Drupal is a free, open-source content management system (CMS) written in PHP. It powers everything from personal blogs to enterprise websites and government portals. Drupal is known for its flexibility, strong security track record, and a massive ecosystem of contributed modules and themes. The latest stable release is Drupal 11.3, which requires PHP 8.3 or newer and supports MariaDB 10.6+, MySQL 8.0+, or PostgreSQL 16+.
This guide walks through a full Drupal 11 installation on RHEL 10, Rocky Linux 10, or AlmaLinux 10 using Nginx as the web server, MariaDB as the database backend, and PHP 8.4. We will also cover SELinux configuration, firewall rules, and SSL certificate setup with Let’s Encrypt.
Prerequisites
Before starting, make sure you have the following in place:
- A server running RHEL 10, Rocky Linux 10, or AlmaLinux 10 with at least 2GB RAM and 2 CPU cores
- Root or sudo access to the server
- A registered domain name pointed to your server’s public IP address
- Ports 80 (HTTP) and 443 (HTTPS) open on your firewall
- An active internet connection for package downloads
Step 1: Install PHP and Required Extensions
Drupal 11 requires PHP 8.3 or newer. RHEL 10 and its derivatives ship PHP 8.4 in the default AppStream repository, so no third-party repos are needed. Install PHP along with all the extensions Drupal needs for database connectivity, image processing, XML handling, and string operations. If you want a deeper look at PHP installation options, check out our guide on installing PHP on RHEL 10 / Rocky Linux 10.
sudo dnf install php php-fpm php-mysqlnd php-gd php-xml php-mbstring php-json php-curl php-opcache php-zip php-pdo php-intl php-bcmath -yAfter installation completes, verify the PHP version:
php -vThe output should confirm PHP 8.4 is installed:
PHP 8.4.5 (cli) (built: Mar 2 2026 10:15:42) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.4.5, Copyright (c) Zend Technologies
with Zend OPcache v8.4.5, Copyright (c), by Zend TechnologiesEnable and start PHP-FPM so it runs on boot:
sudo systemctl enable --now php-fpmPHP-FPM runs as the apache user by default on RHEL-based systems. Since we are using Nginx, update the PHP-FPM pool configuration to use the nginx user instead. Open the pool configuration file:
sudo vi /etc/php-fpm.d/www.confFind and change these directives:
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginxRestart PHP-FPM to apply the changes:
sudo systemctl restart php-fpmStep 2: Install MariaDB Database Server
Drupal needs a database backend to store content, users, and configuration. MariaDB 10.11 is available in the RHEL 10 AppStream repository and meets Drupal’s minimum requirement of MariaDB 10.6+. For production deployments that need the latest LTS features, see our MariaDB 11.4 LTS installation guide for Rocky Linux 10.
sudo dnf install mariadb-server -yEnable and start the MariaDB service:
sudo systemctl enable --now mariadbRun the security hardening script to set a root password, remove anonymous users, and disable remote root login:
sudo mariadb-secure-installationFollow the prompts – set a strong root password, answer Y to all security questions to remove test databases and anonymous users.
Step 3: Create Drupal Database and User
Log into the MariaDB shell as root to create a dedicated database and user for Drupal:
sudo mariadb -u root -pRun the following SQL statements to create the database, user, and grant privileges. Replace StrongPassword123 with your own secure password:
CREATE DATABASE drupal CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'drupaluser'@'localhost' IDENTIFIED BY 'StrongPassword123';
GRANT ALL PRIVILEGES ON drupal.* TO 'drupaluser'@'localhost';
FLUSH PRIVILEGES;
EXIT;Verify the database was created by listing all databases:
sudo mariadb -u root -p -e "SHOW DATABASES;"You should see drupal in the database list:
+--------------------+
| Database |
+--------------------+
| drupal |
| information_schema |
| mysql |
| performance_schema |
+--------------------+Step 4: Install Nginx Web Server
Nginx serves as the front-end web server that handles HTTP requests and passes PHP processing to PHP-FPM. Install it from the default repository:
sudo dnf install nginx -yEnable and start Nginx:
sudo systemctl enable --now nginxConfirm Nginx is running:
sudo systemctl status nginxThe output should show the service as active and running:
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
Active: active (running) since Sat 2026-03-22 10:30:00 UTC; 5s agoStep 5: Download Drupal with Composer
Composer is the recommended way to download and manage Drupal and its dependencies. First, install Composer globally:
curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composerVerify the installation:
composer --versionNow create the Drupal project using the recommended project template. This downloads Drupal core and all dependencies into /var/www/drupal:
sudo composer create-project drupal/recommended-project /var/www/drupalSet the correct ownership so that Nginx can read the files and PHP-FPM can write to them where needed:
sudo chown -R nginx:nginx /var/www/drupalVerify the Drupal files are in place:
ls /var/www/drupal/web/You should see the standard Drupal directory structure including core, modules, themes, and sites directories.
Step 6: Configure Nginx Virtual Host for Drupal
Create a dedicated Nginx server block configuration for your Drupal site. Replace drupal.example.com with your actual domain name throughout this configuration.
sudo vi /etc/nginx/conf.d/drupal.confAdd the following configuration:
server {
listen 80;
server_name drupal.example.com;
root /var/www/drupal/web;
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri /index.php?$query_string;
}
location @rewrite {
rewrite ^ /index.php;
}
location ~ \.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php-fpm/www.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
}Test the Nginx configuration for syntax errors:
sudo nginx -tIf the test passes, reload Nginx to apply the new configuration:
sudo systemctl reload nginxStep 7: Run the Drupal Web Installer
Before accessing the web installer, copy the default settings file and create the files directory that Drupal needs for uploads and caching:
cd /var/www/drupal/web
sudo cp sites/default/default.settings.php sites/default/settings.php
sudo mkdir -p sites/default/files
sudo chown -R nginx:nginx sites/default/settings.php sites/default/files
sudo chmod 666 sites/default/settings.php
sudo chmod 777 sites/default/filesOpen your browser and navigate to http://drupal.example.com. The Drupal installer will launch and guide you through these steps:
- Choose language – Select your preferred language and click “Save and continue”
- Choose profile – Select “Standard” for a full-featured installation with commonly used modules enabled
- Database configuration – Select “MySQL, MariaDB, or equivalent” as the database type. Enter the database name (
drupal), username (drupaluser), and the password you set in Step 3 - Install – Drupal will install the database schema and default configuration. This takes a minute or two
- Configure site – Set the site name, admin username, password, and email address
After installation completes, tighten the permissions on the settings file to prevent unauthorized changes:
sudo chmod 444 /var/www/drupal/web/sites/default/settings.phpStep 8: Configure SELinux for Drupal
RHEL 10 and its derivatives run SELinux in enforcing mode by default. Without the correct SELinux contexts and booleans, Nginx and PHP-FPM will be blocked from reading Drupal files, writing to the files directory, and connecting to MariaDB.
First, set the correct SELinux file contexts on the Drupal directory. The web content needs the httpd_sys_content_t label, and writable directories need httpd_sys_rw_content_t:
sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/drupal(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/drupal/web/sites/default/files(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/drupal/web/sites/default/settings.php"
sudo restorecon -Rv /var/www/drupalEnable the SELinux booleans that allow the web server to connect to the database and send network requests (needed for module updates and external API calls):
sudo setsebool -P httpd_can_network_connect_db 1
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_unified 1Verify the booleans are set correctly:
getsebool httpd_can_network_connect_db httpd_can_network_connect httpd_unifiedAll three should show on:
httpd_can_network_connect_db --> on
httpd_can_network_connect --> on
httpd_unified --> onStep 9: Configure Firewall Rules
Open the HTTP and HTTPS ports in firewalld so that external traffic can reach your Drupal site:
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadVerify the rules are active:
sudo firewall-cmd --list-servicesThe output should include both http and https in the services list:
cockpit dhcpv6-client http https sshStep 10: Secure Drupal with Let’s Encrypt SSL
Running Drupal over HTTPS is essential for security and SEO. Certbot automates the process of obtaining and renewing free SSL certificates from Let’s Encrypt. For more details on certificate management, see our guide on generating Let’s Encrypt SSL certificates on Linux.
If you prefer Apache over Nginx, our LAMP stack guide for RHEL 10 covers the Apache and PHP setup. For this Nginx-based deployment, install Certbot and the Nginx plugin:
sudo dnf install certbot python3-certbot-nginx -yRequest a certificate for your domain. Certbot will automatically modify your Nginx configuration to enable HTTPS and set up a redirect from HTTP to HTTPS:
sudo certbot --nginx -d drupal.example.comFollow the prompts to provide your email address and agree to the terms of service. When asked about redirecting HTTP to HTTPS, choose to redirect all traffic.
Certbot sets up automatic renewal via a systemd timer. Verify the timer is active:
sudo systemctl status certbot-renew.timerYou can also test the renewal process without actually renewing:
sudo certbot renew --dry-runAfter SSL is configured, update the Drupal trusted host settings to match your domain. Open the settings file:
sudo vi /var/www/drupal/web/sites/default/settings.phpAdd the trusted host pattern at the bottom of the file. Replace drupal\.example\.com with your actual domain (escape the dots with backslashes):
$settings['trusted_host_patterns'] = [
'^drupal\.example\.com$',
];Your Drupal site is now accessible over HTTPS at https://drupal.example.com.
Conclusion
You now have a working Drupal 11 installation on RHEL 10 / Rocky Linux 10 with Nginx, MariaDB, PHP 8.4, SELinux properly configured, and SSL encryption via Let’s Encrypt. From here, log into the Drupal admin panel at /admin to install themes, enable modules, and start building your site. For a production deployment, consider setting up regular database backups, enabling Redis or Memcached for caching, and placing a CDN in front of your server. Refer to the official Drupal documentation for advanced configuration options and security hardening recommendations.
