admin に投稿
Proxmox

■ツール インストール

$ sudo dnf groupinstall 'Development Tools'
$ sudo dnf install nano wget rsync
$ sudo dnf update

■SELinux

ポリシーは強制されないが、違反があればログに記録する

# nano /etc/selinux/config
SELINUX=permissive
# reboot

■公開鍵・秘密鍵

鍵はED25519。

クライアント側
ED25519の公開鍵・秘密鍵ペアを作成する。
サーバーにユーザーアカウントでログイン。

公開鍵をドラッグアンドドロップでコピー。

サーバ側

$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ cd ~/.ssh
$ mv ../id_ed25519.pub ./authorized_keys
# nano /etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthenticatio no
PermitEmptyPasswords no
# reboot

■スワップ

# dd if=/dev/zero of=/swapfile bs=1M count=4096
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile
# free
# cp -p /etc/fstab /etc/fstab.org
# echo "/swapfile none swap sw 0 0" | sudo tee -a /etc/fstab
# tail -1 /etc/fstab
/swapfile none swap sw 0 0
# reboot

■ファイアウォールのポートを開ける

# systemctl enable firewalld
# systemctl start firewalld
# firewall-cmd --add-service={http,https,mysql} --permanent
# firewall-cmd --reload

■Install Nginx Web Server

# dnf install dnf-utils
# nano /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
# dnf install nginx
# systemctl enable nginx
# systemctl start nginx

http://drupal.local


Welcome to nginx!

■Install PHP 8.4

# dnf config-manager --set-enabled crb
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
# dnf install https://rpms.remirepo.net/enterprise/remi-release-10.rpm
# dnf module switch-to php:remi-8.4
# dnf module install php:remi-8.4
# php -v
PHP 8.4.15 (cli) (built: Nov 18 2025 17:26:05) (NTS gcc x86_64)
Copyright (c) The PHP Group
Built by Remi's RPM repository <https://rpms.remirepo.net/> #StandWithUkraine
Zend Engine v4.4.15, Copyright (c) Zend Technologies
# systemctl restart nginx

■Install Required PHP Extensions

# dnf install -y php-gd php-mbstring php-opcache php-pdo php-mysqlnd php-xml php-json php-fpm
# nano /etc/php.ini
memory_limit = 256M
# nano /etc/php-fpm.d/www.conf
user = nginx
group = nginx
listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
# systemctl restart php-fpm
# systemctl restart nginx

■Composer

$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$ php -r "if (hash_file('sha384', 'composer-setup.php') === 'c8b085408188070d5f52bcfe4ecfbee5f727afa458b2573b8eaaf77b3419b0bf2768dc67c86944da1544f06fa544fd47') { echo 'Installer verified'.PHP_EOL; } else { echo 'Installer corrupt'.PHP_EOL; unlink('composer-setup.php'); exit(1); }"
$ php composer-setup.php
$ php -r "unlink('composer-setup.php');"
$ sudo mv composer.phar /usr/local/bin/composer

■Install MariaDB Server

# dnf install mariadb-server mariadb
# systemctl enable mariadb
# systemctl start mariadb
# systemctl status mariadb
● mariadb.service - MariaDB 10.11 database server
    Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: d
    Active: active (running) since Thu 2025-11-06 11:27:54 JST; 18s ago
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
     SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
後の設定はデフォルト
Reloading privilege tables..
... Success!

■Login to MariaDB

# mysql -u root -p
> CREATE DATABASE drupal;
> GRANT ALL PRIVILEGES ON drupal.* TO 'drupal'@'localhost' IDENTIFIED BY '<強力なパスワード>';
> GRANT ALL PRIVILEGES ON drupal.* TO 'kanji'@'192.168.1.%' IDENTIFIED BY '<強力なパスワード>';
> FLUSH PRIVILEGES;
> EXIT;

■Download and Configure Drupal

# mkdir /usr/share/nginx/html/drupal
# cd /usr/share/nginx/html/drupal
# composer create-project drupal/cms

■Set Correct File Permissions

# chown -R nginx:nginx /usr/share/nginx
# chmod -R 755 /usr/share/nginx

■Configure SELinux

# dnf install -y policycoreutils-python-utils
# semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html/drupal/cms/web(/.*)?"
# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/drupal/cms/web/sites/default/settings.php'
# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/drupal/cms/web/sites/default/files'
# restorecon -Rv /usr/share/nginx/html/drupal/cms/web

■Configure Nginx for Drupal

# nano /etc/nginx/conf.d/default.conf
server {
 root /usr/share/nginx/html/drupal/cms/web;
 client_max_body_size 256M;
 listen 80;
 server_name drupal.local;
#  location /{
#      index index.php;
#      try_files $uri $uri/index.php;
#   }
 location / {
   try_files $uri /index.php?$query_string;
 }
 error_page  500 502 503 504 /50x.html;
 location = /50x.html {
   root /usr/share/nginx/html/drupal/cms/web;
 }
 location ~ \.php$ {
   fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
   fastcgi_index index.php;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   include fastcgi_params;
 }
}
# nginx -t
# systemctl restart nginx

■Access Drupal

# cd /usr/share/nginx/html/drupal/cms/web
# mkdir sites/default/files
# chmod a+w sites/default/files
# chmod a+w sites/default
# cp sites/default/default.settings.php sites/default/settings.php
# chmod a+w sites/default/settings.php
# setenforce 0
# nano /usr/share/nginx/html/drupal/cms/web/sites/default/settings.php
$settings['trusted_host_patterns'] = ['^drupal\.local$',];
最終行に追加 (Esc /)
#
# testing_package_manager
#
$settings['testing_package_manager'] = 'TRUE';

Chrome 設定 閲覧履歴データを削除

http://www.hayate-lab.net

# chmod go-w sites/default/settings.php
# chmod go-w sites/default

■Cockpit

# dnf install cockpit
# systemctl enable --now cockpit.socket

ポート番号:9090

■Drush

Drupal を管理している composer.json があるディレクトリで次のコマンドを打ちます。

# cd /usr/share/nginx/html/drupal/cms
# ls
# composer require --dev drush/drush
$ echo 'export PATH="$PATH:/usr/share/nginx/html/drupal/cms/vendor/bin"' >> ~/.bashrc
$ source ~/.bashrc
$ drush --version
Drush Commandline Tool 13.6.2.0

■監査検索

# ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR