Complete Setup and Hardening Guide for Ubuntu 24 - Apache, PHP 8.3.15, MySQL 8.0.36 and Drupal 10
# 1. Updating and Preparing the System
'Bash
# Updating the system.
sudo apt update & & sudo apt upgrade - y
# Install the required packages.
sudo apt install software-properties-common apt-transport-wget curl unzip-y
""
---
# 2. Apache installation and configuration.
# # # 2.1 Install Apache
'Bash
# Install Apache
sudo apt install apache2-y
Start the Apache service.
sudo systemctl start apache2
sudo systemctl enable apache2
# check the status.
sudo systemctl status apache2
""
# # 2.2 Apache Hardening
File: '/ etc / apache2 / conf-available / security. conf'
'Bash
sudo nano / etc / apache2 / conf-available / security. conf
""
* * Edit the following settings.
'Apache
Hide server signature
ServerTokens Prod
ServerSignature Off
# Close Directory Listing
< Directory / >
Options-Indexes
AllowOverride None
Require All Denied
< / Directory >
Disable # Trace method
TraceEnable Off
# clickjacking protection
Header always append X-frame-options SAMEORIGIN
# XSS Protection
Header set X-XSS-Protection 1; mode = block
Stop sniffing # Content Type
Header set X - Content-Type - Options nosniff
# Referrer Policy
Header set Referrer-Policy "strict-origin-when-cross-origin"
# Content Security Policy (customized as needed)
Header set Content-Security-Policy "default-src 'self'"
""
File: '/ etc / apache2 / apache2.conf'
'Bash
sudo nano / etc / apache2
""
* * Add the following settings.
'Apache
# Reduce Timeout
The time is 60
# KeepAlive enabled
Keep Alive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
# Server root directory security
< Directory / >
Options - Indexes - Includes
AllowOverride None
Require All Denied
< / Directory >
< Directory / var / www / >
Options - Indexes + FollowSymLinks
Allow's all
It is necessary to grant all
< / Directory >
""
# # # # Enable / Disable Apache Modules
'Bash
# Enable required modules
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod headers
sudo expires a2enmod
sudo a2enmod deflate
# Disable unnecessary modules
sudo a2dismod status
sudo a2dismod autoindex
Enable security config.
sudo a2enconf security
Restart Apache
sudo systemctl restart apache2
""
---
# 3. PHP 8.3.15 Installation and configuration.
# # # 3.1 Add PHP 8.3 Repository
'Bash
# Add PPA repository
sudo add-apt-repository ppa: ondrej / php-y
sudo apt update
""
# # # 3.2 Install PHP 8.3.15 and extensions
'Bash
Extensions for PHP 8.3 and Drupal
sudo apt install php 8.3 php 8.3 -cli php 8.3 -fpm php 8.3 -common php 8.3 -mysql
php 8.3 -zip php 8.3 -gd php 8.3 -mbstring php 8.3 -curl php 8.3 -xml php 8.3 -bcmath
php 8.3 -intl php 8.3 -soap php 8.3 -opcache php 8.3 -readline php 8.3 -apcu -y
# Apache PHP module
sudo apt install libapache2-mod-php 8.3 -y
Check the PHP version.
php-v
""
# # 3.3 PHP Hardening
File: '/ etc / php / 8.3 / apache2 / php. ini'
'Bash
sudo nano / etc / php / 8.3 / apache2 / php. ini
""
Find and edit the following settings:
"Ini.
Limit the number of file uploads
file _ uploads = On
upload _ max _ filesize = 64M
max _ file _ uploads = 20
Memory and execution limits.
memory _ limit = 256M
max _ execution _ time = 300
max _ input _ time = 300
post _ max _ size = 64M
Error handling (for production)
display _ errors = Off
display _ startup _ errors = Off
log _ errors = On
error _ log = / var / log / php / error. log
error _ reporting = E _ ALL & ~ E _ DEPRECATED & ~ E _ STRICT
Disable dangerous functions.
disable _ functions = exec, passsthru, shell _ exec, system, proc _ open, popen, curl _ exec, curl _ multi _ exec, parse _ ini _ file, show _ source
Limit access to the file
open _ basedir = / var / www /: / tmp /: / usr / share / php
the session security.
session.cookie _ httponly = 1
session.cookie _ secure = 1
session.use _ strict _ mode = 1
session.cookie _ samesite = Strict
session.use _ only _ cookies = 1
session.name = DRUPAL _ SESSION
SQL injection protection.
magic _ quotes _ gpc = Off
Close Remote file access
allow _ url _ fopen = Off
allow _ url _ include = Off
Stop exposing PHP.
expose _ php = OFF
OPcache settings (for performance)
opcache.enable = 1
opcache.memory _ consumption = 128
opcache.interned _ strings _ buffer = 8
opcache.max _ accelerated _ files = 4000
opcache.revalidate _ freq = 60
opcache.fast _ shutdown = 1
""
# # # # Create PHP Error Log Directory
'Bash
sudo mkdir -p / var / log / php
sudo chown www - data: www - data / var / log / php
sudo chmod 755 / var / log / php
""
# # # # Restart Apache
'Bash
sudo systemctl restart apache2
""
---
# 4. MySQL 8.0.36 Installation and configuration
# # # 4.1 Install MySQL
'Bash
How to install MySQL server
sudo apt install mysql-server-y
Set up the MySQL service
sudo systemctl start mysql
sudo enable mysql
# check the status.
sudo systemctl status mysql
""
# # # 4.2 MySQL Secure Installation
'Bash
sudo mysql _ secure
""
Select one of the following options: *
Validate Password Component: Yes (MEDIUM or STe2 / drupal-access. log
# PHP logs
sudo tail -f / var / log / php / error. log
# MySQL logs
sudo tail -f / var / log / mysql / error. log
# System logs
sudo tail -f / var / log / syslog
""
# # # 11.2 Regular maintenance tasks
'Bash
System updates (weekly)
sudo apt update & & sudo apt upgrade - y
Drupal updates (monthly)
cd / var / www / html / drupal
sudo-u www-data composer update drupal / core "drupal / core- *" --with-all-dependencies
sudo-u www - data drush updatedb
sudo-
Drupal CMS
