MariaDB 11.4 LTS is the current long-term support release of MariaDB Server, maintained with bug fixes and security patches until May 2029. It brings major improvements including SSL/TLS enabled by default, query optimizer enhancements, new JSON functions, and parallel backup operations in mariadb-dump. This guide covers a complete MariaDB 11.4 LTS installation on Rocky Linux 10, AlmaLinux 10, and RHEL 10 using the official MariaDB repository.
We will install MariaDB from the official MariaDB.org repository rather than the distribution default packages. This gives you the latest 11.4.x point releases directly from the MariaDB team, with faster updates and access to all features documented in the MariaDB 11.4 release notes.
Prerequisites
- A server running Rocky Linux 10, AlmaLinux 10, or RHEL 10
- Root or sudo access
- Internet connectivity to download packages from MariaDB repository
- Firewall access to port 3306/TCP if remote database connections are needed
Step 1: Add the Official MariaDB Repository
The default RHEL 10 family repositories ship an older MariaDB version. To get MariaDB 11.4 LTS, add the official MariaDB repository. Create the repo file:
sudo vi /etc/yum.repos.d/mariadb.repoAdd the following repository configuration:
# MariaDB 11.4 LTS repository
[mariadb]
name = MariaDB
baseurl = https://rpm.mariadb.org/11.4/rhel/$releasever/$basearch
module_hotfixes = 1
gpgkey = https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck = 1The $releasever variable automatically resolves to your OS major version (10), and $basearch picks up the correct architecture (x86_64 or aarch64). The module_hotfixes setting ensures MariaDB packages are not overridden by distribution modules.
Clean the dnf cache to pick up the new repository:
sudo dnf clean allStep 2: Install MariaDB 11.4 LTS on Rocky Linux 10 / AlmaLinux 10
Install the MariaDB server and client packages from the official repository:
sudo dnf install MariaDB-server MariaDB-client MariaDB-backupWhen prompted, accept the MariaDB GPG key and confirm the installation. The package names from the official repository use uppercase naming (MariaDB-server) unlike the lowercase distribution packages.
After installation completes, verify the installed version:
mariadb --versionThe output confirms MariaDB 11.4.x is installed:
mariadb from 11.4.10-MariaDB, client 15.2 for Linux (x86_64) using EditLine wrapperStep 3: Start and Enable MariaDB Service
Enable MariaDB to start on boot and start the service immediately:
sudo systemctl enable --now mariadbVerify the service is running:
sudo systemctl status mariadbThe output should show the service as active (running) with the MariaDB 11.4 version string:
● mariadb.service - MariaDB 11.4.10 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; preset: disabled)
Active: active (running) since Fri 2026-03-21 10:15:32 UTC; 5s ago
Docs: man:mariadbd(8)
https://mariadb.com/kb/en/library/systemd/
Process: 12345 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 12346 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Main PID: 12350 (mariadbd)
Status: "Taking your SQL requests now..."
Tasks: 14 (limit: 23432)
Memory: 128.0M
CPU: 312ms
CGroup: /system.slice/mariadb.service
└─12350 /usr/sbin/mariadbdStep 4: Secure the MariaDB Installation
Run the security script to set a root password, remove anonymous users, disable remote root login, and drop the test database:
sudo mariadb-secure-installationFollow the interactive prompts. Here are the recommended answers for a production setup:
Enter current password for root (enter for none): [Press Enter]
Switch to unix_socket authentication [Y/n] Y
Change the root password? [Y/n] Y
New password: [Enter strong password]
Re-enter new password: [Confirm password]
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] YWith unix_socket authentication enabled, you can connect as root without a password when running as the system root user. This is the default and recommended authentication method on Linux.
Test the connection:
sudo mariadbYou should get the MariaDB shell prompt confirming a successful connection:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 11.4.10-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>Step 5: Create a Database and User in MariaDB
Connect to MariaDB as root and create a new database with a dedicated user. Replace appdb, appuser, and the password with your own values:
sudo mariadbRun the following SQL statements to create the database, user, and grant full privileges:
CREATE DATABASE appdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'StrongPassword123!';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;Verify the database was created:
SHOW DATABASES;The output lists all databases including the new one:
+--------------------+
| Database |
+--------------------+
| appdb |
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.001 sec)Exit the MariaDB shell:
EXIT;Test the connection with the new user to confirm credentials work:
mariadb -u appuser -p appdbEnter the password when prompted. A successful connection confirms the user and database are set up correctly. For managing databases through a web interface, you can set up phpMyAdmin on your RHEL-based server.
Step 6: Configure MariaDB for Remote Access
By default, MariaDB only listens on localhost (127.0.0.1). If your application server connects from a different host, you need to change the bind address. Edit the MariaDB server configuration:
sudo vi /etc/my.cnf.d/server.cnfUnder the [mariadbd] section, set the bind address. Use 0.0.0.0 to listen on all interfaces, or specify a particular IP:
[mariadbd]
bind-address = 0.0.0.0Restart MariaDB to apply the change:
sudo systemctl restart mariadbVerify MariaDB is now listening on all interfaces by checking port 3306:
ss -tlnp | grep 3306The output should show MariaDB listening on 0.0.0.0:3306:
LISTEN 0 80 0.0.0.0:3306 0.0.0.0:* users:(("mariadbd",pid=12350,fd=22))You also need to create a database user that can connect from a remote host. Replace 10.0.1.50 with the IP address of your application server:
sudo mariadbGrant access to the remote user:
CREATE USER 'appuser'@'10.0.1.50' IDENTIFIED BY 'StrongPassword123!';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'10.0.1.50';
FLUSH PRIVILEGES;
EXIT;Step 7: Configure Firewall for MariaDB (Port 3306)
If you enabled remote access, open port 3306/TCP in firewalld to allow incoming database connections:
sudo firewall-cmd --permanent --add-service=mysql
sudo firewall-cmd --reloadVerify the rule was added:
sudo firewall-cmd --list-servicesThe output should include mysql in the list of allowed services, which corresponds to port 3306/TCP:
cockpit dhcpv6-client mysql sshFor tighter security, restrict access to a specific subnet or IP instead of opening the port to everyone:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.0/24" port port="3306" protocol="tcp" accept'
sudo firewall-cmd --reloadStep 8: Configure SELinux for MariaDB Remote Connections
On RHEL 10 family systems with SELinux enforcing, MariaDB can listen on its default port 3306 without any changes – SELinux already allows this. Verify the allowed ports:
sudo semanage port -l | grep mysqldThe output confirms port 3306 is already in the SELinux policy for MariaDB:
mysqld_port_t tcp 1186, 3306, 63132-63164If you need MariaDB to listen on a non-standard port (for example 3307), add it to the SELinux policy:
sudo semanage port -a -t mysqld_port_t -p tcp 3307Step 9: Basic MariaDB Performance Tuning
For production workloads, adjust key buffer sizes based on your available RAM. Edit the server configuration:
sudo vi /etc/my.cnf.d/server.cnfAdd these settings under the [mariadbd] section. These values are suitable for a server with 4GB RAM – scale proportionally for your setup:
[mariadbd]
# InnoDB buffer pool - set to ~70% of available RAM for dedicated DB servers
innodb_buffer_pool_size = 2G
# Log file size - larger values improve write performance
innodb_log_file_size = 512M
# Max connections - adjust based on application needs
max_connections = 200
# Query cache is disabled by default in 11.4 (deprecated)
# Use ProxySQL or application-level caching instead
# Slow query log for identifying performance issues
slow_query_log = 1
slow_query_log_file = /var/log/mariadb/slow-query.log
long_query_time = 2Restart MariaDB to apply the tuning changes:
sudo systemctl restart mariadbConfirm the new settings are active by checking from within the MariaDB shell:
sudo mariadb -e "SHOW VARIABLES LIKE 'innodb_buffer_pool_size';"The output confirms the buffer pool is set to 2GB (2147483648 bytes):
+-------------------------+------------+
| Variable_name | Value |
+-------------------------+------------+
| innodb_buffer_pool_size | 2147483648 |
+-------------------------+------------+To monitor your database sizes and table growth over time, check out how to find database sizes in MySQL and MariaDB.
Step 10: Set Up MariaDB Backups
MariaDB 11.4 includes mariadb-backup (Mariabackup) for hot physical backups. Take a full backup with:
sudo mariadb-backup --backup --target-dir=/var/backups/mariadb/fullBefore restoring, prepare the backup to apply InnoDB log files:
sudo mariadb-backup --prepare --target-dir=/var/backups/mariadb/fullFor logical backups using mariadb-dump, MariaDB 11.4 supports parallel backup operations for faster exports of large databases:
sudo mariadb-dump --all-databases --single-transaction --routines --triggers > /var/backups/mariadb/all-databases.sqlFor offsite backup storage, you can back up MySQL and MariaDB databases to Amazon S3.
Conclusion
MariaDB 11.4 LTS is now installed and running on your Rocky Linux 10 or AlmaLinux 10 server with secure defaults, remote access configured, and firewall rules in place. For production deployments, set up automated backups with mariadb-backup, configure MariaDB replication for high availability, and consider Galera Cluster with HAProxy for multi-node setups with automatic failover.
