Skip to content

Deployment Overview of Moodle on Server

Prerequisites and Basic Requirements

The deployment of Moodle requires a Linux server running a Debian-based operating system (such as Ubuntu Jammy). The following components must be available:

  • Operating System: Debian-based Linux distribution (e.g., Ubuntu 22.04 "Jammy").

  • Privileges: root or sudo access to the server is required to install packages and configure services.

  • Ports:

  • Port 80 for HTTP traffic and Let's Encrypt validation.

  • Port 443 for HTTPS traffic.

  • Port 8080 for internal communication (container deployment scenarios).

  • Domain: A valid domain name or a custom FQDN assigned within the hostkey.in zone is required for SSL certificate issuance.

  • Memory and Storage: Sufficient disk space for the application, database, and data directory (default memory limit set to 256MB, with configurable upload limits up to 100MB).

FQDN of the Final Panel

The application is accessible via the following Fully Qualified Domain Name (FQDN) format on the hostkey.in domain:

moodle<Server ID>.hostkey.in

The standard access port for external traffic is 443 (HTTPS). In containerized deployments, the internal port 8080 is used behind the proxy.

File and Directory Structure

The application and its associated data are organized in the following locations:

  • Application Directory: /var/www/moodle

  • Contains the core Moodle source code.

  • The public web root is located at /var/www/moodle/public.

  • The configuration file config.php is generated at /var/www/moodle/config.php.

  • Data Directory: /var/moodledata

  • Stores user uploads, cache, and other persistent Moodle data.

  • Configuration Files:

  • Apache Virtual Host: /etc/apache2/sites-available/moodle.conf

  • PHP Settings: /etc/php/8.2/apache2/conf.d/99-moodle.ini and /etc/php/8.2/cli/conf.d/99-moodle.ini

  • MariaDB Settings: /etc/mysql/mariadb.conf.d/99-moodle.cnf

  • Cron Job: /etc/cron.d/moodle

  • SSL Certificates: Managed by Certbot and stored in /etc/letsencrypt/live/moodle<Server ID>.hostkey.in/.

Application Installation Process

The deployment utilizes a direct installation on the host operating system or a containerized approach.

Host-Based Installation

For the native deployment, the following steps are executed:

  1. System Preparation: Update APT packages and install base dependencies including curl, unzip, tar, and acl.

  2. Software Installation:

    • Install Apache2 with modules rewrite, headers, ssl, and socache_shmcb.

    • Install PHP 8.2 with necessary extensions: common, cli, mysql, xml, curl, zip, gd, intl, mbstring, soap, bcmath, and opcache.

    • Install MariaDB 10.11 server and client.

    • Install Certbot and python3-certbot-apache for SSL management.

  3. Configuration:

    • Configure PHP settings to set memory_limit to 256M, upload_max_filesize to 100M, and max_execution_time to 300.

    • Configure MariaDB to use utf8mb4 character set and utf8mb4_unicode_ci collation.

  4. Moodle Setup:

    • Download Moodle version 5.1.1 from the official repository.

    • Extract the archive to /var/www/moodle.

    • Create the database moodle and user moodle with full privileges.

    • Run the Moodle installation script via the command line using admin/cli/install.php with non-interactive flags. This generates the config.php file.

  5. Service Activation:

    • Enable the Moodle Apache site configuration.

    • Disable the default Apache site.

    • Obtain and install the SSL certificate via Certbot.

    • Restart Apache services.

Container-Based Installation

Alternatively, the application can be deployed using Docker containers managed via docker-compose.

  • Database Service: Uses the bitnami/mariadb image.

    • Database Name: bitnami_moodle

    • Database User: bn_moodle

  • Application Service: Uses the moodlehq/moodle-php-apache:8.4-bullseye image.

    • Configured for reverse proxy operation.

    • Internal listening port: 8080.

Access Rights and Security

Security measures are applied to restrict file access and enforce network protocols:

  • File Permissions:

    • The Moodle application directory (/var/www/moodle) is owned by root with the group www-data.

    • Directories within the application are set to 0750.

    • Files within the application are set to 0640.

    • The data directory (/var/moodledata) is owned by www-data with permissions 0770.

    • The config.php file is readable by Apache (0640) but owned by root.

  • Network Security:

    • Apache is configured to force HTTPS redirection via Certbot.

    • The rewrite module is enabled to handle URL rewriting.

    • The default Apache site is disabled to ensure only the Moodle virtual host is active.

Databases

The application utilizes MariaDB as the database management system.

  • Database Name: moodle (native) or bitnami_moodle (container).

  • Database User: moodle (native) or bn_moodle (container).

  • Connection Method:

    • Native: Connects to localhost via TCP/IP or Unix socket.

    • Container: Connects to the internal service hostname mariadb on port 3306.

  • Configuration Settings:

    • Character Set: utf8mb4

    • Collation: utf8mb4_unicode_ci

    • Max Allowed Packet: 64M

Docker Containers and Their Deployment

In the containerized deployment scenario, services are orchestrated using docker-compose. The configuration is located at /root/nginx/compose.yml or a specific service file.

  • Network: Services communicate over an external bridge network named moodle_net.

  • Volumes:

    • mariadb_data: Persistent storage for the database.

    • moodle_data: Persistent storage for Moodle application files.

    • moodledata_data: Persistent storage for Moodle data files.

    • nginx_secrets: Stores Let's Encrypt SSL certificates.

  • Service Definitions:

    • Nginx: Runs as a reverse proxy and SSL terminator using the jonasal/nginx-certbot image. It exposes ports 80 and 443.

    • Moodle: Runs using the moodlehq/moodle-php-apache image, listening on internal port 8080.

    • MariaDB: Runs using the bitnami/mariadb image.

Proxy Servers

Traffic is managed through an Nginx reverse proxy in containerized deployments or Apache in native deployments.

Nginx (Container Deployment)

  • Role: Acts as the frontend reverse proxy.

  • SSL Handling: Uses the nginx-certbot image to automatically obtain and renew SSL certificates via the ACME protocol.

  • Proxy Configuration:

    • Forwards traffic to the Moodle container service on http://moodle:8080.

    • Sets the Host header to $host.

    • Sets the X-Forwarded-Proto header to $scheme to ensure Moodle recognizes HTTPS traffic.

  • Certificate Email: Managed under the email [email protected].

Apache (Native Deployment)

  • Role: Direct web server and SSL terminator.

  • SSL Handling: Uses Certbot integrated with Apache to manage certificates for moodle<Server ID>.hostkey.in.

  • Configuration:

    • DocumentRoot: /var/www/moodle/public.

    • Allows all overrides (AllowOverride All) to support .htaccess rules required by Moodle.

    • Logs are written to /var/log/apache2/moodle_error.log and /var/log/apache2/moodle_access.log.

Permission Settings

Strict permission settings are enforced to ensure the security of the Moodle installation:

Path Owner Group Mode Description
/var/www/moodle root www-data 0750 Application root directory
/var/www/moodle/public root www-data 0750 Web-accessible public directory
/var/www/moodle/config.php root www-data 0640 Configuration file
/var/moodledata www-data www-data 0770 Data directory for uploads and cache
/etc/php/8.2/.../99-moodle.ini root root 0644 PHP configuration files
/etc/apache2/sites-available/moodle.conf root root 0644 Apache virtual host configuration

Location of Configuration Files and Data

Key configuration and data files are located in the following paths:

  • Moodle Config: /var/www/moodle/config.php

  • PHP CLI/Apache Config: /etc/php/8.2/apache2/conf.d/99-moodle.ini and /etc/php/8.2/cli/conf.d/99-moodle.ini

  • Database Config: /etc/mysql/mariadb.conf.d/99-moodle.cnf

  • Apache Site Config: /etc/apache2/sites-available/moodle.conf

  • Cron Job: /etc/cron.d/moodle

  • Docker Compose (Container): /root/nginx/compose.yml

  • Nginx Proxy Config (Container): /data/nginx/user_conf.d/moodle<Server ID>.hostkey.in.conf

Available Ports for Connection

The following ports are exposed and utilized by the system:

  • Port 80: HTTP (Redirects to HTTPS, used for Let's Encrypt challenge).

  • Port 443: HTTPS (Main access for the Moodle web interface).

  • Port 8080: Internal HTTP (Used by the Moodle Docker container for internal communication).

  • Port 3306: MariaDB (Internal database access within Docker networks or localhost).

Starting, Stopping, and Updating

Service management commands differ based on the deployment method.

Native Deployment (Systemd)

The application relies on Apache and MariaDB services managed by systemd.

  • Start Apache: 

    systemctl start apache2

  • Stop Apache: 

    systemctl stop apache2

  • Restart Apache: 

    systemctl restart apache2

  • Enable Apache on Boot: 

    systemctl enable apache2

  • Start MariaDB: 

    systemctl start mariadb

  • Restart MariaDB: 

    systemctl restart mariadb

Container Deployment (Docker Compose)

For containerized instances, use docker-compose commands within the configuration directory /root/nginx.

  • Start Services: 

    docker-compose up -d

  • Stop Services: 

    docker-compose stop

  • Restart Services: 

    docker-compose restart

  • View Logs: 

    docker-compose logs -f

Moodle Cron Maintenance

The Moodle cron job is scheduled to run every minute via the system cron:

  • Cron Entry: */1 * * * * www-data /usr/bin/php /var/www/moodle/admin/cli/cron.php >/dev/null 2>&1

  • Status Check: Verify the cron job is running by checking /etc/cron.d/moodle.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×