Note: You are currently viewing documentation for Moodle 3.4. Up-to-date documentation for the latest stable version of Moodle is likely available here: Secure Moodle on Raspberry Pi Model 2, Gentoo Linux and Nginx server.

Secure Moodle on Raspberry Pi Model 2, Gentoo Linux and Nginx server: Difference between revisions

From MoodleDocs
(Started my page about Raspberry Pi, Gentoo Linux, Nginx and Moodle.)
 
m (Fixed MS' user link.)
 
(7 intermediate revisions by one other user not shown)
Line 1: Line 1:
Hi,
Hi,


I want to share my experiences when I installed Moodle on a Raspberry Pi Model 2 hardware, on which is running Gentoo Linux operating system and the Nginx web server. It can reach here: [https://www.cspl.hu/moodle]
I want to share my experiences when I installed Moodle on a '''Raspberry Pi Model 2''' hardware, on which is running '''Gentoo Linux''' operating system and the '''Nginx''' web server. It can reach here: [https://www.cspl.hu/moodle]


First I installed Gentoo Linux on my Raspberry Pi Model 2 hardware by following this guide:
First I installed Gentoo Linux on my Raspberry Pi Model 2 hardware by following this guide:
Line 9: Line 9:
[https://wiki.gentoo.org/wiki/Nginx]
[https://wiki.gentoo.org/wiki/Nginx]
[https://www.nginx.com/blog/nginx-https-101-ssl-basics-getting-started/]
[https://www.nginx.com/blog/nginx-https-101-ssl-basics-getting-started/]
My '''nginx.config''' file is:
<code bash>user nginx nginx;
worker_processes 1;
error_log /var/log/nginx/error_log info;
events {
        worker_connections 1024;
        use epoll;
}
http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        log_format main
        '$remote_addr - $remote_user [$time_local] '
        '"$request" $status $bytes_sent '
        '"$http_referer" "$http_user_agent" '
        '"$gzip_ratio"';
        client_max_body_size 15m;
        client_header_timeout 10m;
        client_body_timeout 10m;
        send_timeout 10m;
        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 2k;
        request_pool_size 4k;
        gzip off;
        output_buffers 1 32k;
        postpone_output 1460;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 75 20;
        ignore_invalid_headers on;
        index index.html index.php;
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
        server {
                listen 443 ssl http2;
                listen [::]:443 ssl http2;
                server_name www.cspl.hu;
                root /var/www/localhost/htdocs;
                location = /KisTechTavOktKulcsosPicike.ico {
                log_not_found off;
                access_log off;
                }
                ssl_certificate /etc/ssl/certs/chained.pem;
                ssl_certificate_key /etc/ssl/private/domain.key;
                ssl_session_timeout 5m;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-S
HA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-
AES256-SHA:DHE-RSA-AES128-SHA:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:
RSA+3DES:!MD5;
                ssl_session_cache shared:SSL:50m;
                ssl_dhparam /etc/ssl/certs/dhparam.pem;
                ssl_prefer_server_ciphers on;
                access_log /var/log/nginx/localhost.access_log main;
                error_log /var/log/nginx/localhost.error_log info;
                access_log /var/log/nginx/localhost.ssl_access_log main;
                error_log /var/log/nginx/localhost.ssl_error_log info;
                location ~ [^/]\.php(/|$) {
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {
                return 404;
                }
               
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
                include fastcgi.conf;
                }
                location /dataroot/ {
                internal;
                alias /var/www/localhost/moodle/; # ensure the path ends with /
                }
               
                location /moodlelib/ {
                internal;
                alias /var/www/localhost/htdocs/moodle/lib/; # ensure the path ends with /
                }
               
                location /moodlepix/ {
                internal;
                alias /var/www/localhost/htdocs/moodle/pix/; # ensure the path ends with /
                }
                location /moodletheme/ {
                internal;
                alias /var/www/localhost/htdocs/moodle/theme/; # ensure the path ends with /
                }
        }
                server {
                        listen          80;
                        listen          [::]:80;
                        server_name    www.cspl.hu;
                        return          301 https://$server_name$request_uri;
                }
}
</code>
My '''fastcgi.config''' file is:
<code bash>
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING      $query_string;
fastcgi_param  REQUEST_METHOD    $request_method;
fastcgi_param  CONTENT_TYPE      $content_type;
fastcgi_param  CONTENT_LENGTH    $content_length;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI      $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME    $scheme;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
</code >
My '''fastcgi_params''' file is:
<code bash>
fastcgi_param  PATH_INFO          $fastcgi_path_info;
fastcgi_param  QUERY_STRING      $query_string;
fastcgi_param  REQUEST_METHOD    $request_method;
fastcgi_param  CONTENT_TYPE      $content_type;
fastcgi_param  CONTENT_LENGTH    $content_length;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI      $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME    $scheme;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
</code>


I obtain a certificate from here: [https://gethttpsforfree.com/]
I obtain a certificate from here: [https://gethttpsforfree.com/]


I will continue soon..
Finally I did followings, in that order:
# remove previous moodle installation with help of webapp-config:
## <code bash>webapp-config -C moodle 3.2.3</code>
## ( I had installed 3.2.3 version of moodle prior to move my Moodle site from HTTP to HTTPS )
# remove the Gentoo moodle package with emerge
## <code bash>emerge --depclean www-apps/moodle</code>
# uninstall, then install again webapp-config package because of ghost installs ( look here for this: [https://wiki.gentoo.org/wiki/Webapp-config#Troubleshooting]
## <code>emerge --unmerge app-admin/webapp-config</code>
## <code bash>rm -rf /var/db/webapps/</code>
## <code bash>emerge -a app-admin/webapp-config</code>
## <code bash>dispatch-conf</code>
### here I choose 'u' but then must to edit '''/etc/vhosts/webapp-config'''
### <code>vhost_server="nginx"</code>
# install moodle package again ( but this one is a newer 3.3.1 version  )
## <code bash>emerge -a www-apps/moodle</code>
## <code bash>webapp-config -I moodle 3.3.1</code>
## after installation I get message 'POST-INSTALL INSTRUCTIONS' in which is a guid how to proceed with Moodle site installation, eg. about mysql and postgresql databases, commands to run, etc.
# set up config.php file:
 
My '''config.php''' file is:
<code php>
<?php
unset($CFG);  // Ignore this line
global $CFG;  // This is necessary here for PHPUnit execution
$CFG = new stdClass();
 
$CFG->dbtype    = 'pgsql';      // 'pgsql', 'mariadb', 'mysqli', 'mssql', 'sqlsrv' or 'oci'
$CFG->dblibrary = 'native';    // 'native' only at the moment
$CFG->dbhost    = 'localhost';  // eg 'localhost' or 'db.isp.com' or IP
$CFG->dbname    = 'moodle';    // database name, eg moodle
$CFG->dbuser    = 'postgres';  // your database username
$CFG->dbpass    = 'secret_password';  // your database password
$CFG->prefix    = 'mdl_';      // prefix to use for all table names
$CFG->dboptions = array(
    'dbpersist' => false,      // should persistent database connections be
                                //  used? set to 'false' for the most stable
                                //  setting, 'true' can improve performance
                                //  sometimes
    'dbsocket'  => '/var/run/postgresql/',      // should connection via UNIX socket be used?
                                //  if you set it to 'true' or custom path
                                //  here set dbhost to 'localhost',
                                //  (please note mysql is always using socket
                                //  if dbhost is 'localhost' - if you need
                                //  local port connection use '127.0.0.1')
    'dbport'    => '',          // the TCP port number to use when connecting
                                //  to the server. keep empty string for the
                                //  default port
);
 
$CFG->wwwroot  = 'https://www.cspl.hu/moodle';
$CFG->dataroot  = '/var/www/localhost/moodle';
$CFG->directorypermissions = 02777;
 
$CFG->admin = 'admin';
 
$CFG->slasharguments = true;
 
$CFG->xsendfile = 'X-Accel-Redirect';
$CFG->xsendfilealiases = array(
'/dataroot/' => $CFG->dataroot,
'/moodlelib/' => '/var/www/localhost/htdocs/moodle/lib',
'/moodlepix/' => '/var/www/localhost/htdocs/moodle/pix',
'/moodletheme/' => '/var/www/localhost/htdocs/moodle/theme'
);
 
require_once(dirname(__FILE__) . '/lib/setup.php'); // Do not edit
?>
</code>
 
Finally, I would like to thank those people who helped me: [[User:Matteo_Scaramuccia|Matteo Scaramuccia]], [[User:Ken Task|Ken Task]], and many others too.


--[[User:Pál Csányi|Pál Csányi]] ([[User talk:Pál Csányi|talk]]) 04:01, 22 July 2017 (AWST)
--[[User:Pál Csányi|Pál Csányi]] ([[User talk:Pál Csányi|talk]]) 04:01, 22 July 2017 (AWST)

Latest revision as of 11:53, 23 July 2017

Hi,

I want to share my experiences when I installed Moodle on a Raspberry Pi Model 2 hardware, on which is running Gentoo Linux operating system and the Nginx web server. It can reach here: [1]

First I installed Gentoo Linux on my Raspberry Pi Model 2 hardware by following this guide: [2]

Then I installed and did setup Nginx web server by following these guids: [3] [4]

My nginx.config file is: user nginx nginx; worker_processes 1;

error_log /var/log/nginx/error_log info;

events {

       worker_connections 1024;
       use epoll;

}

http {

       include /etc/nginx/mime.types;
       default_type application/octet-stream;
       log_format main
       '$remote_addr - $remote_user [$time_local] '
       '"$request" $status $bytes_sent '
       '"$http_referer" "$http_user_agent" '
       '"$gzip_ratio"';
       client_max_body_size 15m;
       client_header_timeout 10m;
       client_body_timeout 10m;
       send_timeout 10m;
       connection_pool_size 256;
       client_header_buffer_size 1k;
       large_client_header_buffers 4 2k;
       request_pool_size 4k;
       gzip off;
       output_buffers 1 32k;
       postpone_output 1460;
       sendfile on;
       tcp_nopush on;
       tcp_nodelay on;
       keepalive_timeout 75 20;
       ignore_invalid_headers on;
       index index.html index.php;
       add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
       server {
               listen 443 ssl http2;
               listen [::]:443 ssl http2;
               server_name www.cspl.hu;
               root /var/www/localhost/htdocs;
               location = /KisTechTavOktKulcsosPicike.ico {
               log_not_found off;
               access_log off;
               }
               ssl_certificate /etc/ssl/certs/chained.pem;
               ssl_certificate_key /etc/ssl/private/domain.key;
               ssl_session_timeout 5m;
               ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
               ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-S

HA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA- AES256-SHA:DHE-RSA-AES128-SHA:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES: RSA+3DES:!MD5;

               ssl_session_cache shared:SSL:50m;
               ssl_dhparam /etc/ssl/certs/dhparam.pem;
               ssl_prefer_server_ciphers on;
               access_log /var/log/nginx/localhost.access_log main;
               error_log /var/log/nginx/localhost.error_log info;
               access_log /var/log/nginx/localhost.ssl_access_log main;
               error_log /var/log/nginx/localhost.ssl_error_log info;
               location ~ [^/]\.php(/|$) {
               fastcgi_split_path_info ^(.+?\.php)(/.*)$;
               if (!-f $document_root$fastcgi_script_name) {
               return 404;
               }
               
               fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
               fastcgi_index index.php;
               include fastcgi_params;
               include fastcgi.conf;
               }


               location /dataroot/ {
               internal;
               alias /var/www/localhost/moodle/; # ensure the path ends with /
               }
               
               location /moodlelib/ {
               internal;
               alias /var/www/localhost/htdocs/moodle/lib/; # ensure the path ends with /
               }
               
               location /moodlepix/ {
               internal;
               alias /var/www/localhost/htdocs/moodle/pix/; # ensure the path ends with /
               }
               location /moodletheme/ {
               internal;
               alias /var/www/localhost/htdocs/moodle/theme/; # ensure the path ends with /
               }
       }
               server {
                       listen          80;
                       listen          [::]:80;
                       server_name     www.cspl.hu;
                       return          301 https://$server_name$request_uri;
               }

}

My fastcgi.config file is: fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty;

fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name;

  1. PHP only, required if PHP was built with --enable-force-cgi-redirect

fastcgi_param REDIRECT_STATUS 200;

My fastcgi_params file is: fastcgi_param PATH_INFO $fastcgi_path_info;

fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty;

fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name;

  1. PHP only, required if PHP was built with --enable-force-cgi-redirect

fastcgi_param REDIRECT_STATUS 200;

I obtain a certificate from here: [5]

Finally I did followings, in that order:

  1. remove previous moodle installation with help of webapp-config:
    1. webapp-config -C moodle 3.2.3
    2. ( I had installed 3.2.3 version of moodle prior to move my Moodle site from HTTP to HTTPS )
  2. remove the Gentoo moodle package with emerge
    1. emerge --depclean www-apps/moodle
  3. uninstall, then install again webapp-config package because of ghost installs ( look here for this: [6]
    1. emerge --unmerge app-admin/webapp-config
    2. rm -rf /var/db/webapps/
    3. emerge -a app-admin/webapp-config
    4. dispatch-conf
      1. here I choose 'u' but then must to edit /etc/vhosts/webapp-config
      2. vhost_server="nginx"
  4. install moodle package again ( but this one is a newer 3.3.1 version )
    1. emerge -a www-apps/moodle
    2. webapp-config -I moodle 3.3.1
    3. after installation I get message 'POST-INSTALL INSTRUCTIONS' in which is a guid how to proceed with Moodle site installation, eg. about mysql and postgresql databases, commands to run, etc.
  5. set up config.php file:

My config.php file is: <?php unset($CFG); // Ignore this line global $CFG; // This is necessary here for PHPUnit execution $CFG = new stdClass();

$CFG->dbtype = 'pgsql'; // 'pgsql', 'mariadb', 'mysqli', 'mssql', 'sqlsrv' or 'oci' $CFG->dblibrary = 'native'; // 'native' only at the moment $CFG->dbhost = 'localhost'; // eg 'localhost' or 'db.isp.com' or IP $CFG->dbname = 'moodle'; // database name, eg moodle $CFG->dbuser = 'postgres'; // your database username $CFG->dbpass = 'secret_password'; // your database password $CFG->prefix = 'mdl_'; // prefix to use for all table names $CFG->dboptions = array(

   'dbpersist' => false,       // should persistent database connections be
                               //  used? set to 'false' for the most stable
                               //  setting, 'true' can improve performance
                               //  sometimes
   'dbsocket'  => '/var/run/postgresql/',       // should connection via UNIX socket be used?
                               //  if you set it to 'true' or custom path
                               //  here set dbhost to 'localhost',
                               //  (please note mysql is always using socket
                               //  if dbhost is 'localhost' - if you need
                               //  local port connection use '127.0.0.1')
   'dbport'    => ,          // the TCP port number to use when connecting
                               //  to the server. keep empty string for the
                               //  default port

);

$CFG->wwwroot = 'https://www.cspl.hu/moodle'; $CFG->dataroot = '/var/www/localhost/moodle'; $CFG->directorypermissions = 02777;

$CFG->admin = 'admin';

$CFG->slasharguments = true;

$CFG->xsendfile = 'X-Accel-Redirect'; $CFG->xsendfilealiases = array( '/dataroot/' => $CFG->dataroot, '/moodlelib/' => '/var/www/localhost/htdocs/moodle/lib', '/moodlepix/' => '/var/www/localhost/htdocs/moodle/pix', '/moodletheme/' => '/var/www/localhost/htdocs/moodle/theme' );

require_once(dirname(__FILE__) . '/lib/setup.php'); // Do not edit ?>

Finally, I would like to thank those people who helped me: Matteo Scaramuccia, Ken Task, and many others too.

--Pál Csányi (talk) 04:01, 22 July 2017 (AWST)