Note: You are currently viewing documentation for Moodle 3.4. Up-to-date documentation for the latest stable version of Moodle is likely available here: Apache.

Apache: Difference between revisions

From MoodleDocs
(removing lots of junk)
(Made content of php.ini file stand out more)
 
(16 intermediate revisions by 10 users not shown)
Line 1: Line 1:
{{Installing Moodle}}
'''This article refers to the 'Apache HTTP server''''
'''This article refers to the 'Apache HTTP server''''


Line 4: Line 5:


== Installing Apache ==
== Installing Apache ==
Usually Apache is installed alongside [[PHP]] and [[MySQL]] in a combination known as XAMPP, MAMP or LAMP. See information about [[Complete install packages for Windows|XAMPP(Windows cross platforms)]] and for information about [[Complete Install Packages for Mac OS X|MAMP (Mac OS platforms)]].
Installers are available for most platforms from http://httpd.apache.org/download.cgi. The official installation instructions are here: http://httpd.apache.org/docs/2.0/install.html. If you are running Linux then you are recommended to use the packaged version if you can. For example in Debian/Ubuntu it is simply:
<pre>
sudo apt-get install apache2
</pre>


Example, Debian/Ubuntu to install Apache from the LAMP files:
See the documentation for your particular platform for the instructions. Apache is straightforward to build from source if you have to and the PHP documentation contains an article on building both Apache and PHP together - although you should rarely need to do that.
apt-get install apache2
 
See the documentation for your particular distro for the instructions. Apache is straightforward to build from source if required and the PHP documentation contains an article on building both Apache and PHP together.


==Performance==
==Performance==


'''Caching'''
See [[Performance recommendations]]


Apache can be tuned to make pages load faster by specifying how the browser should cache the various page elements. How to do this varies slightly between OSes but there are two basic steps
==Slasharguments==


# Install and enable mod_expires - refer to documentation or man pages
The function ''slash arguments'' is required for various features in Moodle to work correctly, as described in [[Using slash arguments]].
# Add this code to the virtual server config file within the section for the root directory (or within the .htaccess file if AllowOverrides is On):
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/gif "access plus 120 minutes"
  ExpiresByType image/jpeg "access plus 120 minutes"
  ExpiresByType image/png "access plus 120 minutes"
  ExpiresByType text/css "access plus 60 minutes"
  ExpiresByType text/javascript "access plus 60 minutes"
  ExpiresByType application/x-javascript "access plus 60 minutes"
  ExpiresByType text/xml "access plus 1 seconds"
</IfModule>


The effect is to make everything stay in the cache except HTML and XML, which change dynamically. It's possible to gain a several hundred percent decrease in load times this way
To turn it on, add this line to your ''httpd.conf'', or to a ''.htaccess'' file in your local directory:


More info: [http://www.metaskills.net/blog/heuristics/sysadmin/how-to-control-browser-caching-with-apache-2 www.metaskills.net]
AcceptPathInfo On


'''Servers'''
Note: When using ".htaccess" in your local Moodle install folder, you should include/enable "AllowOverride Directive" in "httpd.conf", first.
Also! please note that using .htaccess file will cause performance hit on your server!


Apache serves webpages by spawning new child processes (smaller sub-programs) to deal with each connection. The number of these that you allow to run and to be kept in reserve has a big impact on how fast your server will run. The risk (especially on a server with a small amount of memory, such as a VPS) is that the available RAM will run out and the system will end up using the far slower hard disk as swap memory instead. To prevent this, you need to tell Apache only to have a certain number. Here is a sample set of configuration directives for a VPS server with 128MB of RAM (with up to 384 burstable), which apparently works quite well (more info [http://www.agnivo.com/tech/vps-mysql-and-apache-optimization-guide-27.html here])
If you are using 1and1 as a hosting company the above does not work. The solution is to create a php.ini file in the moodle directory with this content:


Make a back up of your httpd.conf first. It’s generally found at /etc/httpd/conf/httpd.conf, then open the file with your editor e.g.  
cgi.fix_pathinfo = 0


nano /etc/httpd/conf/httpd.conf
It was a know bug when using PHP as CGI.
 
Then look for these values, which may be spread about a little and change them:
 
Timeout 200
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 3
MinSpareServers 5
MaxSpareServers 15
StartServers 5
MaxClients 20
MaxRequestsPerChild 2000
HostnameLookups Off
 
If you find that you are running out of memory (type
 
top
 
if using Linux and look at the swap figure), just lower some of the numbers. Similary, if you have extra memory, you can afford to raise them a bit. Remember to combine tuning of Apache with tuning of your database app.
==Reverse Proxy==
 
The following is working on a Moodle 2.0 environment 3-2-2011
 
A Reverse proxy is useful when you want to run a moodle on a computer that is inside your network. This is assuming you have a server running Apache with a Real World IP called (say) foo.bar.org
 
You want everyone in the world to be able to log in to your moodle at (say) foo.bar.org/foomoo  The foomoo is anything you want to call your moodle. foo.bar.org is your real world domain name.
 
Before you start this, check that in your local network you can go to moo.bar.local/foomoo and access your moodle. (i.e your local moodle lives at moo.bar.local/foomoo)
 
Inside your network you have a server called moo.bar.local on a local ip (These kind of addressed are commonly like 192.168.x.x or 172.16.x.x or 10.x.x.x). Moodle is installed on that server as moo.bar.local/foomoo
 
Apache is configured in various ways but usually a conf file in /etc/http/conf/httpd.conf or maybe in /etc/apache2. Directives are sometimes separated into a conf.d directory.
 
You need these settings somewhere in your apache configuration. These are the settings that worked for me and there are a number of proxy modules for apache. (I am not an expert on the moodle proxy modules. I know that the following worked for me).
 
# Proxy Server directives. Uncomment the following lines to
 
# enable the proxy server:
 
#
 
<IfModule mod_proxy.c>
 
<Proxy *>
    Order deny,allow
    Deny from all
    Allow from all
</Proxy>
 
 
 
Also
 
 
<nowiki>ProxyPass /foomoo http://moo.bar.local/foomoo</nowiki>
 
<nowiki>ProxyPassReverse /foomoo http://moo.bar.local/foomoo</nowiki>


==SSL==


Moodle has an option to enable HTTPS for the whole site or for just the login pages; either option requires that your web server is configured for SSL.


* Whole site HTTPS is enabled by changing http://<url> to https:// <url> in your config.php 'wwwroot' parameter.
* Login only HTTPS is enabled by setting the 'loginhttps' parameter, where the wwwroot schema should remain as http://


In your config.php on your moodle server make two setting
Login only https is available in the admin interface via Administration>Security>HTTP Security and checking the button. (Note the warning and see ssl section below)


$CFG->reverseproxy      = 'true';
Prior to Moodle 2.3 It was not advised to run the whole site over HTTPS due to legacy restrictions with client-side caching. This is no longer the case assuming client browsers support the 'Cache-Control: public' method, which all supported browsers for this version of Moodle do.


<nowiki>$CFG->wwwroot  = 'http://foo.bar.org/foomoo';</nowiki>
To use HTTPS you will need to obtain an SSL certificate, you have two options:


* Generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet, but users will we warned the certificated is untrusted when used publicly.
* Purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates.


Restart apache on both servers.
Debian provides instructions for installing a self-signed certificate [https://wiki.debian.org/Self-Signed_Certificate on their wiki] and includes general information on configuring Apache for SSL.
If you purchase a vendor certificate you will normally receive instructions for installing it.


At this point, you will not be able to access your moodle inside your local network but it should work from outside.
A basic Apache SSL configuration can be summarised as:


Inside your local network you will have a DNS server somewhere (often a MS AD server). If you don't have a dns server I would be very surprised but for a small network it is possible. My advice is get one.
Listen 443
 
NameVirtualHost *:443
On that dns server you will need to have an "A" Record installed that links foo.bar.org to moo.bar.local. A dns change sometimes takes a while to propagate.
<VirtualHost *:443>
 
    SSLEngine On
This should make you Moodle work from inside the site as well as outside.
    SSLCertificateFile /path/to/your/certificate.crt
 
    SSLCertificateKeyFile /path/to/your/certificate.key
==SSL==
    ...
 
</VirtualHost>
If you want your website not to be hackable, you need to enable SSL so that your moodle password cannot be easily read by others as it is transmitted (as normal internet communications normally can be). There are 2 options - generate a self-signed certificate, which stops casual network sniffing, but which can ultimately be compromised with enough effort, or purchase a certificate from a vendor (about $35 per year from the cheap ones). Below are instructions for install of a self-signed certificate.
 
'''Debian and Apache2'''
 
1. generate a certification:
      apache2-ssl-certificate
 
for debian etch, apache2-ssl-certificate is no longer available, use make-ssl-cert instead:
          make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
 
2. edit /etc/apache2/ports.conf:
      Listen 80
      Listen 443
3. copy /etc/apache2/sites-available/default to /etc/apache2/sites-available/default-ssl, and change /etc/apache2/sites-available/default:
      NameVirtualHost *:80
      <VirtualHost *:80>
      ...
      </VirtualHost>
 
and also /etc/apache2/sites-available/default-ssl:
      NameVirtualHost *:443
      <VirtualHost *:443>
      ...
              SSLEngine on
              SSLCertificateFile /etc/apache2/ssl/apache.pem
      ...
      </VirtualHost>
4. symbolic link the ssl file:
      a2ensite default-ssl
5. don't forget to symbolic link the ssl module:
      a2enmod ssl
6. restart apache and test the connection (e.g. https://localhost/):
      /etc/init.d/apache2 restart


== See also ==
== See also ==
Line 164: Line 70:
* [https://els.earlham.edu/cayaraa/weblog/1468.html Making Moodle work with SSL]
* [https://els.earlham.edu/cayaraa/weblog/1468.html Making Moodle work with SSL]
* [http://www.krufix.de/ Using the same Moodle twice in local network and Internet via SSL-Proxy] (in German)
* [http://www.krufix.de/ Using the same Moodle twice in local network and Internet via SSL-Proxy] (in German)
[[Category:Administrator]]
[[Category:Developer]]


[[pl:Apache]]
[[pl:Apache]]
[[ja:Apache]]
[[ja:Apache]]
[[de:Apache]]
[[de:Apache]]
[[es:Apache]]

Latest revision as of 18:11, 19 May 2018

This article refers to the 'Apache HTTP server'

The Apache HTTP server is the software that (along with the PHP scripting language) 'runs' Moodle. Note that there are alternatives (e.g. IIS on Windows) but the Apache HTTP Server is very popular on all platforms.

Installing Apache

Installers are available for most platforms from http://httpd.apache.org/download.cgi. The official installation instructions are here: http://httpd.apache.org/docs/2.0/install.html. If you are running Linux then you are recommended to use the packaged version if you can. For example in Debian/Ubuntu it is simply:

sudo apt-get install apache2

See the documentation for your particular platform for the instructions. Apache is straightforward to build from source if you have to and the PHP documentation contains an article on building both Apache and PHP together - although you should rarely need to do that.

Performance

See Performance recommendations

Slasharguments

The function slash arguments is required for various features in Moodle to work correctly, as described in Using slash arguments.

To turn it on, add this line to your httpd.conf, or to a .htaccess file in your local directory:

AcceptPathInfo On

Note: When using ".htaccess" in your local Moodle install folder, you should include/enable "AllowOverride Directive" in "httpd.conf", first. Also! please note that using .htaccess file will cause performance hit on your server!

If you are using 1and1 as a hosting company the above does not work. The solution is to create a php.ini file in the moodle directory with this content:

cgi.fix_pathinfo = 0

It was a know bug when using PHP as CGI.

SSL

Moodle has an option to enable HTTPS for the whole site or for just the login pages; either option requires that your web server is configured for SSL.

  • Whole site HTTPS is enabled by changing http://<url> to https:// <url> in your config.php 'wwwroot' parameter.
  • Login only HTTPS is enabled by setting the 'loginhttps' parameter, where the wwwroot schema should remain as http://

Login only https is available in the admin interface via Administration>Security>HTTP Security and checking the button. (Note the warning and see ssl section below)

Prior to Moodle 2.3 It was not advised to run the whole site over HTTPS due to legacy restrictions with client-side caching. This is no longer the case assuming client browsers support the 'Cache-Control: public' method, which all supported browsers for this version of Moodle do.

To use HTTPS you will need to obtain an SSL certificate, you have two options:

  • Generate a self-signed certificate. This is fine on (say) an Intranet but unsuitable for the public internet, but users will we warned the certificated is untrusted when used publicly.
  • Purchase a certificate from a vendor. There is a surprising range of prices and value-added services available. Some hosting companies even provide free certificates.

Debian provides instructions for installing a self-signed certificate on their wiki and includes general information on configuring Apache for SSL. If you purchase a vendor certificate you will normally receive instructions for installing it.

A basic Apache SSL configuration can be summarised as:

Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /path/to/your/certificate.crt
    SSLCertificateKeyFile /path/to/your/certificate.key
    ...
</VirtualHost>

See also