Skip to content

Deployment Overview of Moodle on Server

Prerequisites and Basic Requirements

The deployment requires a Debian-based operating system with root privileges. The following components must be available on the server: - A valid domain name configured to point to the server IP. - Ports 80 and 443 must be open for HTTP and HTTPS traffic. - The server must have access to the internet to download packages, repositories, and certificates. - An email address is required for Let's Encrypt certificate registration and administrative notifications.

File and Directory Structure

The application files and data are organized in the following locations: - Application Code: /var/www/moodle (or a custom path defined by moodle_dir). - Public Document Root: /var/www/moodle/public. - Data Directory: /var/moodledata (or a custom path defined by moodle_data_dir). - Configuration Files: - Apache Virtual Host: /etc/apache2/sites-available/moodle.conf. - PHP Configuration: /etc/php/{version}/apache2/conf.d/99-moodle.ini and /etc/php/{version}/cli/conf.d/99-moodle.ini. - MariaDB Configuration: /etc/mysql/mariadb.conf.d/99-moodle.cnf. - Moodle Configuration: /var/www/moodle/config.php. - SSL Certificates: Managed by Certbot and stored in /etc/letsencrypt/live/{domain}.

Application Installation Process

The installation process involves setting up the operating system dependencies, installing the web server and database, and deploying the Moodle application.

  1. System Preparation:

    • Update and upgrade APT packages.
    • Install base utilities including curl, gnupg, unzip, tar, and acl.
    • Add the PHP PPA repository (ppa:ondrej/php) to ensure the latest PHP version is available.

  2. Software Installation:

    • Install Apache2 and the required PHP modules: php-common, php-cli, libapache2-mod-php, php-mysql, php-xml, php-curl, php-zip, php-gd, php-intl, php-mbstring, php-soap, php-bcmath, and php-opcache.
    • Install certbot and python3-certbot-apache for SSL management.
    • Install MariaDB server and client.

  3. Service Configuration:

    • Enable Apache modules: rewrite, headers, ssl, and socache_shmcb.
    • Configure PHP settings to set memory_limit to 256M, upload_max_filesize to 100M, post_max_size to 100M, max_execution_time to 300, and max_input_vars to 5000.
    • Configure MariaDB to use utf8mb4 character set and utf8mb4_unicode_ci collation with a max_allowed_packet of 64M.

  4. Database Setup:

    • Create a database named moodle (or custom moodle_db_name) with utf8mb4 character set.
    • Create a database user moodle (or custom moodle_db_user) with full privileges on the database.

  5. Moodle Deployment:

    • Download the Moodle archive from the official source.
    • Extract the archive to /var/www.
    • Create the moodledata directory.
    • Run the Moodle installation script via CLI (admin/cli/install.php) with non-interactive flags to configure the database connection, admin user, and site settings.

Access Rights and Security

Security is enforced through file permissions, firewall rules, and SSL encryption. - Firewall: Ports 80 and 443 are exposed for web traffic. - Users: - The www-data user is used to run the Apache web server and execute the Moodle cron job. - The root user owns the main Moodle directory, while www-data is the group to allow write access to specific subdirectories. - SSL: Let's Encrypt certificates are automatically obtained and installed via Certbot to enforce HTTPS. - Restrictions: The default Apache site is disabled, and only the Moodle virtual host is enabled.

Databases

The application uses MariaDB as its database backend. - Connection Method: Localhost connection using the mysqli driver. - Storage Location: Database files are stored in the default MariaDB data directory (/var/lib/mysql). - Settings: - Character Set: utf8mb4. - Collation: utf8mb4_unicode_ci. - Max Allowed Packet: 64M. - Credentials: A dedicated database user is created with a specific password, granting all privileges on the Moodle database.

Docker Containers and Their Deployment

An alternative deployment method uses Docker containers for the web server, database, and proxy.

Moodle and MariaDB Containers: - Network: Services run on a bridge network named moodle_net. - MariaDB Service: - Image: bitnami/mariadb:latest. - Environment: Configured with MARIADB_USER, MARIADB_DATABASE, and MARIADB_CHARACTER_SET. - Volume: mariadb_data mounted to /bitnami/mariadb. - Moodle Service: - Image: moodlehq/moodle-php-apache:8.4-bullseye. - Environment: Configured with MOODLE_DATABASE_HOST, MOODLE_DATABASE_USER, MOODLE_DATABASE_NAME, MOODLE_USERNAME, MOODLE_PASSWORD, MOODLE_HOST, MOODLE_REVERSEPROXY, and MOODLE_SSLPROXY. - Volumes: moodle_data mounted to /bitnami/moodle and moodledata_data mounted to /bitnami/moodledata. - Dependencies: Depends on the mariadb service.

Deployment Script: - A docker-compose file is generated and executed from /root/nginx. - The command docker-compose up -d starts the services in detached mode.

Proxy Servers

The deployment includes an Nginx reverse proxy with integrated Certbot for SSL management.

  • Proxy Image: jonasal/nginx-certbot:latest.
  • Container Name: nginx-nginx-1.
  • Ports: Exposes ports 80 and 443.
  • Configuration:
  • The proxy is configured to forward requests to the Moodle container at http://moodle:8080.
  • Headers Host and X-Forwarded-Proto are set to $host and $scheme respectively.
  • Custom domain configuration is handled via files in /data/nginx/user_conf.d.
  • SSL: Certbot is integrated to automatically obtain and renew certificates for the specified domain.
  • Volumes:
  • nginx_secrets (external) for Let's Encrypt certificates.
  • /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d for custom configurations.

Permission Settings

File and directory permissions are strictly defined to ensure security and functionality. - Moodle Directory: - Owner: root. - Group: www-data. - Directory Permissions: 0750. - File Permissions: 0640. - Public Directory: - Owner: root. - Group: www-data. - Permissions: 0750. - Config File: - Owner: root. - Group: www-data. - Permissions: 0640. - Moodledata Directory: - Owner: www-data. - Group: www-data. - Permissions: 0770.

Starting, Stopping, and Updating

Service management is handled via systemd for native installations and docker-compose for containerized deployments.

Native Installation: - Apache: - Start/Restart: systemctl restart apache2. - Enable on Boot: systemctl enable apache2. - MariaDB: - Start/Restart: systemctl restart mariadb. - Enable on Boot: systemctl enable mariadb. - Certbot: - Renewal Timer: systemctl enable certbot.timer and systemctl start certbot.timer. - Moodle Cron: - Scheduled via /etc/cron.d/moodle to run every minute as the www-data user.

Docker Deployment: - Start/Restart: docker-compose up -d from the /root/nginx directory. - Stop: docker-compose down. - Update: Pull new images and restart the stack using docker-compose pull followed by docker-compose up -d.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×