Setting up Moodle

tested on a Slackware Linux current (Jan 2021) LXC container

Bridge & SSL

We’re setting up Apache / PHP and Moodle as an LXC container and will reverse-proxy it from the host which is hosting the SSL certificates and has strong cipher definitions already.

See the LXC guide on how to setup SNAT on an internal bridge.

Requirements

Install and setup Apache / PHP and MariaDB to begin with.

Database

    mysql -u root
    mysql -u root -p

    CREATE DATABASE moodle DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

and moodleuser and grant rights at once

    GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,INDEX,ALTER ON moodle.* TO 'moodledude'@'localhost' IDENTIFIED BY 'DUDE-PASSWORD';

–or– proceed with those steps separately

    create user 'moodledude'@'localhost' IDENTIFIED BY 'DUDE-PASSWORD';
    GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,INDEX,ALTER ON moodle.* TO 'moodledude'@'localhost';
^D

and check

    mysql -u moodledude -p moodle
^D

mkdir /var/moodledata/
chown -R apache:apache /var/moodledata/

INSTALL

grab and deploy the latest release. eventually do that from the host to avoid install wget on the instance.

on the host

wget https://download.moodle.org/stable310/moodle-latest-310.tgz
ls -lF /data/instances/moodlenew/rootfs/var/www/
tar xzf moodle-latest-310.tgz -C /data/instances/moodlenew/rootfs/var/www/

on the instance

#tar xzf moodle-latest-310.tgz -C /var/www/
ls -lF /var/www/moodle/
chown root:root /var/www/moodle/

TUNE PHP

vi /etc/php.ini

memory_limit = 256M
session.save_handler = files
file_uploads = On
session.auto_start = 0
sys_temp_dir = "/tmp"
post_max_size = 25M
upload_max_filesize = 25M

max_execution_time = 100
max_input_time = 100

production

display_errors = Off
display_startup_errors = Off

debug

display_errors = On
display_startup_errors = On

vi /var/www/moodle/config.php

$CFG->debug = (E_ALL | E_STRICT);   // === DEBUG_DEVELOPER - NOT FOR PRODUCTION SERVERS!
$CFG->debugdisplay = 1;             // NOT FOR PRODUCTION SERVERS!

ini_set ('display_errors', 'on');
ini_set ('log_errors', 'on');
ini_set ('display_startup_errors', 'on');
ini_set ('error_reporting', E_ALL);

SETUP

Without having the vhost enabled YET on the reverse-proxy. Define wwwroot w/o the trailing slash

cp -pi /var/www/moodle/config-dist.php /var/www/moodle/config.php
vi /var/www/moodle/config.php

$CFG->dbtype    = 'mariadb';
...
$CFG->dbuser    = 'moodledude'
$CFG->dbpass    = 'DUDE-PASSWORD-HERE';

//$CFG->wwwroot   = 'http://10.9.9.1';
$CFG->wwwroot   = 'http://localhost:8080';
//$CFG->wwwroot   = 'https://moodle.nethence.com';

$CFG->dataroot  = '/var/moodledata';

vi /etc/httpd/httpd.conf

DocumentRoot "/var/www/moodle"
<Directory "/var/www/moodle">
    ...

apachectl -t
apachectl restart

REVERSE-PROXY

assuming NGINX is up and running already

server {
    ...
    client_max_body_size 26M;
    location / {
        proxy_pass http://10.9.9.1;
    }
}

OUTGOING EMAIL

see DMA

ACCEPTANCE

on the reverse-proxy

tail -F /var/log/nginx/*

on the moodle instance

tail -F /var/lib/mysql/*.err
tail -F /var/log/httpd/*

check that you’re being redirected already

either locally

curl -I localhost/
lynx -dump localhost/

or from the DMZ

curl -I 10.9.9.1/
lynx -dump 10.9.9.1/

then further setup Moodle through the web interface. Note the system page needs quite some time to load.

ssh BOUNCE-OR-HOST -L 8080:10.9.9.1:80

http://localhost:8080/

(enable email-based self-registration)

then switch to the production URL and go for it

vi /var/www/moodle/config.php

$CFG->reverseproxy = true;
$CFG->sslproxy = true;

//$CFG->wwwroot   = 'http://10.9.9.1';
//$CFG->wwwroot   = 'http://localhost:8080';
$CFG->wwwroot   = 'https://moodle.nethence.com';

and check you are being redireted to the defined wwwroot URL

curl -I https://moodle.nethence.com/
curl -I https://moodle.nethence.com/admin/index.php

MAINTENANCE

chown -R root:root /var/www/moodle/
find /var/moodledata/ -type f -exec chmod 644 {} \;
find /var/moodledata/ -type d -exec chmod 755 {} \;
find /var/moodledata/ ! -type f ! -type d

BACKUP & MIGRATE

draft

backup from the old system

apachectl stop

mysqldump -u root -p -C -Q -e --create-options moodle > moodle.sql

# defined in config.php
tar czpf moodle.tar.gz -C /var/www/html/ moodle/
tar czpf moodledata.tar.gz -C /var/ moodledata/

restore on the new system

mysql -u root -p moodle < moodle-database.sql
tar xzf moodle.tar.gz -C /var/www/
tar xzf moodledata.tar.gz -C /var/

USAGE

upgrade accounts to site admins

    site administration > //users
    permissions > site administrators

TODO

try safe mode and better folder perms
one could also try nginx instead of apache

Resources

https://docs.moodle.org/310/en/Installation_quick_guide

https://docs.moodle.org/310/en/Step-by-step_Installation_Guide_for_Ubuntu

https://docs.moodle.org/dev/Releases

https://mariadb.com/kb/en/configuring-mariadb-for-remote-client-access/

https://webdock.io/en/docs/how-guides/how-enable-remote-access-your-mariadbmysql-database