Megaphone Commons

{{last_updated_at}} by {{last_updated_by}}

# CiviCRM for Drupal 8 installation notes

* Make sure your composer version is up to date!  The one that ships with civicrm-buildkit is quite old.

* Run the composer command on [David Snopek's blog post](https://www.mydropwizard.com/blog/better-way-install-civicrm-drupal-8) that fits your scenario (creating a new site vs. adding Civi to an existing D8 site).

 * New site is: `composer create-project roundearth/drupal-civicrm-project:8.x-dev some-dir --no-interaction`

* Add the following to `civicrm.settings.php` (modify the last line for your actual CMS root, and paste this after `CIVICRM_UF_BASEURL` is defined):

```php

$civicrm_setting['URL Preferences']['userFrameworkResourceURL'] = CIVICRM_UF_BASEURL . '/libraries/civicrm/';                                                                                                     

$civicrm_paths['civicrm.root']['url'] = CIVICRM_UF_BASEURL . '/libraries/civicrm/';

$civicrm_setting['domain']['userFrameworkResourceURL'] = CIVICRM_UF_BASEURL . '/libraries/civicrm/';

$civicrm_paths['cms.root']['path'] = '/home/jon/local/drupal8test/web';

```

* If you prefer separate Drupal and Civi databases, [dump the Civi tables only](https://stackoverflow.com/a/5269543/2832108) and [drop the Civi tables](https://stackoverflow.com/a/1589324/2832108).  Load them into a new database and modify your `CIVICRM_DSN` in `civicrm.settings.php` accordingly.

#### extern directory access

D8 restricts access to PHP files that aren't whitelisted, so you need to whitelist the `extern` directory files.  In `<webroot>/.htaccess`, find this rule:

```

# For security reasons, deny access to other PHP files on public sites.

  # Note: The following URI conditions are not anchored at the start (^),

  # because Drupal may be located in a subdirectory. To further improve

  # security, you can replace '!/' with '!^/'.

  # Allow access to PHP files in /core (like authorize.php or install.php):

  RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$

  # Allow access to test-specific PHP files:

  RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php

  # Allow access to Statistics module's custom front controller.

  # Copy and adapt this rule to directly execute PHP files in contributed or

  # custom modules or to run another PHP application in the same directory.

  RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$

  # Deny access to any other PHP files that do not match the rules above.

  # Specifically, disallow autoload.php from being served directly.

  RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]

```

Change it to this:

```

  # For security reasons, deny access to other PHP files on public sites.

  # Note: The following URI conditions are not anchored at the start (^),

  # because Drupal may be located in a subdirectory. To further improve

  # security, you can replace '!/' with '!^/'.

  # Allow access to PHP files in /core (like authorize.php or install.php):

  RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$

  # Allow access to test-specific PHP files:

  RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php

  # Allow access to Statistics module's custom front controller.

  # Copy and adapt this rule to directly execute PHP files in contributed or

  # custom modules or to run another PHP application in the same directory.

  RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$

  # Allow access to the CiviCRM "extern" directory.

  RewriteCond %{REQUEST_URI} !/libraries/civicrm/extern/[a-z]+\.php$

  # Deny access to any other PHP files that do not match the rules above.

  # Specifically, disallow autoload.php from being served directly.

  RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]

```

### On every install and update:

#### kcfinder

[Note there is an [merged MR](https://gitlab.com/roundearth/civicrm-composer-plugin/merge_requests/2) to handle the first two steps in `civicrm-composer-plugin` but it's not published to packagist yet.  The third step should be included in Civi 5.13.]

kcfinder (image browsing/upload within CKEditor) is currently broken.  You need to do several things to fix.

* First, copy it to libraries/civicrm: `cp -r vendor/civicrm/civicrm-core/packages/kcfinder web/libraries/civicrm/packages/`.

* Your `<webroot>/libraries/civicrm/settings_location.php` should read:

```php

<?php

define('CIVICRM_CONFDIR', dirname(dirname(dirname(__FILE__))) . '/sites');

```

#### non-bootstrap scripts

[There's an [open MR](https://gitlab.com/roundearth/civicrm-composer-plugin/merge_requests/4) to handle this]

* To get `extern` scripts and `bin/csv/import.php` loading correctly, create a *second* `settings_location.php` in `vendor/civicrm/civicrm-core`:

```php

<?php

define('CIVICRM_CONFDIR', dirname(dirname(dirname(dirname(__FILE__)))) . '/web/sites');

```