DrupalCMS本文
■ツール インストール
$ sudo dnf groupinstall 'Development Tools'
$ sudo dnf install nano wget rsync
$ sudo dnf update■SELinux
ポリシーは強制されないが、違反があればログに記録する
# nano /etc/selinux/config
SELINUX=permissive# rebootインストール中は ”見て向ぬふり(permissive)”を設定します。
これをしないと今後のインストールに支障をきたします。
■公開鍵・秘密鍵
鍵はED25519。
ED25519の公開鍵・秘密鍵ペアを作成する。
サーバーにユーザーアカウントでログイン。
公開鍵をドラッグアンドドロップでコピー。
Image
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ cd ~/.ssh
$ mv ../id_ed25519.pub ./authorized_keys# nano /etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthenticatio no
PermitEmptyPasswords no# reboot■ファイアウォールのポートを開ける
# systemctl enable firewalld
# systemctl start firewalld
# firewall-cmd --add-service={http,https} --permanent
# firewall-cmd --reload■Install Nginx Web Server
# dnf install dnf-utils# nano /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true# dnf install nginx
# systemctl enable nginx
# systemctl start nginxImage
■Install PHP 8.4
# dnf config-manager --set-enabled crb
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
# dnf install https://rpms.remirepo.net/enterprise/remi-release-10.rpm
# dnf module switch-to php:remi-8.4
# dnf module install php:remi-8.4# php -v
PHP 8.4.15 (cli) (built: Nov 18 2025 17:26:05) (NTS gcc x86_64)
Copyright (c) The PHP Group
Built by Remi's RPM repository <https://rpms.remirepo.net/> #StandWithUkraine
Zend Engine v4.4.15, Copyright (c) Zend Technologies# systemctl restart nginx■Install Required PHP Extensions
# dnf install -y php-gd php-mbstring php-opcache php-pdo php-mysqlnd php-xml php-json php-fpm# nano /etc/php.ini
memory_limit = 256M# nano /etc/php-fpm.d/www.conf
user = nginx
group = nginx
listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660# systemctl restart php-fpm
# systemctl restart nginx# nano /usr/share/nginx/html/info.php
<?php
phpinfo();
?># nano /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}# systemctl restart nginxhttp://www.hayate-lab.net/info.php
Image
■Composer
$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$ php -r "if (hash_file('sha384', 'composer-setup.php') === 'c8b085408188070d5f52bcfe4ecfbee5f727afa458b2573b8eaaf77b3419b0bf2768dc67c86944da1544f06fa544fd47') { echo 'Installer verified'.PHP_EOL; } else { echo 'Installer corrupt'.PHP_EOL; unlink('composer-setup.php'); exit(1); }"
$ php composer-setup.php
$ php -r "unlink('composer-setup.php');"
$ sudo mv composer.phar /usr/local/bin/composer$ composer -v
/ ____/___ ____ ___ ____ ____ ________ _____
/ / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__ ) __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
/_/
Composer version 2.9.2 2025-11-19 21:57:25■Install MariaDB Server
# dnf install mariadb-server mariadb# systemctl enable mariadb
# systemctl start mariadb# systemctl status mariadb
● mariadb.service - MariaDB 10.11 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: disabled)
Active: active (running) since Thu 2025-11-06 09:25:47 JST; 10s agomariadb.service: Referenced but unset environment variable evaluates to an empty string: MYSQLD_OPTS, _WSREP_NEW_CLUSTER →気にしない
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Switch to unix_socket authentication [Y/n] n
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
後の設定はデフォルト
Reloading privilege tables..
... Success!■Login to MariaDB
# mysql -u root -p
> CREATE DATABASE drupal;
> GRANT ALL PRIVILEGES ON drupal.* TO 'drupal'@'localhost' IDENTIFIED BY 'StrongPassword';
> FLUSH PRIVILEGES;
> EXIT;StrongPassword: パスワード生成ソフトを使って、ランダムな文字列にする。
■Download and Configure Drupal
# mkdir /usr/share/nginx/html/drupal
# cd /usr/share/nginx/html/drupal
# composer create-project drupal/cms■Set Correct File Permissions
# chown -R nginx:nginx /usr/share/nginx
# chmod -R 755 /usr/share/nginx■Configure Nginx for Drupal
# nano /etc/nginx/conf.d/default.conf
server {
root /usr/share/nginx/html/drupal/cms/web;
server_name www.hayate-lab.net;
location / {
try_files $uri /index.php?$query_string;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html/drupal/cms/web;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}# nginx -t
# systemctl restart nginx■Access Drupal
# cd /usr/share/nginx/html/drupal/cms/web
# mkdir sites/default/files
# chmod a+w sites/default/files
# chmod a+w sites/default
# cp sites/default/default.settings.php sites/default/settings.php
# chmod a+w sites/default/settings.phpおまじない
# setenforce 0# nano /usr/share/nginx/html/drupal/cms/web/sites/default/settings.php
$settings['trusted_host_patterns'] = ['^www\.hayate-lab\.net$',];
最終行に追加 (Esc /)
#
# testing_package_manager
#
$settings['testing_package_manager'] = 'TRUE';■Chrome 設定 閲覧履歴データを削除
閲覧履歴が残っていると、DrupalCMSの初期画面が表示されない場合がある。
過去アクセスしたhttp://www.hayate-lab.netを表示してしまう恐れがある。
Image
Image
Image
Image
Image
Image
■書き込み許可権限をはずす
# chmod go-w sites/default/settings.php
# chmod go-w sites/default■Drush
Drupal を管理している composer.json があるディレクトリで次のコマンドを打ちます。
# cd /usr/share/nginx/html/drupal/cms
# ls
# composer require --dev drush/drush$ echo 'export PATH="$PATH:/usr/share/nginx/html/drupal/cms/vendor/bin"' >> ~/.bashrc
$ source ~/.bashrc$ drush --version
Drush Commandline Tool 13.7.0.0■Let's Encrypt
# dnf install certbot
# certbot certonly --webroot -w /usr/share/nginx/html/drupal/cms/web -d www.hayate-lab.net
# reboot■証明書自動更新
# systemctl enable --now certbot-renew.timer# nano /etc/sysconfig/certbot
POST_HOOK="--post-hook 'systemctl restart nginx'"# systemctl list-timers
NEXT LEFT LAST PASSED UNIT ACTIVATES
Mon 2025-11-24 16:23:51 JST 1h 14min Mon 2025-11-24 15:03:03 JST 5min ago dnf-makecache.timer dnf-makecache.service
Tue 2025-11-25 00:01:25 JST 8h Mon 2025-11-24 14:18:41 JST - logrotate.timer logrotate.service
Tue 2025-11-25 08:03:18 JST 16h - - certbot-renew.timer certbot-renew.service
■証明書更新時 Nginxリロード
# nano /lib/systemd/system/certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://certbot.eff.org/docs
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew --no-random-sleep-on-renew --post-hook "systemctl reload nginx"
PrivateTmp=true■Configure Nginx for Drupal
# nano /etc/nginx/conf.d/default.conf
server {
root /usr/share/nginx/html/drupal/cms/web;
listen 443 ssl;
server_name www.hayate-lab.net;
ssl_certificate /etc/letsencrypt/live/www.hayate-lab.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.hayate-lab.net/privkey.pem;
location / {
try_files $uri /index.php?$query_string;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html/drupal/cms/web;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}# nginx -t
# systemctl restart nginx■Configure SELinux
# semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html/drupal/cms/web(/.*)?"
# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/drupal/cms/web/sites/default/settings.php'
# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/drupal/cms/web/sites/default/files'
# restorecon -Rv /usr/share/nginx/html/drupal/cms/web■必要モジュールインストール
# cd /usr/share/nginx/html/drupal/cms
# composer require 'drupal/backup_migrate:^5.1'
# composer require 'drupal/google_analytics:^4.0'■監査検索
# ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR■SELinux有効
モジュールインストール、アップデート時には
必ず、”見て向ぬふり(permissive)”を設定すること。
下手するとシステム破壊! もう大変!!
# nano /etc/selinux/config
#SELINUX=enforcing
SELINUX=permissive# reboot