Cover image for Drupal 8 on OpenBSD

Drupal 8 on OpenBSD

nabbisen profile image Heddi Nabbisen Updated on ・4 min read

* The cover image is originally by jplenio and edited with great appreciation.


Drupal is a secure and powerful CMS aka content management system.
It's an open source platform, which is based on Symfony, a fast and robust PHP web framework, nowadays.

EC-CUBE and Kimai 2 are also based on the same, Symfony.
I have built their servers on OpenBSD.
My post about EC-CUBE's installation is here and Kimai 2's is here.

Thus, I believed I could build a Drupal server on OpenBSD, my favorite OS, as well as them.
And I did it :)

The official document about Drupal installation is:
Also, the system requirements is:


Tutorial of Installation

Create Database

Create database and user:

CREATE DATABASE <database> CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

Get The Code

The latest package is available here:

First, download it and set it up:

$ ftp https://www.drupal.org/download-latest/zip
$ unzip zip
$ mv drupal-* drupal
$ # optional:
$ rm ./zip

$ cd drupal

Note: Simpler installation

There is an alternative installation.
"QUICKSTART" is written about in site/core/INSTALL.txt in the package.
Following it, you can have much fewer steps with missing the web installation and without the detailed configuration.

Next, install the dependencies via PHP Composer.
In OpenBSD, the package manager has it but the composer command is linked to the lower version PHP than 7.2 today.
Therefore, a small trick is required.
After the installation of Composer, run this command:

$ /usr/local/bin/php-7.2 /usr/local/libexec/composer.phar install --no-dev

The result is:

Loading composer repositories with package information
Installing dependencies from lock file
Nothing to install or update
Generating autoload files
> Drupal\Core\Composer\Composer::preAutoloadDump
> Drupal\Core\Composer\Composer::ensureHtaccess

Build the server

You have to build a web server with OpenBSD's httpd and get a certificate of Let's Encrypt beforehand.

Configure httpd.conf like this.
fastcgi socket brings requests to Drupal via PHP-FPM :)

server "<fqdn>" {
        listen on $ext_addr port 80
        block return 301 "https://$SERVER_NAME$REQUEST_URI"
server "<fqdn>" {
        listen on $ext_addr tls port 443
        tls {
                certificate     "/etc/letsencrypt/live/<fqdn>/fullchain.pem"
                key             "/etc/letsencrypt/live/<fqdn>/privkey.pem"
        # optional:
        log {
                access  "<fqdn>-access.log"
                error   "<fqdn>-error.log"

        root "/<...>/drupal"
        directory index index.php

        location "/*.php" { 
                fastcgi socket "/run/php-fpm.sock"
        location "/*.php[/?]*" { 
                fastcgi socket "/run/php-fpm.sock"
        location match "^/(.*)/[^\.]+/?$" {
                fastcgi socket "/run/php-fpm.sock"    
                request rewrite "/index.php/%1"

Restart httpd:

# rcctl restart httpd

Change permissions:

# # files
# chown -R :www sites/default
# chmod -R g+w sites/default
# # settings.php
$ cp sites/default/default.settings.php sites/default/settings.php
# chmod g+w sites/default/settings.php

Here we're ready.

Let's access to https://<fqdn> .
You will see the web installer running.
Just follow it :)

web installer
web installer

If you use "localhost" as database host, you might have to replace it with "".
Also, I recommend using "Table name prefix" also from the point of view of security.

web installer
web installer

web installer

Wait seconds.

web installer

Site configuration will start.

web installer
web installer
web installer

Finished :)


Reduce write permissions from a file, sites/default/settings.php, and a directory, sites/default:

# chmod g-w sites/default/settings.php
# # The target is just a directory and therefore the `-R` option is unnecessary:
# chmod g-w sites/default

"Health check" of the system will perhaps want you to register trusted hosts.
Edit sites/default/settings.php like this:

+ $settings['trusted_host_patterns'] = array(   
+   '^<fqdn>$',   
+ );

Don't forget escape sequence to use period because it means patterns.
For example, "^your.sub.domain$" should be "^your\.sub\.domain$".


Thank you for your reading :)
Happy computing.

Posted on by:

nabbisen profile

Heddi Nabbisen


An ICT designer/developer and a security monk. "With a cool brain and a warm heart", I am challenging unsolved problems in our society. I use OpenBSD/Rust/etc.


markdown guide