Drupal Planet

Syndicate content
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 15 min 19 sec ago

Agiledrop.com Blog: AGILEDROP: Top Drupal 8 Books

Thu, 2017-01-12 02:53
The purpose of a great content is first to be explored and then to be read. Therefore, being listed on a first page on search engines is a key thing. Shortly, you will be able to read how to Search Engine Optimize your Drupal 8 website. But before Drupal SEO Book is released – you can pre-order it here or wait until 15th January – we will look at the best books Drupal 8 has to offer. The first choice is Drupal 8 Development Cookbook by Matt Glaman, which enjoys the best feedback from readers. The book is appropriate for web developers and site builders. It contains the whole chapter for… READ MORE
Categories: Drupal

Mike Crittenden: Exporting and importing big Drupal databases

Wed, 2017-01-11 21:15
Exporting and importing big Drupal databases

Once your site's database dump file gets to be 1GB or more, phrases like "oh, just download and import a DB dump" can't really be taken for granted anymore. So here are some tips for dealing with large databases, especially those of the Drupal variety.

Exporting

Before we can import, we must export. With a big DB, you don't want to just do a regular old mysqldump > outfile.sql and call it a day. Here are some tips.

Find the size before exporting

It can sometimes be useful to see how big the export is going to be before you actually export anything. That way, you can know ahead of time if you need to be doing this or that to reduce the size, or if it won't matter since the whole thing won't be that big anyway.

Here's a query you can run to see the size per DB table:

SELECT TABLE_SCHEMA, TABLE_NAME, DATA_LENGTH / POWER(1024,1) Data_KB, DATA_LENGTH / POWER(1024,2) Data_MB, DATA_LENGTH / POWER(1024,3) Data_GB FROM information_schema.tables WHERE table_schema NOT IN   ('information_schema','performance_schema','mysql') ORDER BY DATA_LENGTH;

And here's another query you can run to see what the total size for the entire DB is: 

SELECT Data_BB / POWER(1024,1) Data_KB, Data_BB / POWER(1024,2) Data_MB, Data_BB / POWER(1024,3) Data_GB FROM (SELECT SUM(data_length)   Data_BB FROM information_schema.tables WHERE table_schema NOT IN   ('information_schema','performance_schema','mysql')); Dump without unnecessary data

For those cases where you need the database structure for all of the tables, but you don't need the data for all of them, here's a technique you can use. This will grab the entire DB structure, but lets you exclude data for any tables that you want. For example, search_index, cache_*, or sessions tables will be good places to cut out some fat.

# First we export the table structure. mysqldump --no-data database_name > /export.sql # Grab table data, excluding tables we don't need. mysqldump --no-create-info   --ignore-table=database_name.table_name1   --ignore-table=database_name.table_name2   database_name >> export.sql

Just replace "table_name1" and "table_name2" with the tables that you want to skip, and you're golden. Also note that you can use the % character as a wildcard, so for example, you could ignore "cache%" for all cache tables.

After you do that, you'll have a single export.sql file that contains the DB structure for all tables and the DB data for all tables except the ones you excluded. Then, you'll probably want to compress it...

Compress all the things

This one may go without saying, but if you're not compressing your database dumps then either they're really tiny, or you're dumber than a dummy. 

drush sql-dump --gzip --result-file=db.sql

Compare that with the regular old:

drush sql-dump --result-file=db.sql

...and you're going to see a huge difference.

Or if you already have the SQL dump that you need to compress, you can compress the file directly using:

gzip -v db.sql

That will output a db.sql.gz file for you.

Importing

Now you have a nice clean compressed DB dump with everything you need and nothing you don't, and you're ready to import. Here are a few ways to ease the pain.

Import a compressed dump directly

Instead of having to decompress the dump before importing, you can do it inline:

gunzip -c db.sql.gz | drush sqlc Exclude data when importing

If you receive a DB dump that has a lot of data you don't need (caches, sessions, search index, etc.), then you can just ignore that stuff when importing it as well. Here's a little one-liner for this:

gunzip -c db.sql.gz | grep -Ev "^INSERT INTO \`(cache_|search_index|sessions)" | drush sqlc

What this is doing is using "grep" as a middleman and saying "skip any lines that are insertion lines for these specific tables we don't care about". You can edit what's in the parenthesis to add/remove tables as needed.

Monitor import progress

There's nothing worse than just sitting and waiting and having no idea how far along the import has made it. Monitoring progress makes a long import seem faster, because there's no wondering. 

If you have the ability to install it (from Homebrew or apt-get or whatever), the "pv" (Pipe Viewer) command is great here:

pv db.sql | drush sqlc

Or if your database is compressed:

pv db.sql.gz | gunzip | drush sqlc

Using "pv" will show you a progress bar and a completion percentage. It's pretty awesome.

If you don't have "pv" then you can settle for the poor man's version:

watch "mysql database_name -Be 'SHOW TABLES' | tail -n2"

That slick little guy will show you the table that is currently importing, and auto-updates as it runs, so you can at least see how far through the table list it has gone.

Tools and Resource

In this post I tried to focus on commands that everyone already has. If this just isn't cutting it for you, then look into these tools which could help even more:

  • SyncDB - a couple Drush commands that split DB dumps into separate files and import them in parallel, drastically speeding things up
  • Drush SQL Sync Pipe - an alternative to "drush sql-sync" that uses pipes where possible to speed things up
mcrittenden Wed, 01/11/2017 - 23:15
Categories: Drupal

Palantir: New Years Resolution: Spend More Time With Family and Friends

Wed, 2017-01-11 15:11
New Years Resolution: Spend More Time With Family and Friends brandt Wed, 01/11/2017 - 16:11 Allison Manley Jan 11, 2017

In this five-part series, every Monday in January we’ll explore a New Year’s resolution and how it can apply to your web project.

Stay connected with the latest news on web strategy, design, and development.

Sign up for our newsletter.

Surrounding oneself with a community of friends and family that offer needed support is important to us all. Palantir spent twenty years building our own culture and community right here at the office! But we’ve also been active members in the Drupal community for 12 years:

  • We’ve made contributions to every facet of the Drupal project: Core development, contributed modules, themes, financial assistance, training, documentation, conference organizing, and one Palantiri is a member of the Drupal Board.
  • This means we have a long history of helping organizations level up so they can become Drupal contributors and participants as well.
  • The collaboration in the open source community is one of the reasons Palantiri love Drupal so much.
Upcoming Events

Are you looking to get involved in the Drupal community? Some ideas:

Besides the Drupal and Open Source communities, Palantir works in some specific verticals that have their own rich and robust communities. We’re still finalizing exactly where we’ll be in 2017, but we know for sure you’ll find us at the following conferences so we can connect with friends in those industries and offer them support as needed:

Next week’s resolution: get organized. 

We'd love to help you keep your 2017 resolution.

Let's chat.
Categories: Drupal

Jeff Geerling's Blog: Drupal VM Tips & Tricks - brief remote presentation for DrupalDC

Wed, 2017-01-11 12:31

Yesterday I presented Drupal VM Tips & Tricks at the DrupalDC meetup, remotely. I didn't have a lot of time to prepare anything for the presentation, but I thought it would be valuable to walk through some of the neat features of Drupal VM people might not know about.

Here's the video from the presentation:

*/

Some relevant links mentioned during the presentation:

Categories: Drupal

Evolving Web: Upcoming 2017 Drupal Events where we can meet in North America

Wed, 2017-01-11 07:41

And it is finally 2017! New year, new projects, new challenges and, of course, a lot of Drupal events.

On this short post, I'll go through a few Drupal events in North America that we'll be either attending or be sponsoring on the first quarter of the year.

If you are planning to attend, feel free to get in touch with us in advance. We love hanging around and meeting with fellow community members, potential business partners, and people just interested in getting to know us.

read more
Categories: Drupal

DrupalEasy: Florida DrupalCamp: Now a 3-day, networking and learning open-source extravaganza!

Wed, 2017-01-11 06:16

We’re taking it up a couple notches this year down in Orlando for the 9th Florida DrupalCamp! We're expanding in every dimension we can find - highlighted by an opening day (Friday) of full-day workshops followed by two days (Saturday and half-day Sunday) of sessions!

Amazing Trainings

In previous years, we’ve had concurrent trainings on Saturdays and some sprinting on Sunday. This year, we changed it up: Friday will be a full training day including workshops on:

  • Beginning React JS - taught by John Tucker
  • Docker for Development with Drupal - taught by Lisa Ridley  
  • Introduction to Drupal 8 - taught by DrupalEasy's own Michael Anello  
  • Introduction to Drupal 8 Theming - taught by Suzanne Dergacheva
  • Introduction to DrupalVM - taught by Ben Hosmer

The best part is that trainings are included with the price of the ticket (now $35). You sign up for the training when registering. Space is limited, however, so register soon!

Three Phenomenal Featured Speakers

We have three amazing featured speakers this year!

Many More Extraordinary Sessions and Speakers

We have over 30 sessions already submitted with several weeks to go until the deadline. We still need more. Check them out and submit your session soon.

Kick-A** Weather

Orlando in February. Sunny and warm :)

The Absolute Best Sponsors Ever

It's true, we have the best group of sponsors money can't buy! We're crazy-happy about having Achieve Agency as our top-level Platinum sponsor. This newly formed South Florida shop is looking to make a big splash in the community, and we're happy that we can help introduce them to everyone. 

Combined with Johnson & Johnson, devPanel, and Digital Echidna as Gold-level sponsors as well as all of our other amazing supporters (including DrupalEasy!), we're excited to bring you the biggest and best Drupal event you've ever seen (not to mention a few fun surprises!)

Lots More Sensational Stuff!

From a new logo, great catering, t-shirt, giveaways, and even an integrated video game easter-egg on our website, there’s lots to be had. Don't miss it!  Register today or regret it for the rest of 2017!

Categories: Drupal

OSTraining: Contribute Your Code on Drupal.org, Part 5: Upload Your Project

Wed, 2017-01-11 03:12

Previously we talked about the different ways in which you can contribute to Drupal, setting up your project, configuring git and connecting and checking that you are connected to your sandbox project. 

Now we are going to upload our project and check the project meets Drupal's standards.

Categories: Drupal

Third & Grove: Granite Construction Drupal Case Study

Wed, 2017-01-11 01:00
Granite Construction Drupal Case Study antonella Wed, 01/11/2017 - 03:00
Categories: Drupal

Drupal Modules: The One Percent: Drupal Modules: The One Percent — Trash (video tutorial)

Tue, 2017-01-10 20:04
Drupal Modules: The One Percent — Trash (video tutorial) NonProfit Tue, 01/10/2017 - 21:04 Episode 13

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll investigate Trash, a module where deleted content entities are sent to a bin where they can later be reenabled or permanently removed.

Categories: Drupal

Red Route: Close enough for a side project - how to know when things are good enough

Tue, 2017-01-10 15:05

Once upon a time, before I became a web developer, I worked doing sound and light for events. Like web development, the hours tend to be long, and the work tends to attract anti-social oddballs. Unlike web development, you deal with rock stars. Like most professions, it’s full of jargon and in-jokes. One of the phrases in common usage in that industry was “close enough for rock and roll”. Depending on who you were talking to, it might have been jazz rather than rock and roll, but you get the idea. It isn’t too far away from the notion previously popularised by Voltaire: “Perfect is the enemy of good”.

Another formulation of the same idea was expressed slightly more succinctly (and less politely) on the T-shirt shown in the photo attached to this blog post. It was designed by and for my old student union stage crew. While the T-shirt encapsulates a lot of the attitude of the team, it would be a mistake to imagine that we were sloppy. As I’ve written before, we were unpaid, but we certainly weren’t amateurs. That volunteer crew probably had as high a level of professionalism as any team I’ve been a part of. The point was that we cared about the right things, and there comes a point where you have to accept that things are as good as they are realistically going to get.

There’s a point where it just isn’t worth putting in more effort before launch. You’ve done as much as you can, and you’re proving the law of diminishing returns, or the Pareto principle. Besides, if you carry on fixing things, you’ll end up delaying your launch. If you’re getting ready to put on a show, there's a point where you have to open the doors, whether or not things are 100% ready. There are people outside who have bought tickets. They don’t want to wait while you mess about with your final preparations. They’re here to see the show, and their idea of perfection is very likely to be different from yours.

In events, these people are (somewhat dismissively) called ‘punters’, and they don’t notice the same things that you do. Unless they’re in the business themselves, their perception of the event is likely to be very different to yours. Working on stage crew, I’ve cobbled things together with gaffa tape and crossed my fingers, and the show has turned out fantastically well. As a musician, I’ve done shows that I thought were riddled with mistakes, and people in the audience told me it was the best gig they’d seen us play. Punters don’t go to gigs for technically competent sound or lighting, or flawless performances - they go because they want to have a good time. Things are never as shiny backstage as they are front of house.

Similarly, as a developer, I’ve built sites that have won awards, although the code made me cringe. From a technical point of view, you may not be proud of the code or the architecture underlying a website, but that’s not what people are here for. They are visiting your website for the content, or some of the interactivity that it provides. Most sites are not perfect, but they don’t need to be.

There are certain areas where you should never cut corners. In events, that’s things like rigging lights from the ceiling - you have to make sure that they won’t fall on anyone’s head. In development, it’s in security - you have to make sure that people’s data is safe. If there’s a chance people might get hurt, there’s no excuse for sloppiness. But in most areas of most projects, you’re never going to get things perfect - you need to know what’s good enough.

I’ve been working on my own current side project (the redesign and Drupal 8 upgrade of an art gallery listings site) for a while now, in between the day job and family life. Just before Christmas, I still had quite a few tasks left on my board, but having read an article by Ben Roux, I knew that I needed to get the thing live, sooner rather than later. This is the great thing about side projects - there's something marvellously liberating being able to just make that decision for myself, without consultation with clients or stakeholders.

The great thing about putting your work out there on the web is that publishing improvements is trivial. I’ve defined my minimum viable redesign, so I can iterate and improve after launch, even though some of the functionality from the old Drupal 6 version isn’t ready. I could keep polishing and polishing, but it’s better to put it out there, and fix things later. Besides, I’m pretty confident that the new design is better than the old one, in spite of a few rough edges. Chances are, I’m the only person who will pick up on most of the problems with the site.

On the other hand, this means that nothing is ever finished. One of the things I loved about working in events was that there was a clear beginning, middle and end. We would start with an empty room and a full truck. We would unpack the truck, and fill the room with gear. Then we would put on a show. After the show, we’d pack up the gear and put it back into the truck. Then the truck would drive to the next venue, and we could (usually) go home with the satisfaction of a job well done.

With web development, it’s more like endlessly pushing a boulder up a hill. After putting a site live, there’s no great moment of triumph. If we take the analogy of a concert, it’s more like opening the doors and letting the punters in. Unless it’s a short-lived marketing site, the only time you ever take a website down and pack everything away is if the business has failed. There are always things to improve. I could keep adding features, or tweaking the design, or improving performance forever. But what value would it add? Besides, it’s a side project, and I’ve got other things to do.

Tags:  The Gallery Guide Drupal Drupal 8 work All tags
Categories: Drupal

John Svensson: Uninstall Drupal 8 modules that includes default configuration

Tue, 2017-01-10 15:02

In our modules we can include default configuration to ship content types, views, vocabularies on install. If we try to reinstall the module, we'll get an error. Let's take a look at why and how we can solve it.

Unable to install … already exist in active configuration

During uninstall the configuration is not removed because it has no connection to the module itself and thus we get the error because Drupal modules may not replace active configuration. The reason for that is to prevent configuration losses.

We can move all the configuration to config/optional rather than config/install which basically means that configuration that does not exists will be installed and the existing one will be ignored. If we do this we can reinstall the module.

So, if we want the configuration to remain active we've already solved the problem, but if we don't want that, we want the module to remove all configuration and contents its provided we'll need to look at another solution.

Let's take a look at the Article content type that is created when using the Standard distribution on installing Drupal.

node.type.article.yml

langcode: en status: true dependencies: { } name: Article type: article description: 'Use <em>articles</em> for time-sensitive content like news, press releases or blog posts.' help: '' new_revision: true preview_mode: 1 display_submitted: true

field.field.node.article.body.yml

langcode: en status: true dependencies: config: - field.storage.node.body - node.type.article module: - text id: node.article.body field_name: body entity_type: node bundle: article label: Body description: '' required: false translatable: true default_value: { } default_value_callback: '' settings: display_summary: true field_type: text_with_summary

If we delete the content type, we can find out that the field instance body on the content type has been removed. First we actually see that the configuration will be removed when confirming the deletion of the content type, but also by looking in the database in the config table where active configuration is stored. It's gone.

The reason it's deleted is because it has an dependency on the node.type.article.yml configuration as we can see:

dependencies: config: - field.storage.node.body - node.type.article module: - text

So what we need to do to make sure the content type we create when installing or module, that it's configuration uses our module as an dependency. So let's take a look at how we can do that:

Let's imagine we have a custom_event module that creates a event content type.

node.type.event.yml

langcode: en status: true dependencies: enforced: module: - custom_event third_party_settings: {} name: Event type: event description: 'Event' help: '' new_revision: true preview_mode: 1 display_submitted: false

The dependencies-part is the interesting one:

dependencies: enforced: module: - custom_event

We have defined a custom_event module, in that module we have some exported configuration files in the config/install folder. We update the node.type.event.yml configuration file to have our module as an dependency. Now when we uninstall the module, the content type will be removed.

We also have to do this for our views, taxonomy, and field storages, or pretty much any configuration entity we provide configuration for. We don't have to worry about field instances, as we saw above those are dependent on the content type itself, but field storages on the other hand does not depend on a content type because you can reuse fields on multiple of those.

So, just add the module as an dependency and you're good to go, here's an example on a field storage field_image

field.storage.node.field_image.yml

langcode: en status: true dependencies: enforced: module: - custom_event module: - file - image - node id: node.field_image field_name: field_image entity_type: node type: image settings: uri_scheme: public default_image: uuid: null alt: '' title: '' width: null height: null target_type: file display_field: false display_default: false module: image locked: false cardinality: 1 translatable: true indexes: target_id: - target_id persist_with_no_fields: false custom_storage: false
Categories: Drupal

Palantir: Prominent Midwest Business School

Tue, 2017-01-10 12:35
Prominent Midwest Business School brandt Tue, 01/10/2017 - 13:35 Visibility of Research and Ideas Through a Beautiful Design

A highly customizable layout to showcase our client's content.

Highlights
  • Highly customizable layout
  • A strong visual hierarchy punctuated with thoughtful typographic details  
  • Robust tagging and taxonomy for showcasing content

We want to make your project a success.

Let's Chat.

One of the oldest business schools in the country with a worldwide network of over 50,000 alumni, our client is one of the top-ranked business schools in the world. With a reputation for new ideas and research, it needs its online presence to reflect its bold, innovative approach to business education.

Our client’s approach to learning is to, “constantly question, test ideas, and seek proof,” which leads to new ideas and innovative solutions within business. Beyond the classroom, this approach empowers thought leaders and analytical minds to shape the future through deeper analysis and discovery.

In order to create greater visibility of the school’s research and ideas, the school publishes digital and print publications that give insight to business leaders and policymakers who can act upon those ideas. The publications help convey the concepts and research findings generated by the school, as well as by academics outside the school, via articles, infographics, charts, videos, and other devices.

Since both publications were due for an upgrade, our client decided to update its web presence and quarterly print magazine at the same time. With our client having already partnered with another firm to complete the magazine design, Palantir was brought in to design and develop the website in a way that provided cohesion between the two mediums.

Goals and Direction

Because the publication’s previous site was outdated and not optimized for mobile devices, the overall performance was less than ideal, with long loading times causing problems on tablets and smartphones. Additionally, the hierarchy on the old site needed some rethinking: the site was difficult to navigate, with limitations on how articles and videos could be connected, since visitors couldn’t easily or effectively filter or search the contents of the site.

The primary high-level goals for the redesign were to:

  • Move the site to Drupal, which allowed for increased community support and more flexibility in tools that could be incorporated
  • Provide an experience that demonstrated the depth of content from the publication
  • Optimize content search and social visibility
  • Provide a flexible platform that would evolve as the content evolved
  • Highlight visuals and alternative story formats
  • Leverage content featuring the business school’s high-profile faculty

To accomplish the majority of these goals, a well-planned content strategy was required. The new site needed the ability to display content in a variety of ways in order to make it digestible and actionable for readers. All content had to be easily sharable and optimized for the greatest possibility of distribution. Lastly once readers found content they wanted, related content should surface as well.

To support the content strategy, site editors needed the power to elevate content connections and relations through a strong visual design that offered flexibility, and with hierarchy that made sure news matched what visitors were looking for. They also required options on how to best showcase content, as well as the ability to include multiple storytelling mechanisms.

Examples of how related content is displayed in both desktop and mobile views while preserving typographic details.Site Focus

Once goals were outlined, Palantir worked to create a solid content strategy for the site. Taxonomy and tagging were addressed, and a new information architecture was put in place in order to make sure content was being seen and surfaced at the right time. After the initial strategy work was completed, it was decided to focus the work in two key areas:

  • Increase the number of pages during each visit. Prior to the redesign, a large percentage of visitors were coming in from search and social for a single article and then leaving before accessing any more articles, videos, or graphics. The former content management system made tying in related content difficult, so attention was given to each step of the process to make sure that related content could be easily surfaced by editors or by the system based on tagging. A goal was to give visitors more of the type of content they were looking for.
  • Improve number of visits per month. As important as it is to make navigating the site better, ensuring that visitors could find the content more easily was a key improvement that was needed for the site. As part of that, the site required better metadata for search and social optimization.
Style tile: Playful/Colorful/ProgressiveStyle tile: Dynamic/Modern/Bright

The design of the site was critical to achieving the goals, and we were given latitude to push the boundaries of the existing brand standards in order to give the magazine a distinctive look through color and typography. Our design team expanded the existing brand signals from our client in order to create style tiles to represent the general mood, typography, and colors recommended for the new site. With the variations in image treatment, typography, color palette, and button/quote designs, each style tile worked to capture a specific voice and personality for the magazine. This allowed us to quickly gauge how our client wanted to present itself to the world prior to starting formal layouts.

Once the final direction was chosen, we concentrated next on wireframing the pages so we could marry the functionality with the intended hierarchy and ensure that the revised content strategy was working as efficiently and powerfully as possible. Given that users spent the majority of time on those pages, individual article pages were given particular emphasis in wireframing, to ensure users would be enticed to explore further into the site.

In the layout phase, typography was given special attention, with drop-caps and call-out quotes being implemented to keep a print feel and break up a sea of gray text for long articles. This approach was particularly necessary on the mobile view, allowing the content to take center stage without losing any of the design details. Sharing on social media was also accounted for, with shorter quotes having their own dedicated sharing buttons. Additionally, the wealth of artwork provided by the school’s internal team created exciting opportunities for our design team on all applicable articles.

While not always the entry point for users, the homepage design needed to be as flexible as possible. Not only did we have to account for the hierarchy of stories and surface related content in the right way, but to allow for multiple types of content to be displayed while balancing related articles and email newsletter sign-up forms.

Examples of how the homepage can be customized to promote specific sections of content.  The Results

In the end, our client received a beautiful design that showcases the content well, and provides easy access to related content. Back-end editors are happy with the improved formatting and editing ability, with one editor saying, “it’s not even comparable to our previous site.” Our designs introduced new ways of visually displaying a wealth of content and helped push innovation for the magazine redesign. The print designers were able to apply our design signals to the associated print piece, creating a strong cohesion across all collateral to enhance the school’s brand.

The variety offered by the new homepage design supported the goal of increasing the page views, providing more opportunities to entice people to continue their experience, with connections between different articles and videos. With much of the greater University on Drupal, the move to Drupal also allowed the staff increased support within the school community. The flexibility of the modular design and build allowed staff to control the process and to be able to leverage important research to audiences and policymakers for years to come.

Content collapsed into mobile views.

 

We want to make your project a success.

Let's Chat. Drupal Services strategy design development
Categories: Drupal

Fuse Interactive: UX for Content Editors & Administrators

Tue, 2017-01-10 11:44

User Experience as it relates to Content Management Systems tends to overlook its most important users: Content Editors & Administrators.

Categories: Drupal

DrupalEasy: DrupalEasy Podcast 189 - BACnet to the Future (David Thompson - Energy and Drupal)

Tue, 2017-01-10 07:20

Direct .mp3 file download.

David Thompson (dbt102), consultant with Function 1, and maintainer of the BACnet and AppCtrl modules (used for building energy management) joins Mike on this first podcast of 2017.

Interview DrupalEasy News Three Stories Sponsors Picks of the Week Upcoming Events Follow us on Twitter Five Questions (answers only)
  1. Bikram Yoga
  2. BACnet advanced workstation with Web Control
  3. Presenting at DrupalCon
  4. Emu
  5. Understanding the value of CCK
Intro Music Subscribe

Subscribe to our podcast on iTunes, Google Play or Miro. Listen to our podcast on Stitcher.

If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.

Categories: Drupal

Code Enigma: SAML ADFS authentication in Drupal

Tue, 2017-01-10 06:24
SAML ADFS authentication in Drupal Language English Return to Blog SAML ADFS authentication in Drupal

Drupal as consumer/SP, ADFS as IdP

Tue, 2017-01-10 13:24By pascal

We'll try to cover the needed step to authenticate (and create if need) Drupal 7 users against an external Active Directory Federation server, using SimpleSAMLphp and the simplesamlphp_auth module.

Examples are given for a Debian server, using Nginx and php-fpm, but most of the configuration would be similar for other setups, and except for the application integration part, the SimpleSAML setup part should apply to any php integration.

Assumptions

We'll assume that:

Dependencies

We'll use memcache to store user sessions (although you can use a MySQL-like database instead), which is done through the php-memcache extension (NOT php-memcached):

sudo apt-get install memcached

sudo apt-get install php5-memcache

Once again, in case you read too fast, php-memcache, NOT php-memcached !

1. Nginx configuration: accessing SimpleSAML library through the web

Given that SAML is based on redirects, the first thing you'd need to do is being able to access the library over HTTPS.

1.1. Install the library

Download the library from https://simplesamlphp.org/download and extract it in Drupal's library folder, so it ends up under sites/all/libraries/simplesamlphp-1.14.8 in the repo (that will match /var/www/drupal-sp.master/www//sites/all/libraries/simplesamlphp-1.14.8 once deployed on the server).

1.2. Amend Nginx' fastcgi configuration

We need to add a line to the /etc/nginx/fastcgi_params file so it supports path_info (in short, paths in the form of file.php/parameter1/parameter2). Instead of amending the default one, we took the view of duplicating it and amending the copy instead:

sudo cp /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params_path_info

and add the following at the end: "fastcgi_param PATH_INFO $fastcgi_path_info;"

The resulting file should now look like:

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length;   fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol;   fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;   fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name;   fastcgi_param HTTPS $https if_not_empty;   fastcgi_param HTTP_PROXY "";   fastcgi_param PATH_INFO $fastcgi_path_info;     # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; 1.3 Setup the vhost

While it is possible to use a different subdomain for your application and the SimpleSAML library (look at 'session.cookie.domain' on SimpleSAML side and '$cookie_domain' on Drupal side), the simplest and most common approach is to have both under the same domain. Typically, our Drupal installation being at https://drupal-sp.example.com/, we would make the library accessible at https://drupal-sp.example.com/simplesaml/. Note the 'simplesaml' location has been chosen for simplicity of the example, but it could be set to anything, https://drupal-sp.example.com/auth/, https://drupal-sp.example.com/whatever/, ...

What we need to do is setting up an alias for our /simplesaml location to the library webroot on the filesystem at /var/www/drupal-sp.master/www/sites/all/libraries/simplesamlphp-1.14.8/www. The resulting vhost file (trimmed non-relevant parts) would be similar to:

server { server_name drupal-sp.example.com/; listen 443 ssl; # DRUPAL_ROOT root /var/www/drupal-sp.master/www; fastcgi_param HTTPS on; #### BEGIN SAML specific config #### # We could use any alias, as long it matches the config.php of SimpleSAML. location /simplesaml { # Point to our library folder webroot. alias /var/www/drupal-sp.master/www/sites/all/libraries/simplesamlphp-1.14.8/www; location ~ ^(?<prefix>/simplesaml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ { fastcgi_split_path_info ^(.+?\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; # Note we include the fastcgi config copied and modified above. include fastcgi_params_path_info; fastcgi_param SCRIPT_FILENAME $document_root$phpfile; fastcgi_param PATH_INFO $pathinfo if_not_empty; } # This looks extremly weird, and it is. Workaround a NGINX bug. @see https://trac.nginx.org/nginx/ticket/97 # Without this the assets (js/css/img) won't be served. location ~ ^(?<prefix>/simplesaml/resources/)(?<assetfile>.+?\.(js|css|png|jpg|jpeg|gif|ico))$ { return 301 $scheme://$server_name/sites/all/libraries/simplesamlphp-1.14.8/www/resources/$assetfile; } } #### END SAML specific config #### ## Rest of your app specific directives. } 2. SimpleSAML configuration 2.1 config.php

This is where the main "global" configuration directives reside, and it is located under the "config" folder of the library. Most of the default are fine as is, we are mainly going to set:

  • the main path
  • the memcache settings
  • the debug mode

The resulting file would end up with the following options:

 

<?php   /* * The configuration of SimpleSAMLphp * */   $config = array( /** * Full url to the library. Trailing slash is needed. */ 'baseurlpath' => 'https://drupal-sp.example.com/simplesaml/', /** * Debug data. Turn all that to FALSE on prod. */ 'debug' => TRUE, 'showerrors' => TRUE, 'errorreporting' => TRUE, /** * Admin access, do not enable on prod. */ 'auth.adminpassword' => 'MYPASSWORD', 'admin.protectindexpage' => FALSE, 'admin.protectmetadata' => FALSE, /** * This is a secret salt used by SimpleSAMLphp when it needs to generate a secure hash * of a value. It must be changed from its default value to a secret value. The value of * 'secretsalt' can be any valid string of any length. * * A possible way to generate a random salt is by running the following command from a unix shell: * tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' /dev/null;echo */ 'secretsalt' => 'omqczwt6klfdn244787098jqlfjdsql', /* * Some information about the technical persons running this installation. * The email address will be used as the recipient address for error reports, and * also as the technical contact in generated metadata. */ 'technicalcontact_name' => 'Administrator', 'technicalcontact_email' => 'na@example.org', /** * We want debugging on while setting our install up. */ 'logging.level' => SimpleSAML_Logger::DEBUG, 'logging.handler' => 'syslog', /** * Sessions will be held in memcache. */ 'store.type' => 'memcache', 'memcache_store.servers' => array( array( array('hostname' => 'localhost'), ), ), );

At this point, you should be able to reach https://drupal-sp.example.com/simplesaml/ and login as 'Admin' using the local SimpleSAML authentication mechanism. Check the "configuration" tab to access basic sanity checks on your config.

2.3 authsources.php

We're now ready to define our new authentication source in the config/authsources.php file, that holds an array of all available authentication sources. You'll notice there's already an "admin" one, which is the default local one defined by the SimpleSAML php library.

We assume that nothing has yet been created on the ADFS side (we'll do that at a later step), if that's not your case, you should match the entityID with the one provided to you.

<?php   $config = array( 'admin' => array( // Default local auth source. 'core:AdminPassword', ), 'example-drupal-sp' => array( // Type of auth source. 'saml:SP', // Unique identifier of your SP. // This can be set to anything, as long as no other SP use it on the IDP already. 'entityID' => 'urn:drupal:example', // IDP url identifier. A mean of getting the precise url is given later (@todo link) 'idp' => 'http://adfs-idp.example.com/adfs/services/trust', // This must be explicitely set to NULL, we rely on metadata. 'NameIDPolicy' => NULL, // These are the SP-side certificate, that we will need to generate. // The location is relative to the 'cert' directive specified in the // config.php file. 'privatekey' => 'saml.pem', 'certificate' => 'saml.crt', // Enforce signing of redirections, using our certificate. 'sign.logout' => TRUE, 'redirect.sign' => TRUE, 'assertion.encryption' => TRUE, // Enforce use of sha256. 'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', ), );

If you navigate to the "Authentication" tab > "Test configured authentication sources" within the /simplesaml admin interface, you should now see your new source appear as "example-drupal-sp". Don't try yet to use it, it will just throw exceptions for now !

Certificate generation

We now need to generate the certificates we did specify in the auth source, they will be used to sign our requests. We'll stick with the default location and create them under the "cert" directory of the library.

cd sites/all/libraries/simplesamlphp-1.14.8/cert

openssl req -x509 -sha256 -nodes -days 3652 -newkey rsa:2048 -keyout saml.pem -out saml.crt

2.4 saml20-idp-remote.php

The last piece of information that is needed for the two systems to be able to communicate is the metadata specification, which defines the various endpoints and protocols to use. The ADFS server conveniently exposes those, so we just need to get hold of them, and convert it to php. The federation XML file is usually located under /FederationMetadata/2007-06/FederationMetadata.xml but you can find it out from the ADFS management tool, by expanding "Services" > "Endpoints" and looking at the Metadata section.

In our case we would download "https://adfs-idp.example.com/FederationMetadata/2007-06/FederationMetada...". The next step is to convert it to a php array, with an utility provided by the SimpleSAML library, located at /simplesaml/admin/metadata-converter.php. This will generate 2 php arrays ready to copy paste:

  • saml20-sp-remote: we can ignore this one in our setup, as we are only acting as a Service Provider
  • saml20-idp-remote: this is the data we will need, and we are going to copy/paste it into metadata/saml20-idp-remote.php.

The array key should match the value of what we had specified in our authsources:

authsources.php:

'idp' => 'http://adfs-idp.example.com/adfs/services/trust',

saml20-idp-remote.php

$metadata['http://adfs-idp.example.com/adfs/services/trust'] = array(

If that's not the case, amend your authsource. Pay especially attention to the fact that the idp may identify itself as http://, not https://, even though all requests go through https endpoints.

3. ADFS setup

Now the SP side component is ready, we need to configure the IDP side.

3.1 SP metadata

In the same way our SP needs metadata to know how to talk to the IDP, the ADFS server needs to how to communicate with the SimpleSAML library, and must be provided some metadata. Here again, the SimpleSAML php library helps us a lot by exposing its metadata, ready for the server to consume.

You can obtain this url within the /simplesaml admin section, under the "Federation" tab, by clicking on the "View metadata" link underneath your "example-drupal-sp" source. This will display the actual metadata, along with the dedicated url to obtain it, https://drupal-sp.example.com/simplesaml/module.php/saml/sp/metadata.php... in our case.

3.2 Trust configuration

In the ADFS admin tool on the Windows server, create a new "Relying Party Trust". This should launch a Wizard similar to:

Enter the SP metadata URL (https://drupal-sp.example.com/simplesaml/module.php/saml/sp/metadata.php...) into the "Federation metadata address" field and press next. This should be enough to setup all the needed configuration, even though you will get a notice about some metadata fields being ignored, which you can ignore.

3.3 Claims

These claims serve as mappings between ADFS and SAML "fields", and are accessible trough the "Edit Claim Rules..." entry.

3.3.1 LDAP attributes

Create an "Issuance Transform Rule", of type "Send LDAP Attributes as Claims" with the fields you need to pass back to the SP. Some are preset and defined in the metadata, but you can add custom ones: In this example UPN and Email are using the set schema, while DisplayName is custom:

 

3.3.2 Incoming Claim

This is needed to map the SAML "Name ID" with the LDAP "UPN". Create another "Issuance Transform Rule", of type "Transform an Incoming Claim":

 

3.4 Testing the authentication

At this point, you should be able to authenticate against the Federated login. Before going any further, make sure this is working, by navigating to https://drupal-sp.example.com/simplesaml/ and following the "Test authentication sources" under the "Authentication tab".

After login in and being redirected, the simplesaml library will conveniently expose the attributes we added in the Claim rules, with their value:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upnhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressDisplayName

These fields are the ones the Drupal component is going to use for mapping with the user entity.

4. Drupal 4.1 The simplesamlphp_auth module

Now is the time to "drush en simplesamlphp_auth" ! Once the module is enabled, you will need to specify the ID of the authentication source, the user properties mapping from the LDAP attibutes, and you have a couple of options regarding how users will use Federated login over local Drupal login. You can do this through the UI, or capture in settings.php as follow:

<?php /** * @group SimpleSAML */ // The id of our authentication definition, // found in the config.php file at point 2.3 // above. $conf['simplesamlphp_auth_authsource'] = 'example-drupal-sp'; // Absolute path to the simplesamlphp library. $conf['simplesamlphp_auth_installdir'] = '/var/www/drupal-sp.master/www/sites/all/libraries/simplesamlphp-1.14.8'; // Field mappings. $conf['simplesamlphp_auth_mailattr'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'; $conf['simplesamlphp_auth_unique_id'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'; $conf['simplesamlphp_auth_user_name'] = 'DisplayName'; // Main activate/desactivate federated login switch. $conf['simplesamlphp_auth_activate'] = 1; // Allow/Disallow users to login with local Drupal account. $conf['simplesamlphp_auth_allowdefaultlogin'] = 1; // An array of roles than can login with a local Drupal account. // Leave empty doe 'all' $conf['simplesamlphp_auth_allowdefaultloginroles'] = array(); // An array of user uids than can login with a local Drupal account. $conf['simplesamlphp_auth_allowdefaultloginusers'] = array(); // Allow local password changes. $conf['simplesamlphp_auth_allowsetdrupalpwd'] = 0; // Overrides local roles (implies role mapping, // that is not covered in this article). $conf['simplesamlphp_auth_rolepopulation'] = '';

At this point, congrats, you are done ! Navigating as anonymous to https://drupal-sp.example.com/saml_login should redirect you to your Federated login portal, then back to Drupal where you will be logged in.

You can either add a link pointing to this on the login form if you are planning to mix local/federated login, or take over the login process enterly by redirecting it to this path.

4.2 Multi-environment setup

Chances are you are using several environments (dev/stage/uat/prod or however you name then) and want to use different endpoints foreach one. By default, the authsources and metadata settings are all keyed by ids, but some of the settings would all be shared in the $config array from your config.php file. You have several options to split those and use a different setup per environment, our choice is based on Drupal's settings.php. The reason is that it is fairly common to have this file environment-specific already, through symlinks, includes, etc. as part of whatever CI tool you are using.

4.2.1 config.php

Copy your simplesaml config.php to config.$ENV.php, eg config.dev.php for your dev environement. Then, replace the content of the main config.php with the following snippet, that will source Drupal settings.php file for an "environment" variable.

<?php   /* * Environment switcher for SimpleSAMLphp * */   // Session management. if (!ini_get('session.save_handler')) { ini_set('session.save_handler', 'file'); } // Grab per environment settings. if (!defined('EXAMPLE_DRUPAL_ROOT')) { define('EXAMPLE_DRUPAL_ROOT', substr(__DIR__, 0, strpos(__DIR__, '/sites/all/libraries/simplesamlphp-1.14.8/config'))); define('EXAMPLE_DRUPAL_SETTINGS_LOCAL_FILE', EXAMPLE_DRUPAL_ROOT . '/sites/default/settings.php'); } // This is defined in Drupal's settings.php file. global $example_simplesamlphp_environment; // Need to include the bootstrap file as it contains // some constants settings.php relies on. if (!defined('DRUPAL_CORE_COMPATIBILITY')) { require_once EXAMPLE_DRUPAL_ROOT . '/includes/bootstrap.inc'; } require_once EXAMPLE_DRUPAL_SETTINGS_LOCAL_FILE; require_once __DIR__ . '/config.'.$example_simplesamlphp_environment.'.php'; 4.3 settings.php

On the Drupal side of things, you can specify the environment to use, which will result in simplesaml loading the $config array from the matching config.$ENV.php file.

<?php // Be sure to pick a name that cannot conflict with // another variable. global $example_simplesamlphp_environment; $example_simplesamlphp_environment = 'dev'; // Pick the matching authentication endpoint for // this environment in authsources.php. $conf['simplesamlphp_auth_authsource'] = 'example-dev-sp'; BlogEnsuring data security BlogService Resilience and public vs private cloud BlogUnderstanding HSTS BlogPaaS versus managed servers - quality of resource
Categories: Drupal

ComputerMinds.co.uk: Loading config programmatically

Tue, 2017-01-10 06:00

In Drupal 8, there are many ways to interact with configuration from PHP. Most will allow you to write the config values, but some are read-only. Some will include 'overrides' from settings.php, or translations. There are many layers of abstraction, that each have different purposes, so it can be easy to run into subtle unintended problems (or more obvious errors!) if you pick a method that doesn't quite suit what you actually need to do. Here I'm going to outline some of them and when you might pick each one.

Categories: Drupal

Liip: How to get involved in Drupal projects

Tue, 2017-01-10 00:26

Drupal is an open source project and really depends on its community to move forward. It is all about getting to know the CMS, spreading the knowledge and contribute to projects.
I will give you some ways to get involved, even if you are not a developer there is a task for you!

Drupal Mentors – DrupalCon Dublin 2016 by Michael Cannon is licenced under CC BY-SA 2.0

Participating in user support

Sharing your knowledge with others is very important to the community: it is a nice thing to do and you might also learn some things by doing so. Whatever your skill level, you can give back to the community with online support. There are many places where you can give support starting with the Support Forums. You can also go to Drupal Answers which is more active than the forums or subscribe to the Support Mailing list. If you prefer real-time chat, you can also join #drupal-support channel on IRC or the Slack channels.

Helping out on documentation

Community members can write, review and improve different sorts of documentation for the project: community documentation on drupal.org, programming API reference, help pages inside the core software, documentation embedded in contributed modules and themes etc.
Contributing is a good way to learn more about Drupal and share your knowledge with others. Beginners are particularly encouraged to participate as they are more likely to know where documentation is lacking.
If you are interested, check out the new contributor tasks for anyone and writers.

Translating Drupal interface in your own language

The default language for the administration interface is English but there are about 100 available languages for translations. There is always a need for translations as many of these translation sets are incomplete or can be improved for core and contributed modules.
All translations are now managed by the translation server. If you are willing to help, all you have to do is logging into drupal.org and join a language team. There is even a video to learn how the translation system works and a documentation.

You can also help to translate documentation into your language. Most language-specific communities have their own documentation so you should get in touch with them directly. To learn more, see the dedicated page.

Improving design and usability

The idea is to improve the usability especially in Drupal 8 regarding the administration interface. The focus is mainly on content creation and site building. The community has done many research to understand the problems that users run into and how the new improvements performs. The purpose is also to educate developers and engage designers in order to grow the UX-team. You can visit the Drupal 8 UX page for more details and join the usability group.

Writing a blog post about Drupal

Writing a blog post about Drupal is a good way to share your knowledge and expertise. There are many subjects to explore, technical or not: talking about a former project you developed or writing a tutorial, telling about the state of a version or sharing about an event you attended… And if you are lucky enough your post can be published on the Weekly Drop, the official Drupal newsletter!

Don’t forget to reference your blog post on Planet Drupal, this platform is an aggregated list of feeds from around the web which shares relevant Drupal-related knowledge and information.

You can also find our Drupal related blog posts on the Liip blog.

Testing core and modules

Testing Drupal projects is necessary to make the platform stable and there are many things to test! If you have a technical background, you can help to review patches or to write unit tests.
For non-technical people, you can provide some feedback about usability of the administration interface that will help to improve the user experience. Follow the process to give a proper feedback.

Contributing to development

There are many ways to contribute code in core and “contrib” projects such as modules or themes.
You can first help to improve existing projects by submitted patches. This would be the natural thing to do when you work with a module and you notice a bug or a missing feature: search in the corresponding issue queue if the problem have been noticed before. If not, post a message explaining the issue and add a snippet of code if you found a potential fix. Then you can create a patch and submit it into the issue queue.
You can also contribute to new projects by creating your very own module or theme or create a sandbox for more experimental projects.

Attending events

The Drupal association organizes many events all around the world to promote the CMS and gather the community.

One of the biggest events are the Drupalcons. A Drupalcon gathers thousands of people and lasts about one week including 3 full days of conferences. These conferences cover many topics: site building, user experience, security, content authoring etc. You can also join sprints to contribute to Drupal projects and social events to meet the members of the community. Check out our report about DrupalCon Barcelona 2015!

“Drupal Dev Days” conferences occur once a year and gather developers to discuss and present topics technically relevant to the community. You can join sprints, intensive coding sessions and technical conferences.

You can also join DrupalCamps to meet your local community. These events last one or two days and focus on sharing knowledge amongst the community. You can attend conferences and sprints.

There are also many Drupal meetups which are free events happening in many cities in the world. Presentations and discussions finish around nice drinks and appetizers.

Sponsoring events

The community holds conventions and meetups in many countries and being a sponsor will not only help Drupal development but it will also enable you to be noticeable within the community. There are different levels of sponsorings that will offer from mentions on social media to advertising online and at the exhibition space of the event. All you have to do is getting in touch with the event organizers. By the way, Liip will sponsor the Drupal Mountain Camp in Davos this year!

Offering a donation

You can give donations to the Drupal association through the website in order to support drupal.org infrastructure and maintenance, worldwide events such as Drupalcons. The donations are either in Euros or Dollars.

You can also become a member of the Drupal Association for the same purpose, as an individual member or an organization member. The minimal fees are 15 Euros. Find more information about membership on drupal.org.

Conclusion

Drupal projects are constantly improving thanks to passionate volunteers who work on many subjects: development, documentation, marketing, events organization, supports… There is for sure a task that will suit you and it only takes small time commitment to make changes.
So join the great Drupal community and start getting involved!

Categories: Drupal

Agiledrop.com Blog: AGILEDROP: Other Top Drupal Blogs from December

Mon, 2017-01-09 23:06
In December 2016 we started implementing a new idea. An idea that looks back at the best Drupal blogs that were written by other authors in the previous month. We started with a November's overview. Here is next one in the row, bringing you December's action. Building Views Query Plugins for Drupal 8 We begin our list with the second part of Building Views Query Plugins for Drupal 8 by Matt Oliveira. He wrote about coding the plugin and ended up with a basic functioning example. Yet, the author left some space open for the final third part. You can read the full blog post here. The… READ MORE
Categories: Drupal

Jeff Geerling's Blog: Add a set of Taxonomy terms via a custom Drupal module's update hook

Mon, 2017-01-09 20:06

From time to time, I've needed to have a default set of Taxonomy terms created at the same time as a content type, as in the case of a field with a required Taxonomy term reference, using a Taxonomy that is not 'free tag' style.

Instead of requiring someone to go in and manually add all the terms after code is deployed, you can add terms in a custom module's update hook, like so:

Categories: Drupal

Platform.sh: Your instances safe from MongoDB Apocalypse on the Platform.sh PaaS

Mon, 2017-01-09 17:00

You might have heard about the MongoDB scare with titles like: MongoDB Apocalypse Is Here as Ransom Attacks Hit 10,000 Servers!

Rest assured, your MongoDB instances are safe and sound if they are running on Platform.sh. And this is a very strong argument to why our architecture is superior to other PaaS providers.

Unlike other providers, with Platform.sh all the services you use are inside the managed cluster and included in the plan’s price. These are not outside services that expose application ports on the internet. This is what allows us to clone entire clusters, this is what allows us to offer a 99.99% SLA on the entire stack for our enterprise offering, but this is also a security feature.

Each cluster has only two ways in: HTTP or SSH. Our entrypoints simply will not answer anything else.

Your application containers in the cluster have direct connectivity to the service containers, but this happens on a non-routable IP class. There is simply no possible way for the exterior world to access a service directly. And if you are running (in micro-service style) multiple services in the cluster you can even control which has access to which services through the relationships key in your .platform.app.yaml file. Because secure by default makes sense to us.

If you want to connect to a MongoDB instance from the exterior (to run for example an admin interface) you can still do it! But the only way to connect is through an SSH tunnel that relies on your private SSH key (platform tunnel:open on the command line will do the trick). You get all the benefits, all the ease of use of running a modern stack, but none of the hassle and risks of running a patchwork of services.

With Platform.sh you can be WebScale and secure!

Categories: Drupal

Powered By