Proxmox
■ツール インストール
$ sudo dnf groupinstall 'Development Tools'
$ sudo dnf install nano wget rsync unzip tar
$ sudo dnf update■SELinux
ポリシーは強制されないが、違反があればログに記録する
# nano /etc/selinux/config
SELINUX=permissive# reboot■公開鍵・秘密鍵
鍵はED25519。
クライアント側
ED25519の公開鍵・秘密鍵ペアを作成する。
サーバーにユーザーアカウントでログイン。
公開鍵をドラッグアンドドロップでコピー。
Image
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ cd ~/.ssh
$ mv ../id_ed25519.pub ./authorized_keys# nano /etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no# reboot■スワップ
# dd if=/dev/zero of=/swapfile bs=1M count=4096
# chmod 600 /swapfile
# mkswap /swapfile# swapon /swapfile
# free# cp -p /etc/fstab /etc/fstab.org
# echo "/swapfile none swap sw 0 0" | sudo tee -a /etc/fstab# tail -1 /etc/fstab
/swapfile none swap sw 0 0# reboot■ファイアウォールのポートを開ける
# systemctl enable firewalld
# systemctl start firewalld# firewall-cmd --add-service={http,https,mysql} --permanent
# firewall-cmd --reload■Install Nginx Web Server
# dnf install dnf-utils# nano /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true# dnf install nginx
# systemctl enable nginx
# systemctl start nginx
Image
■Install PHP 8.4
# dnf config-manager --set-enabled crb
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
# dnf install https://rpms.remirepo.net/enterprise/remi-release-10.rpm
# dnf module switch-to php:remi-8.4# dnf module install php:remi-8.4# php -v
PHP 8.4.20 (cli) (built: Apr 8 2026 08:16:38) (NTS gcc x86_64)
Copyright (c) The PHP Group
Built by Remi's RPM repository <https://rpms.remirepo.net/> #StandWithUkraine
Zend Engine v4.4.20, Copyright (c) Zend Technologies# systemctl restart nginx■Install Required PHP Extensions
# dnf install -y php-gd php-mbstring php-opcache php-pdo php-mysqlnd php-xml php-json php-fpm# nano /etc/php.ini
memory_limit = 256M# nano /etc/php-fpm.d/www.conf
user = nginx
group = nginx
listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660# systemctl restart php-fpm
# systemctl restart nginx# nano /usr/share/nginx/html/info.php
<?php
phpinfo();
?>
# nano /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}# systemctl restart nginx
Image
■Composer
$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$ php -r "if (hash_file('sha384', 'composer-setup.php') === 'c8b085408188070d5f52bcfe4ecfbee5f727afa458b2573b8eaaf77b3419b0bf2768dc67c86944da1544f06fa544fd47') { echo 'Installer verified'.PHP_EOL; } else { echo 'Installer corrupt'.PHP_EOL; unlink('composer-setup.php'); exit(1); }"
$ php composer-setup.php
$ php -r "unlink('composer-setup.php');"$ sudo mv composer.phar /usr/local/bin/composer
$ composer -v
/ ____/___ ____ ___ ____ ____ ________ _____
/ / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__ ) __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
/_/
Composer version 2.9.7 2026-04-14 13:31:52
■Install MariaDB Server
# dnf install mariadb-server mariadb# systemctl enable mariadb
# systemctl start mariadb# systemctl status mariadb
● mariadb.service - MariaDB 10.11 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: d
Active: active (running) since Thu 2025-11-06 11:27:54 JST; 18s agomariadb.service: Referenced but unset environment variable evaluates to an empty string: MYSQLD_OPTS, _WSREP_NEW_CLUSTER →気にしない
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
後の設定はデフォルト
Reloading privilege tables..
... Success!■Login to MariaDB
# mysql -u root -p
> CREATE DATABASE drupal;
> GRANT ALL PRIVILEGES ON drupal.* TO 'drupal'@'localhost' IDENTIFIED BY '<StrongPassword>';
> GRANT ALL PRIVILEGES ON drupal.* TO 'kanji'@'192.168.1.%' IDENTIFIED BY '<StrongPassword>';
> FLUSH PRIVILEGES;
> EXIT;StrongPassword: パスワード生成ソフトを使って、ランダムな文字列にする。
■Download and Configure Drupal
# mkdir /usr/share/nginx/html/drupal
# cd /usr/share/nginx/html/drupal# composer create-project drupal/cms■Set Correct File Permissions
# chown -R nginx:nginx /usr/share/nginx
# chmod -R 755 /usr/share/nginx■Configure Nginx for Drupal
# nano /etc/nginx/conf.d/drupal.local.conf
server {
root /usr/share/nginx/html/drupal/cms/web;
client_max_body_size 256M;
listen 80;
server_name drupal.local;
location / {
try_files $uri /index.php?$query_string;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html/drupal/cms/web;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}# nginx -t
# systemctl restart nginx■Access Drupal
# cd /usr/share/nginx/html/drupal/cms/web
# mkdir sites/default/files
# chmod a+w sites/default/files
# chmod a+w sites/default# cp sites/default/default.settings.php sites/default/settings.php
# chmod a+w sites/default/settings.php# setenforce 0# nano /usr/share/nginx/html/drupal/cms/web/sites/default/settings.php
$settings['trusted_host_patterns'] = ['^drupal\.local$',];
最終行に追加 (Esc /)
#
# testing_package_manager
#
$settings['testing_package_manager'] = 'TRUE';■Chrome 設定 閲覧履歴データを削除
Image
Image
Image
忘れずに「日本語」を設定する。
Image
①サイト名:Hayate-Lab
②テンプレート:Starter
③テータベースの構成
データベースのタイプ:MySQL
データベース名:drupal
データベースのユーザー名:drupal
データベースのパスワード:**********************
■書き込み許可権限をはずす
# chmod go-w sites/default/settings.php
# chmod go-w sites/default■Cockpit
# dnf install cockpit
# systemctl enable --now cockpit.socketポート番号:9090
■Drush
Drupal を管理している composer.json があるディレクトリで次のコマンドを打ちます。
# cd /usr/share/nginx/html/drupal/cms
# ls
# composer require --dev drush/drush$ echo 'export PATH="$PATH:/usr/share/nginx/html/drupal/cms/vendor/bin"' >> ~/.bashrc
$ source ~/.bashrc$ drush --version
Drush Commandline Tool 13.6.2.0■Configure SELinux
# dnf install -y policycoreutils-python-utils# semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html/drupal/cms/web(/.*)?"
# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/drupal/cms/web/sites/default/settings.php'
# semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/drupal/cms/web/sites/default/files'# restorecon -Rv /usr/share/nginx/html/drupal/cms/web■SELinux有効
モジュールインストール、アップデート時には
必ず、”見て見ぬふり(permissive)”を設定すること。
# nano /etc/selinux/config
#SELINUX=enforcing
SELINUX=permissive# reboot■監査検索
# ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR■モジュール
# cd /usr/share/nginx/html/drupal/cms
# composer require 'drupal/backup_migrate:^5.1'