Middlebury

Difference between revisions of "Deploying a new Drupal 8 site"

(Replaced content with " [https://middlebury.atlassian.net/wiki/spaces/WTASDOC/pages/23335971/Deploying+a+new+Drupal+8+site Moved to EWS wiki].")
Tag: Replaced
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
  
== Drupal Site Setup ==
+
[https://middlebury.atlassian.net/wiki/spaces/WTASDOC/pages/23335971/Deploying+a+new+Drupal+8+site Moved to EWS wiki].
 
 
=== Set up the varnish purger ===
 
 
 
#drush8 -y pm-enable purge purge_drush purge_queuer_coretags purge_tokens purge_ui varnish_purger varnish_purge_tags; drush8 -y cr;
 
#Go to '''/admin/config/development/performance/purge'''
 
#Click '''Add purger''' and add a '''Varnish purger'''
 
#Configure the varnish purger
 
##'''Name''': Varnish
 
##'''Type''': Tag
 
##'''Request'''
 
###'''Hostname''': 140.233.1.178 140.233.1.177
 
###'''Port''': 80
 
###'''Path''': /
 
###'''Request Method''': BAN
 
###'''Scheme''': http 
 
##'''Headers'''
 
###-
 
####'''Header''': Cache-Tags
 
####'''Value''': [invalidation:expression] 
 
###-
 
####'''Header''': host
 
####'''Value''': www.middlebury.edu 
 
###-
 
####'''Header''': Drupal-Site
 
####'''Value''': www.middlebury.edu.SITE_PATH     
 
#Export your configuration. It will have an id which looks something like "dd61b69fad". This is the VARNISH_ID you will add to the Chef configuration below.
 
 
 
== AzureAD Setup ==
 
 
 
=== Initialize the Drupal site ===
 
 
 
#Navigate to '''/admin/config/people/saml''' in your site administration.  
 
#Set the '''Service Provider Configuration''' -> '''Entity ID''' to the path of this site's front page without the trailing slash.  
 
#Download the metadata from '''/saml/metadata'''. You will need to upload this file to AzureAD.
 
 
 
=== Configure AzureAD ===
 
 
 
#Go to [https://portal.azure.com https://portal.azure.com]
 
#Click on '''Azure Active Directory''' in the left nav
 
##Click on '''Enterprise Applications''' in the second-most left nav
 
##Click the '''+ New application''' button at the top of the pane
 
##Select '''Non-gallery Application'''
 
##Enter '''Drupal - <site name>''' in the '''Name''' textfield
 
##Click the '''Create''' button 
 
#Click '''Properties''' under '''Manage''' in the second-most left nav
 
##Upload the Drupal logo file
 
##Change '''User assignment required?''' to '''No'''
 
##Change '''Visible to users? '''to '''No'''
 
##Click the '''Save''' button at the top of the pane 
 
#Click '''Owners''' under '''Manage''' in the second-most left nav
 
##Add yourself and any other members of [[Web_Technologies_&_Services|Web_Technologies_&_Services]] as owners. 
 
#Click '''Single sign-on''' under '''Manage''' in the second-most left nav
 
##Select '''SAML'''
 
##Click the '''Upload metadata file''' button at the top of the pane and upload the file you downloaded in the Initialize the Drupal site section above.
 
##Click the pencil icon under step 3 '''SAML Signing Certificate''' and delete the '''Notification Email Addressses''', then add itswebapplications@middlebury.edu as a notification email address.
 
##Click the '''Save''' button at the top of the pane then click the '''X '''button at the top right
 
##Click the '''Download '''link next to '''Federation Metadata XML''' under step 3 '''SAML Signing Certificate''' 
 
 
 
=== Configure the Drupal site ===
 
 
 
#Navigate to '''/admin/config/people/saml''' in your site administration.
 
#Under '''IDENTITY PROVIDER CONFIGURATION'''
 
##Paste the value from the '''<X509Certificate>''' element in the XML file you downloaded from Azure into the '''Primary x509 Certificate''' textarea.
 
##The '''Entity ID''' and other values should be the same for all sites, but can be verified against the content of the XML file. 
 
#Under '''USER INFO AND SYNCING'''
 
##Set '''Unique identifier attribute''' to <span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name]</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''Attempt to map SAML users to existing local users''' to '''Yes'''</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''Create users specified by SAML server''' to '''No'''</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''Synchronize user name on every login''' to '''Yes'''</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''Synchronize email address on every login''' to '''Yes'''</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''User name attribute''' to [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name]</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''User email attribute '''to [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name]</span> 
 
#<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Under '''SECURITY OPTIONS'''</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''Strict mode''' to '''Yes'''</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''Sign authentication requests''' to '''Yes'''</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''Request messages to be signed''' to '''No'''</span>
 
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''Request authn context''' to '''No'''</span> 
 
#<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Export this configuration for the site and deploy it to production.</span>
 
 
 
[[Category:Drupal]] [[Category:Web Application Development]]
 

Latest revision as of 16:16, 15 February 2021

Powered by MediaWiki