Note: You are currently viewing documentation for Moodle 3.3. Up-to-date documentation for the latest stable version of Moodle is probably available here: Transitioning to HTTPS.

Transitioning to HTTPS: Difference between revisions

From MoodleDocs
(Start page guiding people on how to transition to HTTPS)
 
m (Add security tag)
Line 1: Line 1:
{{Security}}
There are numerous benefits to running your moodle site using HTTPS. This increases the level of security especially involving sessions and passwords.
There are numerous benefits to running your moodle site using HTTPS. This increases the level of security especially involving sessions and passwords.



Revision as of 02:00, 1 September 2016

There are numerous benefits to running your moodle site using HTTPS. This increases the level of security especially involving sessions and passwords.

Steps

Setting up an SSL certificate

The first thing you will need to do is acquire an SSL certificate. You can create these yourself, but this is only helpful for development purposes. Instead you will want to get your SSL certificate from a certificate authority, so that the certificate will be publicly verified.

Setting up your server

Then you will need enable SSL on your web server to add your certificate. This process will vary depending on your web server of choice.

If you are using a proxy or load balancer, depending on your setup you will most likely want to set up the SSL certificate on your proxy server

Setting up your moodle

On a basic moodle site, it will be simple to set up https. Simply edit config.php and change http:// to https:// in $CFG->wwwroot.

However if you are using a proxy or load balancer, depending on your setup you may need to set $CFG->sslproxy to 1, and not use SSL on the moodle server. Then the load balancer or proxy server can communicate directly to your moodle site, but serve to the clients over SSL.