cloudflare
  2. Drupal Cloudflare Purge
  3. Wordpress Cloudflare Plugin

EDIT I have also cleared Drupal, Cloudflare and browser's cache (Chrome, Firefox, Opera are tested), updated database also just in case. Php ssl drupal https cloudflare. Improve this question. Follow asked Sep 19 '17 at 10:27. Lazarkoo lazarkoo. 13 3 3 bronze badges. Custom Cloudflare WAF rules that every Drupal site should run Part of my day job is to help tune the Cloudflare WAF for several customers. This blog post helps to summarise some of the default rules I will deploy to every Drupal (7 or 8) site as a base line.

  1. DrupalCon Europe has 4 keynotes, 119 sessions and 4 workshops in five tracks included with each ticket. Don’t miss the opportunity to connect with the Drupal community online 8-11 December, 2020.
  2. Integrating Drupal with Cloudflare. The super smart lead developer at Xeno Media first brought the Cloudflare service to my attention as it was integrated with one of the hosts we were using. We experimented with a site that was experiencing outages due to traffic spikes it received after sending an email newsletter.

Well, this post shows you how to get Drupal working with Apache2 HTTP server and Cloudflare.. For those who want to use Apache2 instead, they’re in the right place…

Drupal, a free open source content management system (CMS) works out of the box after installing… However, to give your audience and users the best experience you may want to consider using Cloudflare CDN, SSL and protection…

And if you’re a student or new user who want to take advantage of all the great features Cloudflare offers, the steps below should help you get there…

This brief tutorial will show students and new user a step by step guide on how to setup Drupal websites and use Cloudflare’s CDN, free SSL and security features to help improve their website performance and protect their sites against malicious actors..

This setup might take a while to complete and the process below should work on other websites as well… It doesn’t have to be Drupal… This setup should work on other CMSs and plain HTML sites out of the box…When you’re ready to setup Drupal and Cloudflare, follow the steps below:

Step 1: Sign up for Cloudflare Account…

The first step in this tutorial is to sign up for Cloudflare service… This assumes that you already have registered a domain name.. If you don’t, then go and get one before continuing further…

Once you have a domain name, click on the link below to sign up for Cloudflare…

Type in your email address and click Create Account..

Once the account is created and you’ve verified your email address and logged back into Cloudflare account, click the button or link (Add a Site) to add a site to your account…

Next, type in the domain name you have registered… Cloudflare service will help speed up and protect the site you add…

Next, Cloudflare will begin to query your domain DNS provider for the records in the DNS table… If the domain is online, Cloudflare should find it and import the records into your Cloudflare account…

After that, select the plan you want to use for the site… For this tutorial, we’re going to be using Cloudflare free plan…

When you’re done, you should see two nameservers provided to you by Cloudflare… What you need to do is logon to your domain provider’s portal… where you have your domain… and replace the nameservers with the ones Cloudflare gives you…

For example, our example.com site is hosted with Google Domains.. so we’ll logon to our Google Domains account and use custom nameservers… Then we’ll use the nameservers provided by Cloudflare and save..

Once you’ve saved your custom nameservers changes, go back to your Cloudflare account and wait for Cloudflare to see the changes…. Depending on your domain provider, it make take up to an hour for Cloudflare to be visible…

Once all is ready, you’ll see your site status as Active..

When everything is done, you should also see your Cloudflare account with DNS entries as shown below… Your DNS records might have more entries then the two below.. but these two are the most important for running your website….

After that, click on Crypto tab and choose to enable Full (strict) SSL.. This should turn on SSL for the site…

Still under Crypto tab, scroll down to Origin Certificates… Then click the button to create certificate…

Use the free TLS certificate signed by Cloudflare to install on your origin server… Origin Certificates are only valid for encryption between Cloudflare and your origin server…

Next, choose to Let Cloudflare generate a private key and a CSR for the domain… Click Next…

Then copy a paste these into a text file on onto your server…

On Ubuntu, run the commands below to create the key, certificate and origin pull files… Copy and paste each content into the respective file.. and save..

Cloudflare

For the key file… run this, then copy and paste the key into the file and save…

sudo nano /etc/ssl/private/cloudflare_example.com.pem

For the certificate file, run this and copy and paste the certificate content into the file and save…

sudo /etc/ssl/certs/cloudflare_example.com.pem

You’ll also want to download Cloudflare Origin Pull certificate… You can download that from the link below:

Run th commands below to download it..

After that, you should have three files.. The server key, server certificate and the origin-pull certificate..

We will use these file in Apache2 config below

After saving the key, certificate and origin pull certificates files… continue below..

Still, under, Crypto enable Always use HTTPS and you may also change settings for HSTS but not necessary…

Next, turn on Authenticated Origin Pulls and Opportunistic Encryption, and continue..

Then, turn on Automatic HTTPSRewrites and continue..

Next, move to the Speed tab, tune on Auto Minify for JavaScript, CSS and HTML.. and continue

Next, move to the Page Rules tab… then create a new rule for the site.. then type URL and choose Always Use HTTPS

http://* example.com/*

Alwyas Use HTTPS

Save your settings and you’re done with setting up Cloudflare..

Step 2: Install and Configure Drupal

Now that Cloudflare is configure, logon to your server and configure Drupal… First install Apache2 HTTP server since we’re using Apache2 for this post.. To install Apache2 server, run the commands below:

After installing Apache2, the commands below can be used to stop, start and enable Apache2 service to always start up with the server boots…

Now that Apache2 is installed…. to test whether the web server is working, open your browser and browse to the URL below…

If you see the page above, then Apache2 is successfully installed…

Step 3: Install MariaDB Database Server

Drupal also requires a database server to store its content… If you’re looking for a truly open source database server, then MariaDB is a great place to start… To install MariaDB run the commands below:

sudo apt-get install mariadb-server mariadb-client

After installing MariaDB, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots…

Run these on Ubuntu 16.04 LTS

Run these on Ubuntu 19.04 and 18.04 LTS

Next, run the commands below to secure the database server with a root password if you were not prompted to do so during the installation…

sudo mysql_secure_installation

When prompted, answer the questions below by following the guide.

  • Enter current password for root (enter for none): Just press the Enter
  • Set root password? [Y/n]: Y
  • New password: Enter password
  • Re-enter new password: Repeat password
  • Remove anonymous users? [Y/n]: Y
  • Disallow root login remotely? [Y/n]: Y
  • Remove test database and access to it? [Y/n]: Y
  • Reload privilege tables now? [Y/n]: Y

Now that MariaDB is installed, to test whether the database server was successfully installed, run the commands below…

sudo mysql -u root -p

type the root password when prompted…

If you see a similar screen as shown above, then the server was successfully installed…

Step 4: Install PHP 7.2 and Related Modules

Drupal CMS is a PHP based CMS and PHP is required… However, PHP 7.2 may not be available in Ubuntu default repositories… To run PHP 7.2 on Ubuntu 16.04 and previous, you may need to run the commands below:

Then update and upgrade to PHP 7.2

Wordpress

sudo apt update

Next, run the commands below to install PHP 7.2 and related modules.

sudo apt install php7.2 libapache2-mod-php7.2 php7.2-common php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-mysql php7.2-gd php7.2-xml php7.2-cli php7.2-zip

After installing PHP 7.2, run the commands below to open PHP default configuration file for Apache2…

The lines below is a good settings for most PHP based CMS… Update the configuration file with these and save….

Everytime you make changes to PHP configuration file, you should also restart Apache2 web server… To do so, run the commands below:

sudo systemctl restart apache2.service

Now that PHP is installed, to test whether it’s functioning, create a test file called phpinfo.php in Apache2 default root directory…. ( /var/www/html/)

sudo nano /var/www/html/phpinfo.php

Then type the content below and save the file.

Drupal Cloudflare

<?php phpinfo( ); ?>

Next, open your browser and browse to the server’s hostname or IP address followed by phpinfo.php

You should see PHP default test page…

Step 5: Create Drupal Database

Now that you’ve installed all the packages that are required for Drupal to function, continue below to start configuring the servers. First run the commands below to create a blank Drupal database.

To logon to MariaDB database server, run the commands below.

sudo mysql -u root -p

Then create a database called drupal

CREATE DATABASE drupal;

Drupal Cloudflare

Create a database user called drupaluser with a new password

CREATE USER 'drupaluser'@'localhost' IDENTIFIED BY 'new_password_here';

Then grant the user full access to the database.

GRANT ALL ON drupal.* TO 'drupaluser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;

Finally, save your changes and exit.

Drupal

Step 6: Download Drupal Latest Release

To get Drupal latest release you may want to use Github repository… Install Composer, Curl and other dependencies to get started…

After installing curl and Composer above, change into the Apache2 root directory and download Drupal packages from Github… Always replace the branch number with the latest branch….

Then run the commands below to set the correct permissions for Drupal to function.

Step 7: Configure Apache2

Finally, configure Apache2 site configuration file for Drupal. This file will control how users access Drupal content. Run the commands below to create a new configuration file called example.com.conf

sudo nano /etc/apache2/sites-available/example.com.conf

Then copy and paste the content below into the file and save it. Replace the highlighted line with your own domain name and directory root location…

Also make sure to reference the certificate files created above during Cloudflare setup..

Save the file and exit.

Step 8: Enable the Drupal

After configuring the VirtualHost above, enable it by running the commands below

Next, open your browser and browse to your domain name used above… You should see Drupal setup wizard to complete. Please follow the wizard carefully.

Then follow the on-screen instructions and select the installation language here…

Next, select the installation profile and continue

On the next screen, enter the database connection info you created above and continue…

Then create an admin account and the Drupal site info and finish the installation…. after a brief moment, you should see your new site created…

Logon and start building your site!

Do forget to install this Cloudflare module after installing Drupal…

Drupal Cloudflare Purge

In the future when you want to upgrade to a new released version, simply run the commands below to upgrade…

That’s it!

Congratulations! You have successfully installed Drupal CMS with Cloudflare support on Ubuntu 16.04 18.04

You may also like the post below:

Exploitation attempts of a highly critical vulnerability discovered in the Drupal content management software (CMS) on February 20 were blocked by Cloudflare using Web Application Firewall (WAF) rules designed to protect its customers' websites from being compromised.

Wordpress Cloudflare Plugin

Cloudflare

According to Drupal project team's security advisory, the websites impacted by the vulnerability tracked as CVE-2019-6340 are those that have the Drupal 8 core RESTful Web Services (rest) module turned on, and also allow PATCH or POST requests.

To avoid having to ask each of their customers to update their installations after a patched version was released by Drupal on the same day, Cloudflare 'identified the type of vulnerability' within 15 minutes, and they 'were able to deploy rules to block the exploit well before any real attacks were seen.'

First attack observed 48 hours after vulnerability disclosure

After analyzing Drupal's patch in depth, the company's security team discovered that a potential exploit would be based on deserialization which can be abused with the help of a maliciously crafted serialized Object.

The worst part was that potential attackers could exploit CVE-2019-6340 without any authentication requirements, allowing for all the data on the system to be modified or deleted.

Following multiple tweaks, Cloudflare eventually deployed a WAF rule they named D0020 which was very effective in automatically blocking attackers trying to exploit the highly critical vulnerability present in unpatched Drupal installations.

Cloudflare says that 'The rule was already deployed in ‘drop’ mode by the time our first attack was observed at around 7pm UTC on Friday the 22nd of February 2019, and to date it has matched zero false positives. This is less than 48 hours from the announcement from Drupal.'

While at first, the threat actors were only probing for vulnerable Drupal installations by remotely invoking commands like phpinfo and executing test payloads, the attacks soon picked up trying to drop backdoor payloads designed to help crooks to maintain their access even if the server would've been patched later on.

'The pattern we saw here is fairly typical of a newly announced vulnerability. [..] This vulnerability was weaponized within two days of disclosure, but that is by no means the shortest time frame we’ve seen,' concludes Cloudflare.

Related Articles: