CiviCRM for Drupal 8 installation notes » History » Revision 20
Revision 19 (Jon Goldberg, 05/03/2019 08:34 PM) → Revision 20/24 (Jon Goldberg, 05/03/2019 08:34 PM)
{{last_updated_at}} by {{last_updated_by}}
# CiviCRM for Drupal 8 installation notes
* Make sure your composer version is up to date! The one that ships with civicrm-buildkit is quite old.
* Run the composer command on [David Snopek's blog post](https://www.mydropwizard.com/blog/better-way-install-civicrm-drupal-8) that fits your scenario (creating a new site vs. adding Civi to an existing D8 site).
* New site is: `composer create-project roundearth/drupal-civicrm-project:8.x-dev some-dir --no-interaction`
* Add the following to `civicrm.settings.php` (modify the last line for your actual CMS root, and paste this after `CIVICRM_UF_BASEURL` is defined):
```php
$civicrm_setting['URL Preferences']['userFrameworkResourceURL'] = CIVICRM_UF_BASEURL . '/libraries/civicrm/';
$civicrm_paths['civicrm.root']['url'] = CIVICRM_UF_BASEURL . '/libraries/civicrm/';
$civicrm_setting['domain']['userFrameworkResourceURL'] = CIVICRM_UF_BASEURL . '/libraries/civicrm/';
$civicrm_paths['cms.root']['path'] = '/home/jon/local/drupal8test/web';
```
* If you prefer separate Drupal and Civi databases, [dump the Civi tables only](https://stackoverflow.com/a/5269543/2832108) and [drop the Civi tables](https://stackoverflow.com/a/1589324/2832108). Load them into a new database and modify your `CIVICRM_DSN` in `civicrm.settings.php` accordingly.
#### extern directory access
D8 restricts access to PHP files that aren't whitelisted, so you need to whitelist the `extern` directory files. In `<webroot>/.htaccess`, find this rule:
```
# For security reasons, deny access to other PHP files on public sites.
# Note: The following URI conditions are not anchored at the start (^),
# because Drupal may be located in a subdirectory. To further improve
# security, you can replace '!/' with '!^/'.
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
# Allow access to test-specific PHP files:
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
```
Change it to this:
```
# For security reasons, deny access to other PHP files on public sites.
# Note: The following URI conditions are not anchored at the start (^),
# because Drupal may be located in a subdirectory. To further improve
# security, you can replace '!/' with '!^/'.
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
# Allow access to test-specific PHP files:
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
# Allow access to the CiviCRM "extern" directory.
RewriteCond %{REQUEST_URI} !/libraries/civicrm/extern/[a-z]+\.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
```
### On every install and update:
#### non-bootstrap scripts
[There's an [open MR](https://gitlab.com/roundearth/civicrm-composer-plugin/merge_requests/4) to handle this]
* To get `extern` scripts and `bin/csv/import.php` loading correctly, create a *second* `settings_location.php` in `vendor/civicrm/civicrm-core`:
```php
<?php
define('CIVICRM_CONFDIR', dirname(dirname(dirname(dirname(__FILE__)))) . '/web/sites');
```