Note: You are currently viewing documentation for Moodle 2.7. Up-to-date documentation for the latest stable version of Moodle may be available here: Apache.
This article refers to the 'Apache HTTP server'
The Apache HTTP server is the software that (along with the PHP scripting language) 'runs' Moodle. Note that there are alternatives (e.g. IIS on Windows) but the Apache HTTP Server is very popular on all platforms.
Installers are available for most platforms from http://httpd.apache.org/download.cgi. The official installation instructions are here: http://httpd.apache.org/docs/2.0/install.html. If you are running Linux then you are recommended to use the packaged version if you can. For example in Debian/Ubuntu it is simply:
sudo apt-get install apache2
See the documentation for your particular platform for the instructions. Apache is straightforward to build from source if you have to and the PHP documentation contains an article on building both Apache and PHP together - although you should rarely need to do that.
The function slash arguments is required for various features in Moodle to work correctly, as described in Using slash arguments.
To turn it on, add this line to your httpd.conf, or to a .htaccess file in your local directory:
Moodle has an option to enable login pages to force the HTTPS protocol. This is recommended but requires that your web server is configured for SSL. It is possible to run the whole site over HTTPS (typically by configuring Apache to rewrite all http:// URLs to https://) but as this disables caching, there is a considerable performance hit. Only do this if you have a very good reason.
WARNING: Before switching on login over HTTPS, make very sure that HTTPS is working (just change the http:// to https:// in any Moodle URL). If not, you may lock yourself out
You have two options for obtaining an SSL certificate:
- generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet (except perhaps for testing). The user has no assurance that the certificate is legitimate.
- purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates.
Below are instructions for install of a self-signed certificate. If you purchase a certificate you will normally receive instructions for installing it
Debian and Apache2
1. generate a certification:
for debian etch, apache2-ssl-certificate is no longer available, use make-ssl-cert instead:
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
2. edit /etc/apache2/ports.conf:
Listen 80 Listen 443
3. copy /etc/apache)2/sites-available/default to /etc/apache2/sites-available/default-ssl, and change /etc/apache2/sites-available/default:
NameVirtualHost *:80 <VirtualHost *:80> ... </VirtualHost>
and also /etc/apache2/sites-available/default-ssl:
NameVirtualHost *:443 <VirtualHost *:443> ... SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem ... </VirtualHost>
4. symbolic link the ssl file:
5. don't forget to symbolic link the ssl module:
6. restart apache and test the connection (e.g. https://localhost/):