Middlebury

Difference between revisions of "Deploying a new Drupal 8 site"

(Created page with " == AzureAD Setup == === Initialize the Drupal site === #Navigate to '''/admin/config/people/saml''' in your site administration. #Set the '''Service Provider Configuration...")
 
Line 1: Line 1:
 +
 +
== Drupal Site Setup ==
 +
 +
=== Set up the varnish purger ===
 +
 +
#drush8 -y pm-enable purge purge_drush purge_queuer_coretags purge_tokens purge_ui varnish_purger varnish_purge_tags; drush8 -y cr;
 +
#Go to '''/admin/config/development/performance/purge'''
 +
#Click '''Add purger''' and add a '''Varnish purger'''
 +
#Configure the varnish purger
 +
##'''Name''': Varnish
 +
##'''Type''': Tag
 +
##'''Request'''
 +
###'''Hostname''': 140.233.1.178 140.233.1.177
 +
###'''Port''': 80
 +
###'''Path''': /
 +
###'''Request Method''': BAN
 +
###'''Scheme''': http 
 +
##'''Headers'''
 +
###-
 +
####'''Header''': Cache-Tags
 +
####'''Value''': [invalidation:expression] 
 +
###-
 +
####'''Header''': host
 +
####'''Value''': www.middlebury.edu 
 +
###-
 +
####'''Header''': Drupal-Site
 +
####'''Value''': www.middlebury.edu.SITE_PATH     
 +
#Export your configuration. It will have an id which looks something like "dd61b69fad". This is the VARNISH_ID you will add to the Chef configuration below.
  
 
== AzureAD Setup ==
 
== AzureAD Setup ==
Line 10: Line 38:
 
=== Configure AzureAD ===
 
=== Configure AzureAD ===
  
#Go to https://portal.azure.com  
+
#Go to [https://portal.azure.com https://portal.azure.com]
 
#Click on '''Azure Active Directory''' in the left nav  
 
#Click on '''Azure Active Directory''' in the left nav  
 
##Click on '''Enterprise Applications''' in the second-most left nav  
 
##Click on '''Enterprise Applications''' in the second-most left nav  
Line 23: Line 51:
 
##Click the '''Save''' button at the top of the pane   
 
##Click the '''Save''' button at the top of the pane   
 
#Click '''Owners''' under '''Manage''' in the second-most left nav  
 
#Click '''Owners''' under '''Manage''' in the second-most left nav  
##Add yourself and any other members of [[Web_Technologies_&_Services]] as owners.   
+
##Add yourself and any other members of [[Web_Technologies_&_Services|Web_Technologies_&_Services]] as owners.   
 
#Click '''Single sign-on''' under '''Manage''' in the second-most left nav  
 
#Click '''Single sign-on''' under '''Manage''' in the second-most left nav  
 
##Select '''SAML'''  
 
##Select '''SAML'''  
Line 38: Line 66:
 
##The '''Entity ID''' and other values should be the same for all sites, but can be verified against the content of the XML file.   
 
##The '''Entity ID''' and other values should be the same for all sites, but can be verified against the content of the XML file.   
 
#Under '''USER INFO AND SYNCING'''  
 
#Under '''USER INFO AND SYNCING'''  
##Set '''Unique identifier attribute''' to <span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name</span>
+
##Set '''Unique identifier attribute''' to <span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name]</span>
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''Attempt to map SAML users to existing local users''' to '''Yes'''</span>  
+
##<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Set '''Attempt to map SAML users to existing local users''' to '''Yes'''</span>
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''Create users specified by SAML server''' to '''No'''</span>
+
##<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Set '''Create users specified by SAML server''' to '''No'''</span>
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''Synchronize user name on every login''' to '''Yes'''</span>
+
##<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Set '''Synchronize user name on every login''' to '''Yes'''</span>
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''Synchronize email address on every login''' to '''Yes'''</span>
+
##<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Set '''Synchronize email address on every login''' to '''Yes'''</span>
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''User name attribute''' to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name</span>
+
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''User name attribute''' to [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name]</span>
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''User email attribute '''to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name</span> 
+
##<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Set '''User email attribute '''to [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name]</span> 
#<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Under '''SECURITY OPTIONS'''</span>
+
#<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Under '''SECURITY OPTIONS'''</span>
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''Strict mode''' to '''Yes'''</span>
+
##<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Set '''Strict mode''' to '''Yes'''</span>
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''Sign authentication requests''' to '''Yes'''</span>
+
##<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Set '''Sign authentication requests''' to '''Yes'''</span>  
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''Request messages to be signed''' to '''No'''</span>
+
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui,">Set '''Request messages to be signed''' to '''No'''</span>
##<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Set '''Request authn context''' to '''No'''</span> 
+
##<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Set '''Request authn context''' to '''No'''</span> 
#<span style="color: rgb(9, 30, 66);  font-family: -apple-system, system-ui, " segoe="" ui",="" roboto,="" "noto="" sans",="" ubuntu,="" "droid="" "helvetica="" neue",="" sans-serif;="" font-size:="" 14px;="" font-style:="" normal;="" font-variant-ligatures:="" font-variant-caps:="" font-weight:="" 400;="" letter-spacing:="" orphans:="" 2;="" text-align:="" left;="" text-indent:="" 0px;="" text-transform:="" none;="" white-space:="" widows:="" word-spacing:="" -webkit-text-stroke-width:="" background-color:="" rgb(255,="" 255,="" 255);="" text-decoration-style:="" initial;="" text-decoration-color:="" display:="" inline="" !important;="" float:="" none;"="">Export this configuration for the site and deploy it to production.</span>
+
#<span style="color: rgb(9, 30, 66); font-family: -apple-system, system-ui,">Export this configuration for the site and deploy it to production.</span>  
  
[[Category:Drupal]]
+
[[Category:Drupal]] [[Category:Web Application Development]]
[[Category:Web Application Development]]
 

Revision as of 11:25, 26 June 2019

Drupal Site Setup

Set up the varnish purger

  1. drush8 -y pm-enable purge purge_drush purge_queuer_coretags purge_tokens purge_ui varnish_purger varnish_purge_tags; drush8 -y cr;
  2. Go to /admin/config/development/performance/purge
  3. Click Add purger and add a Varnish purger
  4. Configure the varnish purger
    1. Name: Varnish
    2. Type: Tag
    3. Request
      1. Hostname: 140.233.1.178 140.233.1.177
      2. Port: 80
      3. Path: /
      4. Request Method: BAN
      5. Scheme: http
    4. Headers
      1. -
        1. Header: Cache-Tags
        2. Value: [invalidation:expression]
      2. -
        1. Header: host
        2. Value: www.middlebury.edu
      3. -
        1. Header: Drupal-Site
        2. Value: www.middlebury.edu.SITE_PATH
  5. Export your configuration. It will have an id which looks something like "dd61b69fad". This is the VARNISH_ID you will add to the Chef configuration below.

AzureAD Setup

Initialize the Drupal site

  1. Navigate to /admin/config/people/saml in your site administration.
  2. Set the Service Provider Configuration -> Entity ID to the path of this site's front page without the trailing slash.
  3. Download the metadata from /saml/metadata. You will need to upload this file to AzureAD.

Configure AzureAD

  1. Go to https://portal.azure.com
  2. Click on Azure Active Directory in the left nav
    1. Click on Enterprise Applications in the second-most left nav
    2. Click the + New application button at the top of the pane
    3. Select Non-gallery Application
    4. Enter Drupal - <site name> in the Name textfield
    5. Click the Create button
  3. Click Properties under Manage in the second-most left nav
    1. Upload the Drupal logo file
    2. Change User assignment required? to No
    3. Change Visible to users? to No
    4. Click the Save button at the top of the pane
  4. Click Owners under Manage in the second-most left nav
    1. Add yourself and any other members of Web_Technologies_&_Services as owners.
  5. Click Single sign-on under Manage in the second-most left nav
    1. Select SAML
    2. Click the Upload metadata file button at the top of the pane and upload the file you downloaded in the Initialize the Drupal site section above.
    3. Click the pencil icon under step 3 SAML Signing Certificate and delete the Notification Email Addressses, then add itswebapplications@middlebury.edu as a notification email address.
    4. Click the Save button at the top of the pane then click the X button at the top right
    5. Click the Download link next to Federation Metadata XML under step 3 SAML Signing Certificate

Configure the Drupal site

  1. Navigate to /admin/config/people/saml in your site administration.
  2. Under IDENTITY PROVIDER CONFIGURATION
    1. Paste the value from the <X509Certificate> element in the XML file you downloaded from Azure into the Primary x509 Certificate textarea.
    2. The Entity ID and other values should be the same for all sites, but can be verified against the content of the XML file.
  3. Under USER INFO AND SYNCING
    1. Set Unique identifier attribute to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    2. Set Attempt to map SAML users to existing local users to Yes
    3. Set Create users specified by SAML server to No
    4. Set Synchronize user name on every login to Yes
    5. Set Synchronize email address on every login to Yes
    6. Set User name attribute to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    7. Set User email attribute to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
  4. Under SECURITY OPTIONS
    1. Set Strict mode to Yes
    2. Set Sign authentication requests to Yes
    3. Set Request messages to be signed to No
    4. Set Request authn context to No
  5. Export this configuration for the site and deploy it to production.
Powered by MediaWiki