MariaDB is a community-driven fork of MySQL that has become the default relational database on most Linux distributions. It offers full MySQL compatibility while adding features like the Aria storage engine, system versioning, and native vector data types in newer releases. MariaDB 11.4 is the current Long Term Support release with community support through May 2029.
This guide covers installing MariaDB 11.4 LTS on Rocky Linux 10 and AlmaLinux 10 from the official MariaDB repository. We also cover Rocky Linux 10’s default MariaDB 10.11 from AppStream if you prefer the distro-packaged version. Both approaches include security hardening, user management, remote access configuration, and firewall rules.
Prerequisites
- A server running Rocky Linux 10 or AlmaLinux 10 with root or sudo access
- At least 1 GB RAM (2 GB+ recommended for production workloads)
- Port 3306/TCP open if you need remote database connections
Option A: Install MariaDB 11.4 LTS from Official Repository
The official MariaDB repository gives you the latest 11.4 LTS release with features like online ALTER TABLE, improved JSON functions, and SSL enabled by default. This is the recommended option for new deployments.
Add the MariaDB Repository
MariaDB provides a setup script that configures the repository automatically. Run it with the --mariadb-server-version flag to pin to the 11.4 LTS branch:
curl -LsS https://r.mariadb.com/downloads/mariadb_repo_setup | sudo bash -s -- --os-type=rhel --os-version=10 --mariadb-server-version="mariadb-11.4"The script creates /etc/yum.repos.d/mariadb.repo. It also adds the MaxScale repository, which may not have packages for EL10 yet. If you see 404 errors during dnf install, disable the MaxScale repo:
sudo dnf config-manager --save --setopt=mariadb-maxscale.enabled=0Install MariaDB Server
Install the server, client tools, and the backup utility:
sudo dnf install -y MariaDB-server MariaDB-client MariaDB-backupVerify the installed version:
rpm -q MariaDB-serverYou should see MariaDB 11.4.x confirmed:
MariaDB-server-11.4.10-1.el10.x86_64Option B: Install MariaDB 10.11 from AppStream
Rocky Linux 10 and AlmaLinux 10 ship MariaDB 10.11 in the AppStream repository. This version receives security patches through the RHEL 10 lifecycle and requires no external repositories. Choose this if you prefer distro-supported packages:
sudo dnf install -y mariadb-server mariadbNote the lowercase package names – AppStream packages use mariadb-server while the official repo uses MariaDB-server.
Start and Enable MariaDB
Start the MariaDB service and enable it to start on boot:
sudo systemctl enable --now mariadbCheck that the service is running:
sudo systemctl status mariadbThe output should show the service active with the MariaDB version in the description:
● mariadb.service - MariaDB 11.4.10 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: disabled)
Active: active (running)Verify the version from the client:
mariadb --versionOutput confirms the client version:
mariadb from 11.4.10-MariaDB, client 15.2 for Linux (x86_64) using EditLine wrapperSecure the MariaDB Installation
A fresh MariaDB install has no root password, includes anonymous users, and ships with a test database. The mariadb-secure-installation script fixes all of this interactively:
sudo mariadb-secure-installationAnswer the prompts as follows:
- Switch to unix_socket authentication? – n (keep password auth for flexibility)
- Set root password? – Y, then enter a strong password
- Remove anonymous users? – Y
- Disallow root login remotely? – Y
- Remove test database? – Y
- Reload privilege tables? – Y
Verify you can log in with the new root password:
mariadb -u root -pRun a version check from the MariaDB prompt to confirm the connection works:
SELECT VERSION();Create a Database and User
In production, applications should never connect as root. Create a dedicated database and user for each application. Log in as root first:
mariadb -u root -pCreate a database and a user with full privileges on it:
CREATE DATABASE appdb;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'SecureAppP@ss2024';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;If the application connects from a different server, replace 'localhost' with the application server’s IP address or '%' for any host (less secure).
Verify the user was created:
SELECT user, host FROM mysql.user;Configure Remote Access
By default, MariaDB only listens on localhost (127.0.0.1). To allow connections from other servers, edit the server configuration:
sudo vi /etc/my.cnf.d/server.cnfUnder the [mysqld] section, set the bind address to the server’s IP or 0.0.0.0 to listen on all interfaces:
[mysqld]
bind-address = 0.0.0.0Restart MariaDB to apply the change:
sudo systemctl restart mariadbVerify MariaDB is now listening on all interfaces:
ss -tlnp | grep 3306You should see it bound to 0.0.0.0:3306 instead of 127.0.0.1:3306.
Configure Firewall
If remote clients need to connect, open the MariaDB port in firewalld:
sudo firewall-cmd --permanent --add-port=3306/tcp
sudo firewall-cmd --reloadVerify the rule:
sudo firewall-cmd --list-portsThe output should include 3306/tcp.
SELinux Considerations
Rocky Linux 10 runs SELinux in enforcing mode. MariaDB works out of the box with the default policy. If you change the data directory or port, SELinux may block access. For a non-standard port, allow it with:
sudo semanage port -a -t mysqld_port_t -p tcp 3307For a non-standard data directory, relabel it:
sudo semanage fcontext -a -t mysqld_db_t "/data/mariadb(/.*)?"
sudo restorecon -Rv /data/mariadbCheck for any SELinux denials after making changes:
sudo ausearch -m avc -ts recent | grep mariadbMariaDB Configuration Tuning
The default configuration works for light workloads. For production servers handling real traffic, tune these key parameters in /etc/my.cnf.d/server.cnf under the [mysqld] section:
[mysqld]
innodb_buffer_pool_size = 1G
innodb_log_file_size = 256M
max_connections = 200
innodb_flush_log_at_trx_commit = 2
innodb_flush_method = O_DIRECTSet innodb_buffer_pool_size to roughly 60-70% of available RAM on a dedicated database server. Restart MariaDB after making changes:
sudo systemctl restart mariadbTroubleshooting
MariaDB fails to start after configuration change
Check the error log for details:
sudo journalctl -u mariadb --no-pager -n 30Common causes: typos in server.cnf, innodb_buffer_pool_size set larger than available RAM, or SELinux blocking access to a non-default data directory.
Cannot connect remotely
Verify three things: the bind-address is set to 0.0.0.0 (not 127.0.0.1), the firewall has port 3306 open, and the MariaDB user was created with the connecting host’s IP (not just 'localhost').
Access denied for user ‘root’@’localhost’
If you lose the root password, stop MariaDB, start it with --skip-grant-tables, reset the password, then restart normally:
sudo systemctl stop mariadb
sudo mariadbd-safe --skip-grant-tables &
mariadb -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewP@ssword';"
sudo kill $(cat /var/lib/mysql/*.pid)
sudo systemctl start mariadbConclusion
MariaDB 11.4 LTS is running on your Rocky Linux 10 / AlmaLinux 10 server, secured with a root password and ready for application databases. For production deployments, set up MariaDB replication for redundancy, schedule regular backups with mariadb-backup, and monitor performance with Zabbix or a similar monitoring tool. Refer to the official MariaDB documentation for advanced features like Galera Cluster, system versioning, and the new vector data types available in newer releases.
