Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough
Nov 24 2020
Nov 24

I have several local development environments in my machine. I would like to use HTTPS on them without much hustle. That is why I decided to create my own custom Certificate Authority to simplify the process.

First I want to disclose that I am not an expert in this matter. I did some research and stapled together several articles that I found. My main source of inspiration was this article.

Please note that I am fully aware there are local development toolkits that may handle this for me. I have never found a need to virtualize and or containerize my local development environment. I like running things in my metal because they run faster, I have more control over them, and debugging them is simpler. If I ever need to work on several sites in parallel requiring conflicting setups in my local, I will likely jump into that wagon. However, this article is not about that.

I did the whole process in three steps:

  1. I created the Certificate Authority (CA). This is a one time setup.
  2. I installed the CA into Linux and Firefox. This is also a one time setup.
  3. I generated one certificate per site, signed by the CA, and added it to nginx. You need to do this once per site.

Creating a custom Certificate Authority

Since I have a directory in my local with all my sites I decided to put all the files in a directory there: /home/e0ipso/Sites/certs. Please change the path to the one you use. Run the commands in that directory.

To create the CA you need to type:

1
openssl genrsa -des3 -out myCA.key 2048

During the execution of that command you will need to provide a passphrase. I recommend using your password manager to generate and store such password. You will need the password in the last step.

After you generate the key, generate the root certificate.

1
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

Openssl will prompt you with questions. You can leave the questions on their defaults, provide silly answers, or give it truthful values. It doesn’t matter.

Making your system accept the new authority

If you use Linux you need to install the ca-certificate on the system. This is useful if you are not using Firefox to make the HTTP requests. Think of curl, Insomnia (which is amazing), a PHP program, etc. I learned how to do this in this post.

1
2
3
4
5
6
# First transform the .pem into a .crt.
openssl crl2pkcs7 -nocrl -certfile myCA.pem | openssl pkcs7 -print_certs -out myCA.crt
# Copy the ca-certificate where the OS expects it.
sudo cp myCA.crt /usr/local/share/ca-certificates
# Update the certificates to pick it up.
sudo update-ca-certificates

In addition to that you will need to install it into Firefox. Yes, even if you installed it system wide.

Firefox preferences pane

In the firefox preferences access the Privacy and Security section. After that under the Certificates heading select View Certificates…. This will open a dialog with an Authorities tab. There you will be able to import myCA.pem.

Creating the site certificate

This step is necessary every time you need to enable SSL for a new site in your local environment. This is why I wanted to simplify the process as much as possible, because next time I need to do this I will not remember how to do it. This is the shell script (you can also download it).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/sh

if [ "$#" -ne 1 ]
then
  echo "Usage: Must supply a domain"
  exit 1
fi

DOMAIN=$1

openssl genrsa -out ./certs/$DOMAIN.key 2048
openssl req -new -key ./certs/$DOMAIN.key -out ./certs/$DOMAIN.csr

cat > ./certs/$DOMAIN.ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $DOMAIN
EOF

openssl x509 -req -in ./certs/$DOMAIN.csr -CA ./certs/myCA.pem -CAkey ./certs/myCA.key -CAcreateserial \
-out ./certs/$DOMAIN.crt -days 825 -sha256 -extfile ./certs/$DOMAIN.ext

I have this script in /home/e0ipso/Sites/generate-certificate.sh, one level above /home/e0ipso/Sites/certs/myCA.key. Then I can run it with the domain name I want the certificate for:

1
./generate-certificate.sh local.contrib.com

Once again this will prompt you with some questions, you can skip them if you like. At some point it will require the password we saved in our password manager earlier (hopefully not a napkin). This will generate the local.contrib.com.key and local.contrib.com.crt files. The last step is to add it you your local webserver.

I use nginx, so I add:

1
2
3
4
5
6
server {
    # ...
    listen 443 ssl;
    ssl_certificate /home/e0ipso/Sites/certs/local.contrib.com.crt;
    ssl_certificate_key /home/e0ipso/Sites/certs/local.contrib.com.key;
    # ...

If you are curious, this is the nginx configuration file I use for my local development in a Drupal project.

Photo by Mauro Sbicego on Unsplash

Oct 09 2020
Oct 09

In this video I show a set of Open Source tools we have created to manage the whole application lifecycle when embedding JS apps inside of Drupal.

You can fork these tools, and with a couple of clicks you will get a demo of progressive decoupling in Drupal in your own site. This works in Drupal 8 and Drupal 9.

It is important to note that this is not only my work. This is a team effort that I collaborated with. Team mates Zequi Vázquez, Ian Whitcomb, and Hunter MacDermut are also the main authors of different parts of the system. I cleaned it up and made it generic so it could be shared as free software.

[embedded content]

Screenshots

Static HTML embedThe example widget has a demo page you can show to stakeholders for quick validation.Drupal embedSeamless integration of the JS applications in Drupal, including layout builder.
Sep 08 2020
Sep 08

The Drupal Association is running an election to one seat for the board of directors from the community. I asked this questions to all candidates.

I believe that engagement with the Drupal Association is not optional if you want to participate in the Drupal project in any way.

  • The Drupal Association manages drupal.org (ticketing + releases + documentation + API docs + outstanding communications + translations + security coverage). This is not optional for any individual.
  • The Drupal Association manages DrupalCon. This is optional for individuals.
  • The Drupal Association oversees the CWG. This is not optional for individuals.

Maybe some day engagement with the Drupal Association will be optional, but my opinion is that it is not optional today. This is why I think that the Drupal Association cannot act only in its own best interest, but it needs to act on the best interest of the people contributing to the project. That is regardless of their affiliation and/or feelings towards the association.

On that vein I asked all candidates this:

Excuse me if I make no sense in my questions. I am no lawyer either, and the U.S. is not my home country. My questions are framed around legal figures, however I only intend to get a sense of what your values are as a potential director.

The Drupal Association (DrupalCon Inc.) currently declares itself as a 501(c)(3) (as per 2018's tax filing). According to the IRS website:

A section 501(c)(3) organization must not be organized or operated for the benefit of private interests, such as the creator or the creator's family, shareholders of the organization, other designated individuals, or persons controlled directly or indirectly by such private interests. No part of the net earnings of a section 501(c)(3) organization may inure to the benefit of any private shareholder or individual. A private shareholder or individual is a person having a personal and private interest in the activities of the organization.

(emphasis of my own)

I sense a lot of effort in promoting business using Drupal in what the Drupal association does (my perception might be wrong). From my limited understanding, this is typical from 501(c)(6) organizations (Business leagues, Chambers of commerce, Boards of trade, ...). For context, the Linux Foundation declares itself as 501(c)(6) (as per 2018's tax filing).

My questions are:

  1. Do you feel the current Drupal Association is living to the 501(c)(3) spirit? (I am not asking about the legality, but the spirit).
  2. Should a voting arise: do you lean towards promoting the project itself and stay as a 501(c)(3)? or do you think that promoting business with Drupal is the best course of action and, therefore, the Drupal Association should become a 501(c)(6)?

My questions are geared towards: how will you position yourself in the balance between promoting the common good vs. fostering healthy business using Drupal? But I would love to get specific answers to the two questions above.

Aug 04 2020
Aug 04

Drupal allows the creation of multivalue fields. Wouldn’t it be useful to have a way to enter all the values for that field as comma separated values? I wrote a module for that.

This video shows the how to configure a textfield to accept comma separated values that are interpreted as multiple values for the field. Learn more at Comma Separated String Widget.

[embedded content]

Usage

Step 1

Configure your text field to use the new widget. Screenshot of the configuration

Step 2

Profit. Screenshot of the widget

Photo by Brook Anderson on Unsplash

Jul 19 2020
Jul 19

Many enterprises use Drupal for the flexibility it offers. This comes at a cost, every Drupal site is very different from each other. Patterns emerge that are not reused or standarized across different projects.

This video proposes a code structure and workflow when working around entities with Typed Entity. This has helped me in the past to achieve more maintainability and modularity in my Drupal projects.

[embedded content]

Photo by Neven Krcmarek on Unsplash

May 08 2020
May 08

I have recorded a video tutorial highlighting some of the features of a module I created for Drupal recently. This is the Entity Reference Preview Drupal module.

When you preview the latest version of an entity (ex: a node) you only preview that entity. That means that referenced entities in that page are rendered with the published version, not the latest. This module addresses that.

When prompted, many people ask: Wait! that is not the default behavior already?

Have you ever wanted to preview a listing from a view (or a block, or a layout builder page, …) with the latest version of the embedded entities? This module allows you to do that.

[embedded content]
Mar 29 2020
Mar 29

I have recorded a video tutorial highlighting some of the features of a module I created for Drupal a while ago. This is the Warmer Drupal module.

Cache warming may not be a critical piece for sites with a lot of traffic, because traffic organically warms caches. However, it is critical for these sites to deploy with warm caches after a release that cleared all caches. This will prevent overloading the server or even cache stampedes.

[embedded content]

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web